Group Policy Quick Tip – Enable Backup of the TPM Password

If you’re using BitLocker, you need to be backing up the TPM ownwer password.  By default, Windows does not back up this information when you encrypt a computer with BitLocker.  Should you need to make changes to the TPM device, you’ll need this password.

Where is the policy located?
Computer Configuration > Policies > Administrative Templates > System > Trusted Platform Module Services > Turn on TPM backup to Active Directory Domain Services

How should the policy be configured?
Set the policy to Enabled and check Require TPM backup to AD DS.

Enable TPM Password Backup Group Policy

Where do I view the TPM password in Active Directory? 
In Active Directory Users and Comptuers, make sure that you’ve got the Advanced Features enabled.  Go to the View menu and make sure there is a checkbox by Advanced Features.

In the Computer object Properties, click on the Attribute Editor tab. Scroll down to the msTPM-OwnerInformation attribute.  Click the Edit button to view the full value.

TPM Password Backup - View in GPMC

One thought on “Group Policy Quick Tip – Enable Backup of the TPM Password

  1. Joseph Perry December 29, 2016 / 4:11 PM

    I believe windows 10 anniversary update (1607) has removed this functionality.

Leave a Reply