RE: [MDT-OSD] Lenovo TPM Chip Activation

[Klish, Brian]

I’ve done it in WinPE with PowerShell scripts.  You just have to include 
PowerShell as a feature in your WinPE image.  Put this in a script file and 
save as “EnableTPM.ps1” (Replacing MyBIOSPassword with your actual bios 
password).  Save it to the scripts directory in your deployment share.

(gwmi -class Lenovo_SetBiosSetting -namespace 
root\wmi).SetBiosSetting("SecurityChip,Active,MyBIOSPassword,ascii,us;")
(gwmi -class Lenovo_SaveBiosSettings -namespace 
root\wmi).SaveBiosSettings("MyBIOSPassword,ascii,us;")


Then put this as a “Run Command Line” step in your task sequence:

powershell.exe -NoProfile -executionpolicy bypass -Command "copy-item 
'%DEPLOYROOT%\scripts\EnableTPM.ps1' -destination c:\; c:\EnableTPM.ps1; 
remove-item c:\*.ps1 -Force"



Brian Klish
Systems Administrator
Morrisville Auxiliary Corporation
Morrisville State College

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Daniel Ratliff
Sent: Thursday, February 12, 2015 1:17 PM
To: mdtosd@lists.myitforum.com
Subject: RE: [MDT-OSD] Lenovo TPM Chip Activation

We could never get the Lenovo BIOS scripts to work in WinPE either. We have to 
do everything in the full OS, this includes OS upgrades.

Daniel Ratliff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Roger Truss
Sent: Thursday, February 12, 2015 1:10 PM
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: Re: [MDT-OSD] Lenovo TPM Chip Activation

we use the scripts but not in WINpe, we apply them after the first restart in 
to the full OS.

Thank You,



Roger Truss
ro...@trusstribe.com<mailto:ro...@trusstribe.com>
h (920) 456-8302
c (920) 203-0625

On Tue, Feb 10, 2015 at 12:00 PM, Bain.John 
<john.b...@cic.gc.ca<mailto:john.b...@cic.gc.ca>> wrote:
WMI queries can be a little fickle, but I don’t see why this wouldn’t work in 
WinPE

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Steve Whitcher
Sent: February 10, 2015 12:25 PM
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: Re: [MDT-OSD] Lenovo TPM Chip Activation

And there's Josh with a link to exactly the tools I was referring to...

On Tue, Feb 10, 2015 at 11:19 AM, Denzik, Josh 
<den...@musc.edu<mailto:den...@musc.edu>> wrote:
http://support.lenovo.com/us/en/documents/ht100612



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Bain.John
Sent: Tuesday, February 10, 2015 11:55 AM

To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: RE: [MDT-OSD] Lenovo TPM Chip Activation

CAUTION: External
Have a link to the script ? If not maybe dump it in a gist 
https://gist.github.com/

Off topic, but I’ve never had to load the HAPI drivers before running the CCTK 
commands … they have always just worked … even on a new deployment

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Denzik, Josh
Sent: February 10, 2015 11:47 AM
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: RE: [MDT-OSD] Lenovo TPM Chip Activation

I haven’t tried it yet, I was comparing what I had to do for the Dells, i.e. 
load the HAPI driver in WinPE to use the CCTK commands. Can you use the same 
SetConfig.vbs for Lenovo in WinPe as well?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Bain.John
Sent: Tuesday, February 10, 2015 11:34 AM
To: 'mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>'
Subject: RE: [MDT-OSD] Lenovo TPM Chip Activation

CAUTION: External
Are you having issues running vbscripts in WinPE ? What is your hurdle ?

John


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Denzik, Josh
Sent: February 10, 2015 11:24 AM
To: mdtosd@lists.myitforum.com<mailto:mdtosd@lists.myitforum.com>
Subject: [MDT-OSD] Lenovo TPM Chip Activation

All,

I’ve been looking around the net and found the vbs scripts Lenovo gives to turn 
on the tpm, having a hard time finding a guide to turn it on during the WinPe 
phase so I can pre-provision the machine for bitocker. Is there a way to do 
this with Lenovos?

Any help or guidance on this is greatly appreciated,


-Josh



The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.