locked
Clear TPM through WinPE 4.0 RRS feed

  • Question

  • Hi

    Is it possible to clear the TPM chip through WinPE 4.0?

    We are using Lenovo notebooks, and so fare I can only clear the TPM through BIOS or TPM.MSC.

    Lasse


    /Lasse

    Wednesday, September 18, 2013 6:24 AM

All replies

  • I would make a call to the WMI method Clear() within the Win32_TPM class from within WinPE using Vbscript.

    I think that the TPM driver is available in the Windows 8 (ADK) version of WinPE, but there are several articles on the internet on how to load the TPM drive in WinPE.


    Keith Garner - keithga.wordpress.com

    • Proposed as answer by Keith GarnerMVP Wednesday, September 18, 2013 4:51 PM
    Wednesday, September 18, 2013 4:51 PM
  • Thanks for the reply.

    The "issue" with the Clear() method is that it requires the current OwnerAuthorization value, and can't figure out how to extract this from Active Directory.

    It would be great if it's possible from WinPE to search the AD to find the corresponding TPM device under TPM Devices. By doing so it would be possible to find the current OwnerAuthorization value and then use it together with the Clear() method.
    Have been searching for this but can't find the solution.

    Lasse


    /Lasse

    Thursday, September 19, 2013 8:03 AM
  • is this of any value?
    http://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx

    Get-TPMOwnerInfo.vbs (http://go.microsoft.com/fwlink/?LinkId=167135)

     This script retrieves TPM recovery information from AD DS for a particular computer so that you can verify that only domain administrators (or delegated roles) can read backed up TPM recovery information and verify that the information is being backed up correctly.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Thursday, September 19, 2013 10:03 AM
  • The Get-TPMOwnerInfo.vbs script returns the name of the TPM device which is fine, our issue is if the computer gets a new domain computer name, then we can't query the AD for the TPM owner info which is needed to clear the TPM.


    /Lasse

    Thursday, September 19, 2013 12:11 PM
  • Then query your active directory using the BIOS GUID:

    http://www.myitforum.com/articles/32/view.asp?id=12799


    Keith Garner - keithga.wordpress.com

    • Proposed as answer by Keith GarnerMVP Thursday, September 19, 2013 10:02 PM
    Thursday, September 19, 2013 10:02 PM