Clear TPM: How to enable or disable TPM in Windows

Posted on IT Expert By IT Expert No Comments on Clear TPM: How to enable or disable TPM in Windows
TPM

In this article, you will learn how to Clear TPM: How to enable or disable TPM in Windows. Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM. Please see How to fix unable to find compatible TPM, When Should I Use TPM or TPM + PIN, and how to fix your device cannot use a Trusted Platform Module: Allow BitLocker without a compatible TPM.

Some of the key advantages of using TPM technology are that you can generate, store, and limit the use of cryptographic keys.

Also, see how to determine if BitLocker is enabled: How to view BitLocker disk encryption status in Windows, and how to enable Bitlocker Pre-Boot Authentication via the Group Policy.

Unified Extensible Firmware Interface

UEFI stands for Unified Extensible Firmware Interface. It does the same job as a BIOS (Basic Input/Output System), but with one basic difference: it stores all data about initialization and startup in an .efi file, instead of storing it on the firmware.

This .efi file is stored on a special partition called EFI System Partition (ESP) on the hard disk. This ESP partition also contains the bootloader. UEFI was designed to overcome many limitations of the old BIOS.

Note: It is recommended not clear TPM via UEFI/BIOS. Please use the functionality in the operating system (such as TPM.msc) or Windows Defender Center App to clear the TPM. In this way, we will not experience data loss as we saw already from our test.

Below are some guides on Generation 1 and Generation 2 VM as regards UEFI and BIOS. How to deploy Microsoft BitLocker Administration and Monitoring Tool, and how to enable or disable BitLocker Drive Encryption on Windows 10 and Virtual Machines.

If you have BitLocker Keys backed up to Active Directory or have downloaded this previously. When prompted for the recovery key, you will be able to access your drive again. But ensure you have your BitLocker recovery key before proceeding with these steps. Else you will lose your data. This is a related guide on how to back up existing and new BitLocker recovery keys to Active Directory.

To Clear the TPM Module

Boot the device using F2 into the BIOS setup mode. Locate the “Security” option on the left and expand. Click on the .“TPM” option nested under the “Security” setting.

To clear the TPM you must check the box saying:  “Clear” to clear the TPM hard drive security encryption. 

You will be asked to confirm by clicking on Yes as shown below and this could result in data loss if you do not have the BitLocker recovery key.
Screenshot-2021-08-26-at-20.24.25

Ensure the “Activate” radio button is turned on in order to ensure the TPM option works.

If the TPM is ‘Deactivated’, or the TPM Security is not enabled the drive will not encrypt until those settings are madeTPM changes sometimes need to be verified by restarting after they are applied.

Here is a guide on how to view BitLocker recovery keys in Active Directory: How to fix missing BitLocker Recovery Tab in Active Directory Users and Computers.

To enable  TPM (Trusted Platform Module)

If you have previously disabled TPM, kindly follow the steps below to activate the TPM.

  • Boot the computer using F2 into the BIOS setup mode
  • Locate the “Security” option on the left and expand
  • Locate the “TPM” option nested under the “Security” setting
  • To enable the TPM settings you must check the following options below to enable the TPM hard drive security encryption
Screenshot-2021-08-26-at-20.21.38

Ensure the “Activate” radio button is turned on. This will ensure the TPM option works

To Disable (Deactivated) the TPM

To disable the TPM module, please follow the steps below.

  • Boot computer using F2 into the BIOS setup mode
  • Locate the “Security” option on the left and expand
  • Locate the “TPM” option nested under the “Security” setting
  • To disable the TPM settings you must check the box under the “TPM 2.0 Security” to disable the TPM hard drive security encryption as shown below.
  • You could also uncheck the boxes for “TPM On” and “”Attestation Enable”.
Screenshot-2021-08-26-at-21.02.50

Ensure the “Deactivate” radio button is turned on in order to ensure the TPM is deactivated.

If the TPM is ‘Deactivated’, or the TPM Security is not enabled. The drive will not encrypt until those settings are made. Ensure that you verify these TPM changes by restarting after they are applied.

I hope you found this blog post helpful on how to clear TPM: How to enable or disable TPM in Windows. If you have any questions, please let me know in the comment session.

Rate this post
Windows Tags:, , , , , ,

Related Posts

More Related Articles

Security updated something did not go well as planned Something did not go well as planned: Windows Security update fails to install Windows
image 130 How to fix the Security Database on the Server does not have a Computer Account for this Workstation Trust Relationship on Windows Server [Part 2] Scripts
Windows10 Configure new GPO settings and Security baseline for Windows Windows
How to Find Out Which Users Are Logged on Windows Server How to Find Out Which Users Are Logged on Windows Server Windows
Featured image This network connection does not exist How to fix this network connection does not exist Windows
Determine GPO from GUID or Name How to determine GPO from GUID or Name Windows

Leave a Reply