How to find TPM version of a computer using Powershell?

TPM or Trust Platform Module version can be found through Powershell. This is in addition to the ways within the Windows operating system that allow you to fetch the TPM version using the command prompt or the TPM management snap-in. For bigger networks, Powershell becomes a preferred choice to collect and organize all sorts of information. This would include the TPM version of the computer as well.

So, we look at three ways by which you can use Powershell on a local or remote computer to find the TPM version of the computer.

You need to launch a Powershell session on the computer before using any of the commands below. Powershell needs to run with administrative privileges on the computer. These commands can be executed on a local computer or a remote computer. For a remote computer, we suggest remoting into it using PSExec and then running the commands locally to pull the relevant information.

Find the TPM version using wmic in Powershell

The simplest and quickest approach is to use the wmic command to fetch the TPM version of the Windows computer. The command that can be used is shared below:

wmic /namespace:\root\cimv2\security\microsofttpm path win32_tpm get Specversion

The command above will show you the ‘Specifications version’ of TPM. The SpecVersion is identical to the TPM version on the computer. From the screenshot below, you can see that the Specversion output from the command shows that TPM version 2.0 is valid for this Windows 11 computer.

You can also pull all details related to TPM configuration on a computer using a variant of the wmic command below:

wmic /namespace:\root\cimv2\security\microsofttpm path win32_tpm get * /format:textvaluelist.xsl

The output of this command looks like the screenshot below.

Some important values for this command output include the Specversion, Manufacturerversion, and ‘IsActivated’ value for TPM. ‘IsActivated’ value ‘True’ means that the TPM is already activated on the computer.

Find the TPM version using WMI Object in Powershell

We can find all details of TPM on a local or remote computer through the WMI Object directive. We will use the underlying class Win32_tpm class to query the TPM details of the computer.

The WMI Object command to fetch TPM information for the computer is shared below:

Get-WmiObject -class Win32_Tpm -namespace root\CIMV2\Security\MicrosoftTpm

The output of this command is shared below as a screenshot. You will need administrative privileges on the computer to run this WMI Object directive.

To restrict the output to finding the TPM version only, we can use the following command to limit the output display to display the Specversion attribute only.

Get-WmiObject -class Win32_Tpm -namespace root\CIMV2\Security\MicrosoftTpm | Select SpecVersion

The output of this command will list the SpecVersion on the computer. The SpecVersion is equivalent to the TPM version. The latest SpecVersion value of 2.0 suggests that the local computer has TPM version 2.0.

You can modify this command to include the computer name of a local or remote computer to fetch details of the TPM configuration on your Windows computer.

Get-WmiObject -class Win32_Tpm -namespace root\CIMV2\Security\MicrosoftTpm -Computername $COMPNAME

The variable $COMPNAME can contain the names of Windows computers for which TPM details are needed. Or, you can assign a temporary value to the variable $COMPNAME on the Powershell prompt.

Find the TPM version using CIM Instance in Powershell

You can find all the information about TPM (Trusted Platform Module) using the CIM Instance command directive in Powershell. CIM Instance will use the Win32_tpm class to fetch all details related to TPM configuration on the system. The command is shared below for your ready reference:

Get-CIMInstance -class Win32_Tpm -namespace root\CIMV2\Security\MicrosoftTpm

The output of this command is shared below as a screenshot. You can see all the attributes of the Cim Instance command.

If you wish to restrict the command output to the TPM version only, you can qualify the above command to restrict the output to SpecVersion only, as per the command below.

Get-CIMInstance -class Win32_Tpm -namespace root\CIMV2\Security\MicrosoftTpm | Select SpecVersion

The command output of the CIM Instance command is shared below in the screenshot which contains the values for SpecVersion only.

You can qualify the command further to include the computer name for fetching details of the remote computers as well. I prefer using a variable to substitute computer names from a static file. The command, in such a case, will look like the command below:

Get-CIMInstance -class Win32_Tpm -namespace root\CIMV2\Security\MicrosoftTpm -computername $COMPNAME

For the command above, we are using the $COMPNAME variable. You can assign a static value to it for the name of a remote computer.

Summary

In this Powershell tutorial, we have seen how to find the TPM version of a Windows computer using Powershell. We have seen the wmic command, WMI Object, and CIM Instance commands that work on the Win32_TPM class for organizing the TPM data of a computer.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.