Windows

How to clear the TPM via the management console or Windows Defender Center App

ClearTPM

Clearing or resetting the TPM resets it to an unowned state. After the TPM is cleared, the Windows 10 OS will automatically re-initialize it and take ownership again.  In this way, the BitLocker encryptions work without any issues. Here is a guide on how to clear, enable or disable TPM in Windows via the BIOS or UEFI. The most common TPM functions are used for system integrity measurements and for key creation and use. During the boot process of a system, the boot code that is loaded (including firmware and the operating system components) can be measured and recorded in the TPM. The integrity measurements can be used as evidence for how a system started and to make sure that a TPM-based key was used only when the correct software was used to boot the system. Kindly refer to some of these related guides: How to clear, enable or disable TPM in Windows via the BIOS or UEFI, BitLocker Back Door:TPM Only: From stolen laptop to inside the company network, how to fix your device cannot use a Trusted Platform Module, allow BitLocker without a compatible TPM, This device cannot use a Trusted Platform Module, allow BitLocker without a compatible TPM when turning on Bitlocker and how to enable Bitlocker Pre-Boot Authentication via the Group Policy.

Here are some reasons for resetting the TPM.
  • When preparing for a clean installation can help ensure that the new OS can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM is not cleared before a new operating system is installed, most TPM functionality will probably work correctly.
  • Since there are ways to extract BitLocker keys from a TPM, it’s better to be safe to clear TPM on a device before discarding them.
  • Encrypt SSD with BitLocker and then clear the TPM module to destroy the keys. In this way, the keys cannot be recoverable. 
  • Microsoft advises not to clear TPM directly from UEFI. This can lead to data loss etc. This is because you may not have access to the recovery key. It is recommended to use the functionality in the operating system (such as TPM.msc) to clear the TPM. In this way, we will not experience data loss as we saw already from our test. Here is a guide on how to backup existing and new BitLocker recovery keys to Active Directory, and BitLocker recovery keys in Active Directory.

    How to Clear BitLocker via the TPM.msc Snap-in (Management console)

    From the run dialog windows, type TPM.msc. This will open the TPM snap-in window as shown below.

    Screenshot-2021-08-28-at-16.46.14

    1: You need to be an administrator on the device to be able to clear the TPM. For more information, see the following link: There was an error opening the Trusted Platform Module snap-in: You do not have permission to open the Trusted Platform Module Console.
    2: Also, you could also launch the TPM management console via the MMC and select TPM Management for the Local Computer. I will demonstrate the steps in the next guide.
    3: You could search for TPM.msc from the search window as shown below and click on open.

    Screenshot-2021-08-28-at-15.58.49
    From the run dialog windows, type TPM.msc. This will open the TPM snap-in window as shown below. 
    - You need to be an administrator on the device to be able to clear the TPM. for more information, see the following link: There was an error opening the Trusted Platform Module snap-in: You do not have permission to open the Trusted Platform Module Console.
    
    Also, you could also launch the TPM management console via the MMC and select TPM Management for the Local Computer. I will demonstrate the steps in the next guide.

    In the Action pane, click on Clear TPM (TPM Loschen) as shown below

    deleteTPM

    You will be notificed as shown below that your device will be restated. Click on the close button.

    after-deleteTPM

    In the Window below, click on Restart as shown below.

    tpm1

    As you can see below, the device is restarted. As discussed in the first paragraph, starting with Windows 10, the operating system automatically initializes and takes ownership of the TPM. This is a change from previous operating systems, where you would initialize the TPM and create an owner password.

    tpmdel

    Windows 10, the operating system automatically initializes and takes ownership of the TPM.

    To clear the TPM via the Windows Defender Security Center app.

    To do follow these steps, follow the steps below. 
    -> Click on the Start button
    -> Settings 
    -> Update & Security 
    -> Windows Security and
    -> Device security.
    -> Under Security processor, select Security processor details.
    -> Select Security processor troubleshooting, and then under Clear TPM, select Clear TPM.

    Alternatively, you could double-click the shield icon in the Windows Defender Security Center system tray to start.

    Screenshot-2021-08-28-at-15.07.23

    – This will open the Windows Defender Security Center app.
    – Click on Device security.
    – Click Security processor details.
    – Click Security processor troubleshooting and click on Clear TPM.

    Screenshot-2021-08-27-at-10.44.27

    You will be prompted to restart the computer. During the restart.

    Screenshot-2021-08-27-at-10.45.25

    After the PC restarts, your TPM will be automatically prepared for use by Windows. This is because, the operating system will automatically initialize and takes ownership of the TPM again.

    I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

    Subscribe
    Notify of
    guest
    0 Comments
    Inline Feedbacks
    View all comments
    0
    Would love your thoughts, please comment.x
    ()
    x