Changes in TPM Management

Applies To: Windows 7, Windows Server 2008 R2

TPM Management is a Microsoft Management Console (MMC) snap-in that allows administrators to interact with Trusted Platform Module (TPM) Services. TPM Services is used to administer the TPM security hardware in your computer. In Windows® 7 and Windows Server® 2008 R2, the TPM Management snap-in now can be used to reset the TPM lockout value.

Resetting the TPM lockout value

The TPM will lock itself to prevent tampering or attack; this is referred to as lockout. TPM lockout often lasts for a variable amount of time or until the computer is turned off. While the TPM is in lockout mode, it generally returns an error when it receives commands that require an authorization value. One exception is that the TPM always allows the owner at least one attempt to reset the TPM lockout when it is in lockout mode. If your TPM has entered lockout mode or is responding slowly to commands, you may need to reset the lockout value.


Resetting the TPM lockout requires the TPM owner authorization. If you do not remember the owner authorization password, consider the following places that your owner password could have been stored. Your TPM owner authorization password may have been saved along with the BitLocker recovery key on a USB drive or network share. The TPM owner password file has a .tpm file name extension. If you printed the BitLocker recovery key, the TPM owner password may have been printed at the same time. Also, the TPM owner password hash value to may have been backed up to Active Directory® Domain Services (AD DS) if your organization's Group Policy settings are configured to do so.