Control TPM Command Blocking with the TPM Management console

Applies To: Windows Server 2008

TPM commands can be managed through the TPM Management console. Administrators can explore the commands available to the TPM. They can also block or allow specific commands.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To block and allow TPM commands using the TPM Management console

  1. Click Start, click All Programs, click Accessories, and then click Run.

  2. Type tpm.msc in the Open box, and then click Enter.

  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  4. The TPM Management console is displayed.

  5. In the console tree, click Command Management. A list of TPM commands is displayed.

  6. Select a command from the list that you want to block or allow.

  7. Under Actions, click either Block Selected Command or Allow Selected Command as needed.


Local administrators cannot allow TPM commands that are blocked through Group Policy. Also, commands on the default block list for the TPM console cannot be allowed until the Group Policy settings are changed to ignore the default block list.

Additional references