Hello everyone,
I have been trying to figure our how to get the value of WMI returned as a property. On a typical Windows 7 box you have Root\cimv2\Security\MicrosoftTpm with a class of Win32_Tpm. I am trying to gather the value of WMI property IsActivated_InitalValue. As I have experimented I’ve gotten everything from being told it’s an non-existent object to Windows Error 80041010: Invalid class. Can someone guide me down the path to setting a IEM Property for this WMI property?
Thanks,
Matt
Look at these examples:
http://bigfix.me/analysis/details/2994563
http://bigfix.me/analysis/details/2994776
Thanks jgstew, but now I get the windows error, can you comment? (This may be a Windows issue and not BigFix)
Q: unique values of (string values of selects “IsEnabled_InitialValue from Win32_Tpm” of wmi)
E: The expression could not be evaluated: Windows Error 80041010: Invalid class
Is it really “of wmi”? I think it should be of wmi “root/cim2” or something similar.
It is WMI as we use quite a similar property to get the Bitlocker status (pretty standard):
if (exists wmi “root\CIMv2\Security\MicrosoftVolumeEncryption”) then ((if (exists (select objects “ProtectionStatus, DriveLetter from Win32_EncryptableVolume” of wmi “root\CIMv2\Security\MicrosoftVolumeEncryption”) whose ((integer value of property “ProtectionStatus” of it = 1 AND string value of property “DriveLetter” of it = “C:”) )) then “BitLocker Encrypted” ELSE “BitLocker Problematic”) as string) else “Unknown”
That example you provided is exactly what I mean.
That example uses of wmi “root\CIMv2\Security\MicrosoftVolumeEncryption”
but above, you used of wmi
You might be missing the proper namespace.
I think you’re recommendation got me on the right path. Now I tried:
unique values of (string values of selects “IsEnabled_InitialValue from Win32_Tpm” of wmi"root\CIMv2\Security\MicrosoftTpm")
but it just comes back with an Evaluation time, does this mean the value is null?
It might.
Try this:
selects "* from Win32_Tpm" of wmis "root\CIMv2\Security\MicrosoftTpm"It only returns the evaluation time T: 8.370 ms
That suggests that either that is the wrong namespace, or there is truly nothing available in that class.
I don’t remember what the tool was called that I used most recently, but there are GUI tools you can use to explore WMI to see what the values should be and give you the rough select statement that could be used in relevance, with some tweaking, to get those values.
What about:
exists wmis "root\CIMv2\Security\MicrosoftTpm"That works:
Q:exists wmis "root\CIMv2\Security\MicrosoftTpm"
A: True
T: 0.000 ms
So how do I convert this in querying the value, not just presence?
That only says that the wmi namespace exists not the specific item
I think jgstew may have been referring to WBEMTEST (or possibly Scriptomatic?). Even not, they should be helpful to dig around in WMI classes.
WBEMTEST
Scriptomatic 2.0
The fact that the namespace exists, but the item does not appear to exist, suggests to me that either it is not available on the computer you are writing this on, or you have the wrong namespace, or perhaps another issue.
I would try:
select objects "* from Win32_Tpm" of wmis "root\CIMv2\Security\MicrosoftTpm"
or try some tools to explore WMI using a GUI to look for the correct info.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa376484(v=vs.85).aspx
I just remembered something that could be related. You sometimes have to be the SYSTEM account to query certain things in WMI… this seems to be even more so the case with Windows 10 in particular.
I typically use WMIExplorer and run it as the SYSTEM account using PSExec to browse what is available in the GUI, then use that as a hint to write the relevance to query that location in WMI.
ALSO, the manufacturer often has tools that will put extra info into WMI that is more specific than the generic windows ones do. I use Dell Command Monitor for this purpose for Dell systems.
There are more up to date items for the Dell Command Tools in @strawgate 's C3 content, as well as items related to TPM specifically.