Please feel free to provide feedback or file bugs here.

Need a PowerShell version of tpmvscmgr.exe to manage TPM smart cards

We need a PowerShell version of tpmvscmgr.exe to manage TPM virtual smart cards.

The tpmvscmgr.exe tool 1) does not accept PIN, PUK and AdminKey numbers as arguments, these must be entered interactively in powershell.exe only, not ISE or with a pop-up, 2) cannot list currently existing virtual smart card ID strings, and 3) is somewhat crude in how it manages card lockout policies and unlocks.

This is needed not just for Windows clients, but also because Server 2016 Hyper-V supports virtual smart cards for guest VMs, such as for VDI scenarios.

We need to be able to pass in PIN, PUK and AdminKey numbers as arguments (not be prompted in an interactive shell) so that, among other things, we can have simple GUI wrappers written in PowerShell for this. These arguments could be PS secure strings.

If a cmdlet replacement is impossible for some reason, then please add the above functionality to tpmvscmgr.exe (so that we don't have to script sending keystrokes).

We also need the ability to list existing vCards, rename vCards, clear selected certificate+privkey pairs, clear all key pairs, unlock vCards which have suffered too many failed auth attempts, manage the lockout policies, etc.

A resource module for DSC would be nice, but not mandatory. Updating the graphical TPM Management snap-in for mmc.exe would be nice too, but not mandatory.

Here is a C# project with some of the code needed for the cmdlet:

https://code.msdn.microsoft.com/windowsapps/Smart-card-sample-c7d342e0

Please add the cmdlet(s) to the built-in TrustedPlatformModule posh module and not just to the PSGallery, though that would be OK as long as it is sponsored and supported by Microsoft as future TPM versions and future Windows OS'es are released.

Thank You!
Jason

8 votes
Sign in
(thinking…)
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Jason Fossen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base