Recently I have been working on a way to auto activate the TPM chip on Fujitsu computers during the Operating System Deployment. Until recently, this has been limited to customers that have purchased DeskView advanced client from Fujitsu.

Now, it is possible to work around this issue, and the way I have done it before is to use manage-bde.exe to activate TPM and BiosSet.exe to set a BIOS-password. However, using the manufacture own software to do everything is always considered best practice and with a script it is now possible.

First the challenge:

When using DeskView to activate TPM you get an error code (413) with a message stating that you need to use DeskView Advanced Client for this operation.

Since we do not have DeskView advanced client we need a way to work around this issue. Before recently, you could just use run “%windir%\system32\manage-bde.exe” –tpm –turnon. This method, do automate the process on a Bare-Metal installation, however you would end up with a logical flaw in a refresh scenario.

The best way is to only use DeskView and run a simple script before the actual steps in the SCCM Task Sequence and you should be able to avoid the 413 error! J

This is what you need to do:

  1. Download DeskView here: fujitsu.com
  2. Copy and paste the sample script into notepad sand save it with a .vbs extension
  3. Copy the script into the DeskView folder
  4. Create a package containing all the necessary files (DeskView and Script)
  5. Add the necessary commands in the Task Sequence you want to run
  6. Add these two WMI-queries to the steps to ensure you not run this steps on other systems than Fujitsu and Laptop,
    1. SELECT * FROM Win32_ComputerSystemProduct WHERE Vendor LIKE “%FUJITSU%”
    2. SELECT * FROM Win32_Battery where Batterystatus > 0

Now, there is a “bug”. TCG (Trusted Computing Group) requires in the PC-TPM specification, that you have to sit in front of the system (physical presence) to enable TPM. To avoid this you can add a “hidden” switch. This switch is only obtainable through FS Customer support. Contact FS CS or send me an email with the contact form and I will give you the switch.

This is the commands, which you need to use:

  1. Cscript.exe “script.vbs”
  2. BiosSet.exe /NEWPWD=”YourPassword”
  3. BiosSet.exe /TPMSTATE=ON /”Hidden Switch” /PWD=”YourPassword”

(For full list of syntax for BiosSet.exe see DeskView documentation: fujitsu.com)

View of how it looks in the Task Sequence:

fujitsucomputerstpm01   fujitsucomputerstpm02

fujitsucomputerstpm03  fujitsucomputerstpm04

fujitsucomputerstpm05

Sample of script:

Option Explicit
Dim g_wsh
Set g_wsh = WScript.CreateObject("WScript.Shell")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.BiosSettings.BiosSet\B6B4436F-B78E-4FB7-87E2-0EDFC8E7F620″, "00000001_0000B3E2_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B6B623BA", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.BiosSettingsDirectWMI.PrBSetEx\B6B4436F-B78E-4FB7-87E2-0EDFC8E7F620″, "00000001_0000B3E2_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B6B623BA", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.SystemData.Altiris_DeskView_Agent\B6B4436F-B78E-4FB7-87E2-0EDFC8E7F620″, "00000001_0000B3E2_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B6B623BA", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.Notification.DeskAlert\B6B4436F-B78E-4FB7-87E2-0EDFC8E7F620″, "00000001_0000B3E2_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B6B623BA", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.BiosSettings.BiosSet\B6B4436F-B78E-4FB7-87E2-0EDFC8E7F620″, "00000001_0000B3E2_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B6B623BA", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.BiosSettingsDirectWMI.PrBSetEx\B6B4436F-B78E-4FB7-87E2-0EDFC8E7F620″, "00000001_0000B3E2_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B6B623BA", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.SystemData.Altiris_DeskView_Agent\B6B4436F-B78E-4FB7-87E2-0EDFC8E7F620″, "00000001_0000B3E2_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B6B623BA", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.Notification.DeskAlert\B6B4436F-B78E-4FB7-87E2-0EDFC8E7F620″, "00000001_0000B3E2_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B6B623BA", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\DeskUpdate\InstalledPackages\BIOSSET_TPM_REMOTE", "1", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\DeskUpdate\InstalledPackages\BIOSSET_TPM_REMOTE", "1", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.BiosSettings.BiosSet\CE66A512-F085-4739-A19A-DB6A617436BF", "00000001_0000CC42_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_CE68D2B0″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.BiosSettingsDirectWMI.PrBSetEx\CE66A512-F085-4739-A19A-DB6A617436BF", "00000001_0000CC42_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_CE68D2B0″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.SystemData.Altiris_DeskView_Agent\CE66A512-F085-4739-A19A-DB6A617436BF", "00000001_0000CC42_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_CE68D2B0″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.Notification.DeskAlert\CE66A512-F085-4739-A19A-DB6A617436BF", "00000001_0000CC42_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_CE68D2B0″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.BiosSettings.BiosSet\CE66A512-F085-4739-A19A-DB6A617436BF", "00000001_0000CC42_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_CE68D2B0″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.BiosSettingsDirectWMI.PrBSetEx\CE66A512-F085-4739-A19A-DB6A617436BF", "00000001_0000CC42_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_CE68D2B0″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.SystemData.Altiris_DeskView_Agent\CE66A512-F085-4739-A19A-DB6A617436BF", "00000001_0000CC42_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_CE68D2B0″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.Notification.DeskAlert\CE66A512-F085-4739-A19A-DB6A617436BF", "00000001_0000CC42_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_CE68D2B0″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\DeskUpdate\InstalledPackages\BIOSSET_PWD_HDD", "1", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\DeskUpdate\InstalledPackages\BIOSSET_PWD_HDD", "1", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.BiosSettings.BiosSet\B8798761-7DFD-4751-A3E9-0BABDCC94B27″, "00000001_0000CC4C_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B87B3E44″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.BiosSettingsDirectWMI.PrBSetEx\B8798761-7DFD-4751-A3E9-0BABDCC94B27″, "00000001_0000CC4C_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B87B3E44″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.Notification.DeskAlert\B8798761-7DFD-4751-A3E9-0BABDCC94B27″, "00000001_0000CC4C_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B87B3E44″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\Common\DAC\DeskViewClient.SystemData.Altiris_DeskView_Agent\B8798761-7DFD-4751-A3E9-0BABDCC94B27″, "00000001_0000CC4C_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B87B3E44″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.BiosSettings.BiosSet\B8798761-7DFD-4751-A3E9-0BABDCC94B27″, "00000001_0000CC4C_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B87B3E44″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.BiosSettingsDirectWMI.PrBSetEx\B8798761-7DFD-4751-A3E9-0BABDCC94B27″, "00000001_0000CC4C_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B87B3E44″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.Notification.DeskAlert\B8798761-7DFD-4751-A3E9-0BABDCC94B27″, "00000001_0000CC4C_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B87B3E44″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\Common\DAC\DeskViewClient.SystemData.Altiris_DeskView_Agent\B8798761-7DFD-4751-A3E9-0BABDCC94B27″, "00000001_0000CC4C_DeskView_User_Fujitsu_00000000_1F0C07F2_070A07DD_0_B87B3E44″, "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\DeskUpdate\InstalledPackages\BIOSSET_PWD_USER", "1", "REG_SZ")
Call g_wsh.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\DeskUpdate\InstalledPackages\BIOSSET_PWD_USER", "1", "REG_SZ")"

Hope this helps you out! 🙂