Easy Way to Check TPM Status from Command Line

If you have a question – Can I check TPM status from command line during OSD ?. The answer is yes. You can find a lot about TPM status by running a simple command. We will jump onto that but let’s see a bit about TPM.

It is quite some time ago, I had shared a post on enabling BitLocker on Windows 10 without TPM. BitLocker is an encryption feature available in Windows 10 Professional and Enterprise editions. However, it requires a Trusted Platform Module (TPM) on the system. Furthermore, BitLocker provides the best security when used with TPM.

What is Trusted Platform Module

As per Microsoft “A Trusted Platform Module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM comes installed on motherboard of a computer, and it communicates to the system by using a hardware bus”. You can read more about TPM fundamentals here.

Check TPM Status from the Command Line

Coming to the actual topic, some organizations require TPM to be enabled and activated before you image the machine. The TS halts if TPM isn’t enabled (that’s the way the TS is configured). The task sequence checks the TPM status and halts if it is not activated. For example, I had covered an issue about BitLocker Error Configuration change was requested to disable TPM.

To Check TPM Status from Command Line

  • Press F8 key while you are in WinPE phase.
  • Enter the below command to get the TPM status.
wmic /namespace:\\root\CIMV2\Security\MicrosoftTpm path Win32_Tpm get /value

To find out if TPM on a computer is Enabled, Activated and Owned, enter the below commands.

wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsEnabled_InitialValue
wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsActivated_InitialValue
wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsOwned

Here is what you see as output when you enter the above command.

Check TPM Status from Command Line
Check TPM Status from Command Line

From the above screenshot we see several options in the output. We see Manufacturer ID, version. In addition to that, we see the TPM version and SpecVersion. The TPM version is either 1.2 or 2.0. Most of all, the first three lines of output mean a lot.

6 Comments

  1. Powershell: Get-Tpm

  2. Too much typing for a rookie, just use the following and it will tell you what you need to know.

    manage-bde -status

    1. Well no. manage-bde will tell you the status of BitLocker, not TPM.

  3. Is_Owned does not exist, it’s wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsOwned_InitialValue…….

  4. Hi Prajwal,

    We have enabled TPM (Win32_TPM) and TPM Status (SMS_TPM) under hardware inventory. Some models are not reporting (shows NULL) in the report even after running hardware inventory cycle multiple times. Some are reporting with correct version.

  5. Avatar photo Daniel Alves says:

    how would you add this as a detection method in SCCM after you have already enabled TPM?

Comments are closed.