Write-MbamTPMInformation

Writes Trusted Platform Module (TPM) information to a Microsoft BitLocker Administration and Monitoring (MBAM) server.

Syntax

Write-MbamTPMInformation
     -Computer <String>
     [-ComputerUser <String[]>]
     [-Confirm]
     [-Force]
     -RecoveryServiceEndPoint <Uri>
     [-RetryCount <Int32>]
     [-RetryIntervalSeconds <Int32>]
     [-Time <DateTime>]
     -TpmOwnerInformation <SecureString>
     [-WhatIf]
     [<CommonParameters>]

Description

The Write-MbamTpmInformation cmdlet writes Trusted Platform Module (TPM) owner information for a single computer to a Microsoft BitLocker Administration and Monitoring (MBAM) server. The RecoveryServiceEndPoint parameter is required and identifies the MBAM server instance to which the TPM information is written. The Computer parameter is required and identifies the name and domain of the computer associated with the TPM information. The timestamp of the TpmOwnerInformation parameter is required and is supplied through the Time parameter. A value with a newer timestamp will overwrite an older value in the database.

Examples

1:

Required Parameters

-Computer

Specifies the domain name and computer name of the domain-joined computer in <domain name>\<machine name> format (for instance "contoso.com\User1-pc").

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-RecoveryServiceEndPoint

Specifies the path to the MBAM Recovery Service endpoint on the network. The URL for MBAM Recovery service endpoint is http(s)://<servername>:<port>/MBAMRecoveryAndHardwareService/CoreService.svc. (for instance: https://mbamserver.contoso.com:8080/ MBAMRecoveryAndHardwareService/CoreService.svc).

Type:Uri
Aliases:svc, service
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TpmOwnerInformation

Specifies the TPM Password hash value. This value corresponds to the msTPM-OwnerInformation value or msTPM-InformationObject in Active Directory (AD).

Type:SecureString
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Optional Parameters

-ComputerUser

Specifies a string array of fully qualified domain user accounts that have permission to access this volume recovery information in user principal name (UPN) (<login name>@<domain name> format (for instance: @("User1@contoso.com", "User2@contoso.com")).

Type:String[]
Aliases:user
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RetryCount

Specifies the maximum number of times to retry to send recovery information. The cmdlet proceeds to the next record after the retry limit is exceeded.

Type:Int32
Aliases:rc
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RetryIntervalSeconds

Specifies the amount of time in seconds to wait before the cmdlet retries to send the recovery information.

Type:Int32
Aliases:ri
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Time

Specifies the timestamp associated with the recovery information.

Type:DateTime
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False