none
WMI filter/security filter for non-TPM computers RRS feed

  • Вопрос

  • Hi

    I'm sitting with a dilemma.  We have about 1500 computers on the network and about 500 of them have no TPM's (models e.g HP 4540s, HP 450 G0, HP 450 G1 to name a few.)  I have a WMI filter on the TPM GPO that works 100%.  The non-TPM computers shows access denied to this GPO when you do a "gpresult /r".  

    Non-TPm computers uses: Recovery Key backed up to AD(Numerical Password) and Password(e.g "P@ssw0rd").

    TPM computers uses: Recovery Key backed up to AD(Numerical Password) and TPM.

    The TPM computers however starts with the wrong GPO.  90% of the time, the TPM computers starts encrypting with the non-TPM GPO.  I have been looking at WMI filters and still failing.

    One example is: "SELECT * FROM Win32_SystemDriver where NOT Caption LIKE 'Trusted Platform%' ".

    I need a WMI filter or powershell script to test for TPM presence(e.g "(Get-Tpm).TpmPresent") and then NOT apply to the TPM group if the TPM is not present.

    Thanks in advance.

    Regards,

    Shorty

    15 июля 2019 г. 14:21

Ответы

Все ответы