SCCM Troubleshooting

Easy Way to Check TPM Status from Command Line

If you have a question – Can i check TPM status from command line during OSD ?. The answer is yes. You can find a lot about TPM status by running a simple command. We will jump on to that but let’s see a bit about TPM.

It is quite sometime ago, I had shared a post on enabling Bitlocker on Windows 10 without TPM. BitLocker is an encryption feature available in Windows 10 Professional and Enterprise editions. However it requires a Trusted Platform Module (TPM) on the system. Furthermore BitLocker provides the best security when used with TPM.

Trusted Platform Module

As per Microsoft “A Trusted Platform Module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM comes installed on motherboard of a computer, and it communicates to the system by using a hardware bus”. You can read more about TPM fundamentals here.

Check TPM Status from the Command Line

Coming to the actual topic, some organizations require TPM to be enabled and activated before you image the machine. The TS halts if TPM isn’t enabled (that’s the way the TS is configured). The task sequence checks the TPM status and halts if it is not activated. For example I had covered an issue about Bitlocker Error Configuration change was requested to disable TPM.

To Check TPM Status from Command Line

  • Press F8 key while you are in WinPE phase.
  • Enter the below command to get the TPM status.
wmic /namespace:\\root\CIMV2\Security\MicrosoftTpm path Win32_Tpm get /value

To find out if TPM on a computer is Enabled, Activated and Owned, enter the below commands.

wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsEnabled_InitialValue
wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsActivated_InitialValue
wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsOwned

Here is what you see as output when you enter the above command.

Check TPM Status from Command LineFrom the above screenshot we see several options in the output. We see Manufacturer ID, version. In addition to that, we see the TPM version and SpecVersion. The TPM version is either 1.2 or 2.0. Most of all, the first three lines of output mean a lot.

Prajwal Desai

Hi, I am Prajwal Desai. For last few years I have been working on multiple technologies such as SCCM / Configuration Manager, Intune, Azure, Security etc. I created this site so that I can share valuable information with everyone.

Related Articles


  1. Too much typing for a rookie, just use the following and it will tell you what you need to know.

    manage-bde -status

  2. Is_Owned does not exist, it’s wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsOwned_InitialValue…….

  3. Hi Prajwal,

    We have enabled TPM (Win32_TPM) and TPM Status (SMS_TPM) under hardware inventory. Some models are not reporting (shows NULL) in the report even after running hardware inventory cycle multiple times. Some are reporting with correct version.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button