Managing the TPM in Windows Vista

written by: Sandra Rouane; article published: year 2007, month 03;


  

In: Categories » Computers and technology » Windows » Managing the TPM in Windows Vista

Before you can use the TPM, you must initialize the TPM for first use and turn on the TPM. Once the TPM is enabled, you can manage the TPM configuration. The sections that follow discuss:

  • Initializing the TPM for first use.

  • Turning off and clearing the TPM.

  • Changing the TPM owner password.

    Caution 

    While understanding how TPMs are managed is important for getting a complete understanding of using the Trusted Platform Module Services architecture, managing TPMs isn’t something inexperienced users or administrators should attempt. Only experienced administrators should attempt to manage TPMs, and even then, only as necessary.

Initializing a TPM for First Use

Initializing a TPM configures it for use on a computer. The initialization process involves turning on the TPM and then setting ownership of the TPM. Although Windows Vista supports remote initialization of a TPM, you must have local access to the computer to turn on the TPM. On some new computers, the TPM is turned on by default. If this is the case with the computer you are working with, you can complete the initialization of the TPM remotely.

To initialize the TPM on your computer for first use, complete the following steps:

  1. Log on locally to the computer with local administrator credentials.

  2. Start the Trusted Platform Module Management console.

  3. Under Actions, click Initialize TPM to start the TPM Initialization Wizard. On the Welcome page, click Next.

  4. The next step depends on the state of the TPM:

    • If the TPM Initialization Wizard detects a BIOS that does not meet Windows Vista requirements, you will not be able to continue with the wizard. Instead, you will be alerted to consult the computer manufacturer’s documentation for instructions on turning on the TPM.

    • If the TPM is turned off, the TPM Initialization Wizard displays the Turn On The TPM Security Hardware page. Follow the instructions for turning on the TPM. Click Shutdown (or Restart), and then follow the BIOS screen prompts. After the computer restarts, confirm that you want to turn on the TPM when prompted.

    • If the TPM is already turned on, the first page you see is the Create The TPM Owner Password page. For details about setting the owner password, see the next procedure.

The second part of initializing the TPM for first use is setting ownership. By setting ownership of the TPM, you are assigning a password that helps ensure that only the authorized TPM owner can access and manage the TPM. The TPM password is required to turn off the TPM if you no longer want to use it and to clear the TPM if the computer is to be recycled.

To set the ownership of the TPM on your computer, complete the following steps:

  1. Log on locally to the computer with local administrator credentials.

  2. Start the Trusted Platform Module Management console.

  3. Under Actions, click Initialize TPM to start the TPM Initialization Wizard. On the Welcome page, click Next.

  4. On the Create The TPM Owner Password page, select Automatically Create The Password (Recommended), and then click Next.

  5. On the Save Your TPM Owner Password page, click Save, and then select a location to save the password. Ideally, you’ll save the TPM ownership password to removable media, such as a universal serial bus (USB) flash drive.

  6. Click Save again. The password file is saved as computer_name. tpm.

  7. Click Print if you want to print a hard copy of your password. Be sure to save the printout containing the password in a secure location.

  8. Click Initialize. The initialization process might take several minutes to complete.

  9. When initialization is complete, click Close. The status of the TPM is displayed under Status in the TPM Management console.

Turning Off and Clearing the TPM

New computers that have a TPM might arrive with the TPM turned on by default. If you decide not to use the TPM, you should turn off and clear the TPM. If you want to reconfigure or recycle a computer, you should also turn off and clear the TPM. Windows Vista supports remotely turning off and clearing a TPM as well as using scripts to turn off and clear a TPM.

To turn off the TPM, complete the following steps:

  1. Log on locally to the computer with local administrator credentials.

  2. Start the Trusted Platform Module Management console.

  3. Under Actions, click Turn TPM Off.

  4. In the Turn Off The TPM Security Hardware dialog box, select one of the following methods for entering your password and turning off the TPM:

    • If you have the removable media on which you saved your TPM owner password, insert it, and then click I Have A Backup File With The TPM Owner Password. In the Select Backup File With The TPM Owner Password dialog box, click Browse, and then use the Open dialog box to locate the .tpm file saved on your removable media. Click Open, and then click Turn TPM Off.

    • If you do not have the removable media on which you saved your password, click I Want To Type The TPM Owner Password. In the Type Your TPM Owner Password dialog box, type your password (including dashes), and then click Turn TPM Off.

    • If you do not know your TPM owner password, click I Don’t Have The TPM Owner Password, and then follow the instructions provided to turn off the TPM without entering the password. Because you are logged on locally to the computer, you will be able to turn off the TPM.

Clearing the TPM cancels the TPM ownership and finalizes the shutdown of the TPM. You should clear the TPM only when a TPM-equipped client computer is to be recycled or when the TPM owner has lost the TPM owner password and recovery information was not backed up.

To clear the TPM, complete the following steps:

  1. Log on locally to the computer with local administrator credentials.

  2. Start the Trusted Platform Module Management console.

  3. Under Actions, click Clear TPM.

    Caution 

    Clearing the TPM resets it to factory defaults and finalizes its shutdown. As a result, you will lose all created keys and data protected by those keys.

  4. In the Clear The TPM Security Hardware dialog box, select a method for entering your password and clearing the TPM:

    • If you have the removable media on which you saved your TPM owner password, insert it, and then click I Have A Backup File With The TPM Owner Password. In the Select Backup File With The TPM Owner Password dialog box, click Browse, and then use the Open dialog box to locate the .tpm file saved on your removable media. Click Open, and then click Clear TPM.

    • If you do not have the removable media on which you saved your password, click I Want To Type The TPM Owner Password. In the Type Your TPM Owner Password dialog box, enter your password (including dashes) and then click Clear TPM.

    • If you do not know your TPM owner password, click I Don’t Have The TPM Owner Password, and then follow the instructions provided to clear the TPM without entering the password. Because you are logged on locally to the computer, you will be able to clear the TPM.

    1. The status of the TPM is displayed under Status in the TPM Management console.

Changing the TPM Owner Password

If you suspect that the TPM owner password has been compromised, you can change the password by using the Trusted Platform Module Management console. To change the TPM owner password, complete the following steps:

  1. Log on locally to the computer with local administrator credentials.

  2. Start the Trusted Platform Module Management console.

  3. Under Actions, click Change Owner Password.

  4. Follow the prompts to provide the current password and change the password

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. What`s in the Start Menu: All Windows Vista Versions
All Programs When you click All Programs, you're presented with an important list indeed: the master catalog of every program on your computer. You can jump directly to your word processor, calendar, or favorite game, for example, just by choosing its name from the Start -> All Programs menu. In Vista, as you'll notice very quickly, Microsoft abandoned the superimposed-menus effect of Windows XP. Rather than covering up the regularly scheduled Start menu, the All Programs list replaces it ...

  

2. How to change the desktop background in Windows Vista
Vista has a whole new host of desktop pictures, patterns, and colors for your viewing pleasure. You want widescreen images for your new flat-panel monitor? No problem, Vista's got 'em. Want something gritty, artsy, in black and white? They're there, too. And you can still use any picture you'd like as your background as well. To change yours, right-click the desktop. From the shortcut menu, choose Personalize. In the Personalization dialog box, click Desktop Background. Use a Microsoft Photo...

3. Common Windows Vista and XP Filename Extensions
This tutorial lists many of the most common filename extensions that you'll find on your system, that you might download, or that you have received over the Internet. Extensions were universally used on DOS and Windows 3.1 files, but Microsoft has gone to some difficulty to hide them in Windows Vista. This is unfortunate, because they play a major role in the way Windows decides what application will be used to open a file, as well as which files will be visible when opening files in a given application. Although direct a...

4. Upgrading to Windows Vista from Earlier Versions of Windows
When you buy Windows Vista, you buy either a full version of the operating system or an upgrade. Ideally, you'd like to upgrade, because an upgrade is less expensive than buying the full version. Only PCs with Windows XP or Windows 2000 qualify for upgrades; users with PCs running earlier versions of Windows will have to buy the full version. Users who have Windows XP or Windows 2000 and can upgrade will have one of two choices when they do the Windows Vista installation. They can either perform an in-place upgrade or do ...

5. Potential Problems During Windows Vista Setup
Fully documenting all of the problems that could occur during the installation of Windows Vista would require a tutorial10 times the size of this one. Here, though, are some of the most common problems you're likely to encounter, and how to solve them: An out-of-date BIOS may cause a failed installation. Your motherboard will have a software-upgradeable flash BIOS. Contact the manufacturer of your system or motherboard for any BIOS updates it has available, but don't bother unless a BIOS upgrade is absol...

6. Windows Vista Sidebar and Gadgets
Gadgets perform automated tasks and display information; they live in the Windows Sidebar on the Desktop. To open Double-click the Windows Sidebar icon in the notification area. Control Panel -> [Appearance and Personalization] -> Windows Sidebar Properties -> Start Sidebar when Windows starts Start -> All Programs -> Accessories -> Windows Sidebar Description One of Windows Vista's most useful new features is the Windows Sidebar and the Gadgets that ...

7. How to Start Up Applications in Win Vista
Windows Vista has more ways to launch a program than just about any other operating system: Double-click on a program icon in Explorer, on the Desktop. Double-click on a file associated with an application to launch that application and open the file. Pick the name of a program from the Start menu. Click on a program's icon in the Quick Launch Toolbar to start it. This toolbar can include icons for any programs, although by default, it often has icons...

8. How to use the clipboard in Vista
A shared, system-wide storage area for temporarily holding and moving data. To open Edit -> Cut (Ctrl-X) Edit -> Copy (Ctrl-C) Edit -> Paste (Ctrl-V) Description The Clipboard is an invisible portion of memory, used to temporarily hold data as it's moved or copied from one application to another. Although you will never "see" the Clipboard, it's used every time you cut, copy, or paste something. Using the Clipboard is easy. Select a portion of text in your...