Tip: Enable and Use TPM (Trusted Platform Module) Services

Follow Our Daily Tips


The TPM (Trusted Platform Module) Services architecture in Windows 7 provides the basic features required to configure and deploy TPM-equipped computers. (This architecture can be extended with BitLocker Drive Encryption.) Before you can use TPM, you must turn on TPM in firmware and initialize the TPM for first use in software. As part of the initialization process, you set the owner password on the TPM. After TPM is enabled, you can manage the TPM configuration.

In some cases, computers that have TPM might ship with TPM turned on. In most cases, however, you’ll find TPM is not turned on by default. While the exact process may vary from one system to another, here’s the general process used to enable TPM on some computers:
1. Start the computer, and access the firmware. In the firmware, access the Advanced screen and then the Peripheral Configuration screen.
2. On the Peripheral Configuration screen, look for the Trusted Platform Module option. Highlight this option and press Enter to display an options menu. From the menu, choose Enable and then press Enter.
3. Save the changes to the setting and exit the firmware. Reboot the computer.

Note again, that this is just general guidance and the precise options and steps may vary from system to system.

Windows 7 provides several tools for working with a TPM, including these:

Trusted Platform Module Management
A console for configuring and managing a TPM. You can access this tool by clicking Start, typing tpm.msc in the Search box, and then pressing Enter.


Initialize The TPM Security Hardware
A wizard for creating the required TPM owner password. You can access this tool by clicking Start, typing tpminit in the Search box, and then pressing Enter.

Managing TPM
Access to the Trusted Platform Module Management console can be restricted in Group Policy. If you are unable to open the console, check to see if a Group Policy object (GPO) being processed includes Management Console restric¬tions under Windows Components\Microsoft Management Console.

When you are working with Trusted Platform Module Management, you can determine the exact state of the TPM. If you try to start Trusted Platform Module Management without turning on TPM, you’ll see an error stating this. You’ll also see an error if you try to run the Initialize The TPM Security Hardware wizard without turning on TPM.

Only when you’ve turned on TPM in firmware will you be able to access and work with the TPM tools. When you are working with the Trusted Platform Module Management console, you should note the TPM status and the TPM manufacturer information. The TPM status indicates the exact state of the TPM. The TPM manufacturer information shows whether the TPM supports specification version 1.2. Support for TPM version 1.2 or later is required.


Tip adapted from Windows 7 Administrator’s Pocket Consultant by William R. Stanek

Looking for More Tips?

For more tips on Microsoft products and technologies, visit the TechNet Tips library.