If you’re using BitLocker, you need to be backing up the TPM ownwer password. By default, Windows does not back up this information when you encrypt a computer with BitLocker. Should you need to make changes to the TPM device, you’ll need this password.
Where is the policy located?
Computer Configuration > Policies > Administrative Templates > System > Trusted Platform Module Services > Turn on TPM backup to Active Directory Domain Services
How should the policy be configured?
Set the policy to Enabled and check Require TPM backup to AD DS.
Where do I view the TPM password in Active Directory?
In Active Directory Users and Comptuers, make sure that you’ve got the Advanced Features enabled. Go to the View menu and make sure there is a checkbox by Advanced Features.
In the Computer object Properties, click on the Attribute Editor tab. Scroll down to the msTPM-OwnerInformation attribute. Click the Edit button to view the full value.
Kyle is also the Vice President of the Atlanta Windows Infrastructure and Virtualization User Group (WINVUG).You can find additional articles he's written on 4sysops.com.
Latest posts by Kyle Beckman (see all)
- Fix XRE-10000 Error During Comcast/Xfinity X1 Activation - December 8, 2015
- Group Policy ADMX and Management Console Downloads - August 5, 2015
- Where is the Work Folders client for Mac, iOS, and Android? - April 20, 2015