Rocket Man Posted June 29, 2016 Report post Posted June 29, 2016 Hi guys (under pressure!! ) Has anyone got a working Task that will revert the TPM version back to 1.2 from 2.0 using the Dell TPM Update Utility? Can this be even achieved in WinPE? I have got the TS working using the Windows TPM 2.0 windows update Hotfix but bitlocker will not configure the PIN when using this option and every-time the device reboots it looks for the Recovery key (Pain in the ***), this is when I add an SMSTSPostAction to enable Bitlocker after the system is logged into, as if this is not added Bitlocker is not enabled after OSD. If I remove the SMSTSPostAction step to enable bitlocker and enable it manually after the system is logged into it will apply the PIN code and does not look for recovery key at boot just the PIN which is correct but not ideal to have to this, so hoping there is an automated solution. Just to add ***I have reverted the TPM back to 1.2 manually on a number of E5740 and E7270s using the update utility before deployment and all works great so if this downgrade to TPM 1.2 could be automated would be excellent as this is proably the best solution to bitlockering Windows 7 systems as the TPM 2.0 hotfix is buggy from what I have tested!! Thanks in advance Quote Share this post Link to post Share on other sites More sharing options...
Rocket Man Posted June 29, 2016 Report post Posted June 29, 2016 Pressure is off for a couple of days After doing some research I think this may be possible. The Dell revert to 1.2 Utility can be run silently with the /S switch apparently. Have to create a package using batch file with no program. Add run command line task in winPE portion of sequence and command syntax will be name of batch file and select the package. (will have to test before pre-provision bitlocker and drivers get installed if not try after drivers get installed and before agent) Add a WMI query on the task to query the version of the TPM so it will only run if the version is less than 2.0, hopefully this query will work select * from Win32_Tpm where SpecVersion < %"2.0"% Or else simply deploy Windows 8.1 or higher which has no issues with communicating with TPM 2.0 (apparently) #Windows7 Will update this on Friday with the findings Quote Share this post Link to post Share on other sites More sharing options...
Rocket Man Posted July 2, 2016 Report post Posted July 2, 2016 Well testing with the above scenario did not go well at all. Ended up creating a bootable USB with the utility and downgrading to TPM 1.2 prior to deployment to these models. After this all worked seamlessly, Bitlocker was enabled, PIN set and TPM info written back to AD. Will try windows 10 on the next batch to see if they work with the pre-installed TPM2.0. Quote Share this post Link to post Share on other sites More sharing options...
