In this article, we shall discuss how to Enable or Disable TPM Auto-provisioning in Windows. Leveraging Trusted Platform Module (TPM) technology, the TPM chip is a secure crypto-processor, ensuring tamper-resistant hardware-based security functions. This chip executes cryptographic operations while incorporating various physical security mechanisms, safeguarding TPM’s security functions against malicious software tampering. Please see how to clear the TPM via the management console or Windows Defender Center App, and How to clear, enable or disable TPM in Windows via the BIOS or UEFI.
Kindly refer to the following TPM-related guides: How to upgrade Windows 10 with an unsupported CPU and TPM 1.0 to Windows 11, How to determine if TPM is present and how to enable TPM in the BIOS, and how to fix unable to find compatible TPM,
Dell automatically installs TPM for Windows 10 shipped systems. For systems without active TPM, remote enabling is possible through scripting on Skylake and Kaby Lake models using Dell Command Configure and the ‘PPI Bypass Enable’ BIOS option.
Enhancing Security with TPM 2.0: Benefits and Configuration in UEFI Mode
Note: TPM 2.0 functions fully in UEFI mode. Enable TPM and configure secure boot in UEFI mode to achieve security status. Nonetheless, Some of the key advantages of using TPM technology are that you can:
- Generate, store, and limit the use of cryptographic keys.
- Utilize TPM technology to authenticate platform devices through its unique RSA key, which it internally possesses.
- Help ensure platform integrity by taking and storing security measurements.
Enable or Disable TPM Auto-provisioning can be crucial when encountering the error message “waiting for TPM provisioning” within the SQL Server Reporting Services status tab. Moreover, Determining whether the device can utilize auto-provisioning in such cases becomes essential.
Before resolving this issue, I would like to determine if your device has auto-provisioning enabled or disabled, etc.
However, Kindly run the following command to quickly view the TPM information. You will need to run PowerShell as an Admin to get this information.
- get-tpm
- tpmtool getdeviceinformation – If you wish, you can also run the command “
tpmtool getdeviceinformation” to get more information from the device.
You may also want to see how to resolve the following issues How to fix System Partition not available or large enough [Part 1], how to determine why an MBAM-protected device is non-compliant, and System check found some issues during MBAM encryption: Fail, the Power cable must be connected.
Enable or Disable TPM Auto-provisioning: Resolution
Furthermore, Observe the current status in your image to enable or disable TPM auto-provisioning. However, If you disable TPM auto-provisioning, contemplate enabling it to streamline TPM utilization and reduce organizational deployment costs.
To initiate this process, open PowerShell with administrative privileges and execute the subsequent command to enable TPM auto-provisioning.
Enable-TpmAutoProvisioning
If your device operates in BIOS mode with TPM 2.0, switch to UEFI mode for enhanced security features.
In the following section below, I will be showing you how to enable or disable TPM auto-provisioning without reference to any issues.Enable auto-provisioning
The Enable-TpmAutoProvisioning cmdlet enables Trusted Platform Module (TPM) provisioning to occur during auto-provisioning. Furthermore, Provisioning is the process of preparing a TPM to be used. Nonetheless, You can use the Disable-TpmAutoProvisioning cmdlet to prevent auto-provisioning permanently or for the next restart.
PS C:\> Enable-TpmAutoProvisioningThis cmdlet returns a TpmObject object that contains the following information:
- TpmReady. Whether a TPM complies with Windows Server 2012 standards.
- TpmPresent. Whether there is a TPM on the current computer.
- ManagedAuthLevel. The level at which the operating system manages the owner authorization. Possible values are Legacy, Balanced, and Full.
- OwnerClearDisabled. Whether TPM can be reset. If this value is True, the TPM cannot be reset through the operating system by using the owner authorization value. If this value is False, the TPM can be reset through the operating system.
- AutoProvisioning. Whether the computer can use auto-provisioning. Possible values are NotDefined, Enabled, Disabled, and DisabledForNextBoot.
- LockedOut. Whether a TPM is locked out.
- SelfTest. Information returned by a test that TPM runs.
Disable auto-provisioning
The Disable-TpmAutoProvisioning cmdlet disables Trusted Platform Module (TPM) auto-provisioning. However, Provisioning is the process of preparing a TPM to be used.
You can disable provisioning completely or only for the next restart. Nonetheless, You can use the Enable-TpmAutoProvisioning cmdlet to enable auto-provisioning.To do this, run PowerShell as an administrator. In PowerShell, run the following command: Disable-TpmAutoProvisioning and press Enter
PS C:\> Disable-TpmAutoProvisioning
However, This command disables TPM auto-provisioning. You can use the Enable-TpmAutoProvisioning cmdlet to enable auto-provisioning
Enable or Disable TPM Auto-provisioning for the next restart
This command disables TPM auto-provisioning for the next restart. Furthermore, In, the next restart after that, auto-provisioning continues.
PS C:\> Disable-TpmAutoProvisioning -OnlyForNextRestartPS C:\> Disable-TpmAutoProvisioning -OnlyForNextRestart
TpmReady : False
TpmPresent : True
ManagedAuthLevel : Full
OwnerAuth : OwnerClearDisabled : True
AutoProvisioning : DisabledForNextBoot
LockedOut : False
SelfTest : {191, 191, 245, 191...}This cmdlet returns a TpmObject object that contains the following information:
- TpmReady. Whether a TPM complies with Windows Server® 2012 standards.
- TpmPresent. Whether there is a TMP on the current computer.
- ManagedAuthLevel. The level at which the operating system manages the owner authorization. Possible values are Legacy, Balanced, and Full.
- OwnerClearDisabled. Whether TPM can be reset. If this value is True, the TPM cannot be reset through the operating system using the owner authorization value. If this value is False, the operating system can reset the TPM.
- AutoProvisioning. Whether the computer can use auto-provisioning. Possible values are NotDefined, Enabled, Disabled, and DisabledForNextBoot.
- LockedOut. Whether a TPM is locked out.
- SelfTest. Information returned by a test that TPM runs.
I hope you found this blog post on how to Enable or Disable TPM Auto-provisioning helpful. Please let me know in the comment session if you have any questions.
