This blog post was originally written by Aditi Satam and Thomas Cantwell.

Trusted Platform Module (TPM) is a standard for a secure crypto-processor. The TPM chip secures the hardware platform by integrating the cryptographic keys onto the server. These can then be decrypted only by the TPM. Thus, it provides platform integrity, disk encryption and enforcement of software licenses, along with other benefits.

Dell PowerEdge Servers currently support TPM version 1.2, but will soon offer the newest TPM version – TPM 2.0. Now that we will have two different versions of the TPM, knowing how to quickly identify the versions of TPM in your datacenter, may prove useful.

The TPM Management GUI displays the version (see below) under ‘Specification Version’ in Windows Server 2012 R2 (and other Windows OS). But, how can you get this information via command-line (and thus, script something) to get this information from multiple servers?

Can we get the right information via PowerShell? The simplest cmdlet is “Get-Tpm”. This returns a lot of useful information, such as Manufacturer version but it does not display the TPM version.

To get this information, you need to run a more complex WMI query to the TPM class as mentioned in the figure below. The spec version (in PowerShell, it is called “SpecVersion”) of the TPM is value to pay attention to.

For example, in the TPM 1.2 output below, the version information of "1.2, 2, 3" indicates that the device was implemented to TCG specification version 1.2, revision level 2, and errata 3.

The Command to run is as follows:

Get-WMIObject –class Win32_Tpm –Namespace root\cimv2\Security\MicrosoftTpm

The following link covers the Win32_Tpm class in depth:

TPM 1.2 output:


TPM 2 output:

You now have a way to verify the TPM specification version from either the GUI, or PowerShell. Datacenters have TPM 1.2 today, and will start carrying a mix of TPM versions once TPM 2 begins shipping, so you can manage this important security resource.