HI, I found this procedure to enable the security chip  ( http://thinkdeploy.blogspot.ca/2017/03/preparing-tpm-for-bitlocker-pre.html) but I can't make it works, the powershell doesn't enable the TPM chip in my lab.  I know I can use other method like think bios tools or Lenovo BIOS wmi Script but, because Lenovo is not consistant with the name of the setting in the BIOS, I would have to create four task and create a wmi query that match each model number for those task.  I would really like to make this works since it only 1 task to enable the chip.

Yes I did, I will test it manually tomorrow in winpe using F8 to open a command prompt and post the result I have. 

Ok, I finally got more time to test this; I followed this procedure to test enabling the TPM chip https://blogs.technet.microsoft.com/heyscriptingguy/2015/05/25/powershell-and-bitlocker-part-1/

First I verify the status of the chip with (Get-WmiObject -Namespace "root\wmi" -Class Lenovo_BiosSetting).CurrentSetting  and the value is SecureChip,Disable. 

Next I ran this command and ran get-member on the $tpm variable

$tpm = get-cimclass -namespace ROOT\CIMV2\Security\MicrosoftTPM -Class Win32_TPM

$tpm | gm

If I look at the procedure from the link, some information are missing at this point, now I ran this command and get the information from the variable and I get and error.

$tpm1 = get-wmiobject -namespace ROOT\CIMV2\Security\MicrosoftTPM -Class Win32_TPM

$tpm1 | gm

gm : Vous devez spécifier un objet pour l’applet de commande Get-Member.
Au caractère Ligne:1 : 9
+ $tpm1 | gm
+         ~~
    + CategoryInfo          : CloseError : (:) [Get-Member], InvalidOperationException
    + FullyQualifiedErrorId : NoObjectInGetMember,Microsoft.PowerShell.Commands.GetMemberCommand

now, I can get the information with powershell if the security chip is enable, but I tought the goal of this procedure was to enable the TPM chip in the bios. 

Fred_B,

Can you try try the following to enable the TPM in the BIOS and then follow the blog post. 

First, run

(gwmi –NameSpace root\wmi –Class Lenovo_SetBIOSSetting).SetBIOSSetting(“SecurityChip,Enable”)

Then run

(gwmi –NameSpace root\wmi –Class Lenovo_SaveBIOSSettings).SaveBIOSSettings()

Then reboot the box. 

TLawson

@tlawson:

I'm aware that we can use that method and confirm that it works, the only problem I see using this method is that the value is not always the same in the BIOS for the security chip, sometime it is "securitychip,enable" or it could be "securitychip active"  or there is a space for "security chip".  I can probably try build a powershell script that will manage all four options but I'm not that good with powershell. I could match the value per model with 4 task sequence but it's heavy to manage. I would have to get the value for each model we have and than update that each time we get a new model. It's probably what i'm gonna end up doing, it's just that I liked the other method since it's only 1 task to enable the TPM chip on all our computers.

@pjogensen:

I ran the command manually and I get an error, probably a " or ( that need to be add or remove somewhere, like I said, my powershell skill are very basic.

C:\WINDOWS\system32>powershell.exe -executionpolicy bypass -command "(Get-WmiObject -Namespace "root\CIMV2\Security\MicrosoftTpm" -Class Win32_TPM).SetPhysicalPresenceRequest(10)"
You cannot call a method on a null-valued expression.
At line:1 char:1
+ (Get-WmiObject -Namespace root\CIMV2\Security\MicrosoftTpm -Class Win ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

you're receiving that message because the TPM is disabled in BIOS.  which systems are you working with?  is TPM 2.0 the only option in BIOS?  if so, the chip should already come enabled from the factory, unless you manually disabled at one point.