I’m at the moment preparing a massive rollout of Microsoft Windows 7 for 10.000 machines.
One of the goals it’s to activate Bitlocker on all desktops and laptops.
While on testing phase, we’ve noticed that most of the time the installation teams forgotten to make the proper TPM changes on BIOS.
So, we’ve decided to create a VBScript to verify if the changes we’re made.
While TPM isn’t initialized and activated the installation doesn’t continue.
So, here’s the script:
(note: this script also verifies if the scripts is running on a virtual machine. If so, it doesn’t continue)
'-------------------------------------------------------------------------'
' Variables And Objects Initialization '
'-------------------------------------------------------------------------'
Err.Clear
Set wshShell = WScript.CreateObject("WScript.Shell")
Set Network = CreateObject("WScript.Network")
Set FSO = CreateObject("Scripting.FileSystemObject")
Set objWMIService = GetObject("WinMgmts:{impersonationLevel=impersonate,AuthenticationLevel=pktprivacy}//" & "." & "\root\CIMV2\Security\MicrosoftTpm")
Set objItems = objWMIService.InstancesOf("Win32_Tpm")
strScriptName = WScript.ScriptName
strScriptRunTime = FormatDateTime (Now,0)
strComputerName = Network.ComputerName
LoggedUser = Network.Username
strSystemManufacturer = wshShell.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation\SystemManufacturer")
aspas = Chr(34)
'-------------------------------------------------------------------------'
' MAIN '
'-------------------------------------------------------------------------'
'Verify if Virtual Machine
If strSystemManufacturer = "VMware, Inc." or strSystemManufacturer = "Microsoft Corporation" Then
WriteLog (strScriptName & " - Virtual Machine detected - TPM verification not needed.")
WScript.Quit
End If
'Verify TPM Status
For Each objItem in objItems
strTPMOn = True
strTPMEnabled = objItem.IsEnabled(A)
strTPMActivated = objItem.IsActivated(B)
strTPMOwned = objItem.IsOwned(C)
If (strTPMOn = True) Then
WriteLog (strScriptName & " - TPM Powered On.")
Else
WriteLog (strScriptName & " - TPM not correctly configured - TPM not Powered On.")
End If
If A Then
WriteLog (strScriptName & " - TPM Enabled.")
Else
WriteLog (strScriptName & " - TPM not correctly configured - TPM not Enabled.")
End If
If B Then
WriteLog (strScriptName & " - TPM Activated.")
Else
WriteLog (strScriptName & " - TPM not correctly configured - TPM not Activated.")
End If
Next
'-------------------------------------------------------------------------'
' ERROR CONTROL '
'-------------------------------------------------------------------------'
If Err.Number = "0" Then
WriteLog (strScriptName)
Else
WriteLog(strScriptName & " - ERRO" )
WriteError(strScriptName & " - Error Number=" & err.Number & " | Error Desc.=" & err.Description)
End If
'-------------------------------------------------------------------------' '
' FUNCTIONS '
'-------------------------------------------------------------------------'
'************************************'
' WRITELOG '
'************************************'
Function WriteLog(Msg)
Dim objTextLog
if FSO.FileExists("C:\SetupLogs\Settings.log") Then
Set objTextLog = FSO.OpenTextFile("C:\SetupLogs\Settings.log", 8)
Else
Set objTextLog = FSO.CreateTextFile("C:\SetupLogs\Settings.log")
End If
objTextLog.WriteLine "[" & FormatDateTime(Now, 0) & "] " & Msg
objTextLog.Close
End Function
'************************************'
' WRITEERROR '
'************************************'
Function WriteError(Msg)
Dim objTextLog
If FSO.FileExists("C:\SetupLogs\SetupErrors.log") Then
Set objTextLog = FSO.OpenTextFile("C:\SetupLogs\SetupErrors.log", 8)
Else
Set objTextLog = FSO.CreateTextFile("C:\SetupLogs\SetupErrors.log")
End If
objTextLog.WriteLine "[" & FormatDateTime(Now, 0) & "] " & Msg
objTextLog.Close
End Function
No comments:
Post a Comment