# create the SCCM tasksequence object\n$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment\n\n############# Define variables ################\n\n# Query the wmi of the computer for the status of the TPM chip\nif ((Get-WmiObject -class Win32_Tpm -namespace \"root\\CIMV2\\Security\\MicrosoftTpm\").IsOwned_InitialValue){\n\t$tsenv.Value(\"TPMIsOwned\")=\"True\"\n}\nif ((Get-WmiObject -class Win32_Tpm -namespace \"root\\CIMV2\\Security\\MicrosoftTpm\").IsActivated_InitialValue){\n\t$tsenv.Value(\"TPMIsActive\")=\"True\"\n}\nif (((Get-WmiObject -Namespace \"root\\CIMV2\\Security\\MicrosoftVolumeEncryption\" -Class Win32_EncryptableVolume).GetProtectionStatus().ProtectionStatus) = 1){\n\t$tsenv.Value(\"IsBitLockerOn\")=\"True\"\n}\n<\/code><\/pre>\n
Advertisement
If BitLocker is enabled, the variable IsBitlocker on will return true. I tried to use this same script on a Task Sequence for Windows 10 and it did not work properly. When I looked at the smsts.log file. I saw this error message:<\/p>\n
The property 'ProtectionStatus' cannot be found on this object. Verify that the property exists and can be set.\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\nAt C:\\_SMSTaskSequence\\Packages\\P01007DE\\setTaskSequenceVariables.ps1:13 char:5\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\n+ if (((Get-WmiObject -Namespace \"root\\CIMV2\\Security\\MicrosoftVolumeEn ...\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\n + FullyQualifiedErrorId : PropertyAssignmentException\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\n<\/code><\/pre>\n
Advertisement
I cannot find anything syntax wise that seems to be wrong. Does anyone have any suggestions to fix this or is there another way to do this besides querying WMI for the BitLocker status. Thank You for your help.<\/p>","upvoteCount":6,"answerCount":8,"datePublished":"2016-07-15T19:19:59.000Z","author":{"@type":"Person","name":"jasonross3971","url":"https://community.spiceworks.com/u/jasonross3971"},"acceptedAnswer":{"@type":"Answer","text":"
I ended up putting an else statement in the script that would write false in the variable instead of not creating it. That seemed to make the script work better.<\/p>","upvoteCount":0,"datePublished":"2016-07-22T10:29:10.000Z","url":"https://community.spiceworks.com/t/bitlocker-status-into-sccm-task-sequence-variable/511388/6","author":{"@type":"Person","name":"jasonross3971","url":"https://community.spiceworks.com/u/jasonross3971"}},"suggestedAnswer":[{"@type":"Answer","text":"
I have a PowerShell script that will create 3 SCCM 2012 Task Sequence variables to check if TPM is Owned, TPM isActive, and if Bitlocker is on. This is the script:<\/p>\n
# create the SCCM tasksequence object\n$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment\n\n############# Define variables ################\n\n# Query the wmi of the computer for the status of the TPM chip\nif ((Get-WmiObject -class Win32_Tpm -namespace \"root\\CIMV2\\Security\\MicrosoftTpm\").IsOwned_InitialValue){\n\t$tsenv.Value(\"TPMIsOwned\")=\"True\"\n}\nif ((Get-WmiObject -class Win32_Tpm -namespace \"root\\CIMV2\\Security\\MicrosoftTpm\").IsActivated_InitialValue){\n\t$tsenv.Value(\"TPMIsActive\")=\"True\"\n}\nif (((Get-WmiObject -Namespace \"root\\CIMV2\\Security\\MicrosoftVolumeEncryption\" -Class Win32_EncryptableVolume).GetProtectionStatus().ProtectionStatus) = 1){\n\t$tsenv.Value(\"IsBitLockerOn\")=\"True\"\n}\n<\/code><\/pre>\nIf BitLocker is enabled, the variable IsBitlocker on will return true. I tried to use this same script on a Task Sequence for Windows 10 and it did not work properly. When I looked at the smsts.log file. I saw this error message:<\/p>\n
The property 'ProtectionStatus' cannot be found on this object. Verify that the property exists and can be set.\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\nAt C:\\_SMSTaskSequence\\Packages\\P01007DE\\setTaskSequenceVariables.ps1:13 char:5\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\n+ if (((Get-WmiObject -Namespace \"root\\CIMV2\\Security\\MicrosoftVolumeEn ...\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\n + FullyQualifiedErrorId : PropertyAssignmentException\tInstallSoftware\t7/15/2016 10:55:09 AM\t1524 (0x05F4)\n<\/code><\/pre>\nI cannot find anything syntax wise that seems to be wrong. Does anyone have any suggestions to fix this or is there another way to do this besides querying WMI for the BitLocker status. Thank You for your help.<\/p>","upvoteCount":6,"datePublished":"2016-07-15T19:19:59.000Z","url":"https://community.spiceworks.com/t/bitlocker-status-into-sccm-task-sequence-variable/511388/1","author":{"@type":"Person","name":"jasonross3971","url":"https://community.spiceworks.com/u/jasonross3971"}},{"@type":"Answer","text":"
I don’t know if others can, but I can not read that error at all.<\/p>\n
Can you just post the error as text?<\/p>","upvoteCount":0,"datePublished":"2016-07-15T19:26:41.000Z","url":"https://community.spiceworks.com/t/bitlocker-status-into-sccm-task-sequence-variable/511388/2","author":{"@type":"Person","name":"Neally","url":"https://community.spiceworks.com/u/Neally"}},{"@type":"Answer","text":"
I saw that. I just reposted it as text.<\/p>","upvoteCount":0,"datePublished":"2016-07-15T19:28:59.000Z","url":"https://community.spiceworks.com/t/bitlocker-status-into-sccm-task-sequence-variable/511388/3","author":{"@type":"Person","name":"jasonross3971","url":"https://community.spiceworks.com/u/jasonross3971"}},{"@type":"Answer","text":"
Looks like you put a “GetProtectionStatus()” in?<\/p>\n
Yours:<\/p>\n
if(((Get-WmiObject -Namespace \"root\\CIMV2\\Security\\MicrosoftVolumeEncryption\" \n-Class Win32_EncryptableVolume).**GetProtectionStatus()**.ProtectionStatus) = 1){\n# something\n}\n<\/code><\/pre>\nShould be:<\/p>\n
if((Get-WmiObject -Namespace \"root\\CIMV2\\Security\\MicrosoftVolumeEncryption\" \n-Class Win32_EncryptableVolume).protectionstatus = 1){\n\n# something\n\n}\n\n<\/code><\/pre>\nEDIT:
\nNo hm never-mind it seems to work with both versions.
\nI’d get to the machine and investigate, run the stuff manually and try to ‘get-member’ and see if that property is there on that machine. ¯_(ツ)_/¯<\/p>\n
Get-WmiObject -ComputerName $ComputerThatGivesYouTheError \n-Namespace \"root\\CIMV2\\Security\\MicrosoftVolumeEncryption\" \n-Class Win32_EncryptableVolume | Get-Member\n<\/code><\/pre>\nIt could be that there is not even that namespace or object.<\/p>","upvoteCount":0,"datePublished":"2016-07-15T19:39:17.000Z","url":"https://community.spiceworks.com/t/bitlocker-status-into-sccm-task-sequence-variable/511388/4","author":{"@type":"Person","name":"Neally","url":"https://community.spiceworks.com/u/Neally"}},{"@type":"Answer","text":"
this thread help?<\/p>\n