How to enable Dell TPM with task sequence SCCM 2012

I have followed just about every how to I can find to enable and activate the Dell TPM using CCTK. The problem is that it fails every time, whether installing the WinPE HAPI drivers or setting the BIOS password. From everything that I have seen, my run commands are correct. This leads me to believe that my package has files missing/I am not pointing to the right file in the package?

I created two subfolders within my CCTK package, the x86 and x86_64. However, nothing I have read tells me where to place/what to do with the CCTK configuration file I exported.

Any help would be fantastic!

June 18th, 2012 8:16pm

Most often I am getting 0x80070002.

I have seen that one, it matches most of the others that I have looked into as well. Which is why I say it leads me to believe that something is missing/misplaced/wrong in my package. Since I am applying a 64bit image, I use my TS that points to the x86_64 folder; yet I still get an error.

I am also unaware of the placement of the task sequence. I have it placed at the beginning, right after the disk partition. Should it be placed farther back?

Currently I am trying out SCE (self contained executable) at the end of the TS after windows is installed.

June 18th, 2012 8:41pm

Most often I am getting 0x80070002.

I have seen that one, it matches most of the others that I have looked into as well. Which is why I say it leads me to believe that something is missing/misplaced/wrong in my package. Since I am applying a 64bit image, I use my TS that points to the x86_64 folder; yet I still get an error.

I am also unaware of the placement of the task sequence. I have it placed at the beginning, right after the disk partition. Should it be placed farther back?

Currently I am trying out SCE (self contained executable) at the end of the TS after windows is installed.

Unless you want to extend WinPE with the HAPI drivers, you should be using the x86_64 CCTK files and you MUST run the CCTK steps AFTER the "Setup Windows and ConfigMgr" step.
June 21st, 2012 10:10am

I think that my biggest issue is that I had a stupid moment *not realizing that it looks in the system32 folder before continuing, mainly* and was putting it immediately after the partition step. I have yet to have a chance to try it again after setting up windows. We shall see how it goes. Thank you all for your replies!
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2012 9:43pm

I still have no luck. I get no errors, and even in the logs, there is nothing... Yet it still will not even set the BIOS password.

I tried, as an alternative, running SCE during OSD, and still nothing... not even a BIOS password. My test machine is an Optiplex 745.

Within Windows, however, I can run the SCE and set the BIOS password, and turn on the TPM... No luck with activating it, although, I think BitLocker will do that for me.

Any other thoughts, guys?

  • Proposed as answer by skeiffer_ Wednesday, June 27, 2012 9:25 PM
June 26th, 2012 9:57pm

I've successfully used SCCM to deploy Bitlocker to Dells as part of a Task Sequence. 

Our package for setting BIOS password points to cmd file in a directory that also has CCTK in it:

cctk --setuppwd=xxxxxxxx

Our Task Sequence has a step calling this package.

Should work as long as there isn't already a different BIOS password set.

Is this what you are doing?

(Note: Be sure to remove Dell's TPM drivers from SCCM, the will not work on many machines.  You must use the Microsoft TPM/Broadcom (A2) 1.2 driver that Windows will install.  Dell's TPM drivers of any other versions will not work.)

  • Proposed as answer by Brian Gonzalez Tuesday, January 08, 2013 8:26 PM
Free Windows Admin Tool Kit Click here and download it now
January 8th, 2013 7:47pm

I've successfully used SCCM to deploy Bitlocker to Dells as part of a Task Sequence. 

Our package for setting BIOS password points to cmd file in a directory that also has CCTK in it:

cctk --setuppwd=xxxxxxxx

Our Task Sequence has a step calling this package.

Should work as long as there isn't already a different BIOS password set.

Is this what you are doing?

(Note: Be sure to remove Dell's TPM drivers from SCCM, the will not work on many machines.  You must use the Microsoft TPM/Broadcom (A2) 1.2 driver that Windows will install.  Dell's TPM drivers of any other versions will not work.)

I believe ctircuit is on the right track.  It's probably the Dell .CAB that was imported included a TPM Driver.  Even in Panasonic Toughbook Laptop's, the Infineon (3rd party) TPM driver must be removed, so the Microsoft driver is installed.  Then the MS WMI scripts work like a charm (http://archive.msdn.microsoft.com/bdedeploy/Release/ProjectReleases.aspx?ReleaseId=3205).

January 8th, 2013 8:25pm

cctk.exe seems to have a bug with tpm activation parameter. I can enable the TPM from commandline, but I cannot activate it. There is a few forums on Dell discussing the same issue, that you cant always activate TPM, but yes you can enable it.
Free Windows Admin Tool Kit Click here and download it now
February 1st, 2013 10:14pm

cctk.exe seems to have a bug with tpm activation parameter. I can enable the TPM from commandline, but I cannot activate it. There is a few forums on Dell discussing the same issue, that you cant always activate TPM, but yes you can enable it.
I'm having the same issue. I've built a separate TS to set a BIOS password, enable the TPM, and then activate it. The very first test was successful, however, ever since, the activate step succeeds, only it does not activate. I've put in reboot steps between enable and activate, and between set password and enable TPM, yet none of the above proves any success.
January 2nd, 2014 6:58pm

What if you enable the TPM first then restart the computer.  then activate it ?
Free Windows Admin Tool Kit Click here and download it now
January 10th, 2014 4:41am

Here is my solution - it may help...

http://www.zemdegs.com.au/bitlocker-mdt-dell-and-tpm

Cheers

David Z

January 16th, 2014 3:50am

I've created a similar solution, but then with powershell :)

see my blog for more information about this powershell solution.

Grts,

Maurice


  • Edited by MGaikema Friday, March 14, 2014 10:16 AM corrected link
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2014 10:15am

Most often I am getting 0x80070002.

I have seen that one, it matches most of the others that I have looked into as well. Which is why I say it leads me to believe that something is missing/misplaced/wrong in my package. Since I am applying a 64bit image, I use my TS that points to the x86_64 folder; yet I still get an error.

I am also unaware of the placement of the task sequence. I have it placed at the beginning, right after the disk partition. Should it be placed farther back?

Currently I am trying out SCE (self contained executable) at the end of the TS after windows is installed.

Why not use SCE? Dell provides a utility for compiling a Self Contained Executable for BIOS manipulation.  Testing has shown SCEs to perform reliably when executed manually at the command line.  However, when attempting to run from within a task sequence, the SCEs fail with an Access Denied error.  Testing shows that successful automation of Dell BIOS modifications using task sequences is more reliable using CCTK.exe than an SCE.
source: http://goo.gl/bxJzFf
  • Edited by Heyvoon Friday, October 03, 2014 9:54 AM
October 3rd, 2014 9:53am

Have you found a solution for this... I am having same issue where I can Set BIOS Password, Enable TPM but can not get it to activate.
Free Windows Admin Tool Kit Click here and download it now
April 20th, 2015 1:52pm

Same problem here, getting the error code "0x00000106", but I can't find what it refers to.... The TPM gets enabled, but not activated...
April 24th, 2015 1:41pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics