Solved: Re: EliteDesk 800 G1 and how to take ownership of TPM - HP Support Community

Whatisacomputer · ‎04-12-2018

I have over 30 EliteDesk 800 G1 that we have to upgrade from Windows 7 to Windows 10 Enterprise 2016 LTSB and enable TPM 1.2 on so that we can use Bitlocker and whole disk encryption. I configured one on my workbench with Windows 10 and updated to the latest BIOS (2.74 Rev.A). I tried to apply SP82407 to update the Infineon chip tp 4.34. When I do that, the update utility told me that TPM was not yet activated. I used TPM.msc to activate TPM and it did. I now have TPM 1.2 in the device manage. So I ran the update utility again and it asked me for a owner password. I tried taking ownership with TPM.msc and it seems to reset TPM, but I still do not get ownership. What am I missing?

Whatisacomputer · ‎04-13-2018

I was able to resolve this issue. There are two pieces of information that you need to know. First is this quote from Microsoft:

For TPM 1.2, there are multiple possible states. Windows 10 automatically initializes the TPM, which brings it to an enabled, activated, and owned state. This is the state that BitLocker requires before it can use the TPM.

The second piece of information is the registry setting for one of the TPM policeis:

Key: HKLM\SOFTWARE\Policies\Microsoft\TPM

DWORD: OSMangedAuthLevel

Value Data: 4

The default value for this setting was 2 (Delegated). After I changed the value to 4 (Full), I was able to take control and change all TPM settings at will with TPM.msc. If this value is set to 2, then Windows essentially ownes it. By setting it to 4, you are now able to own it and set the password.

You can also set this value with the policy editor:

Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Configure the level of TPM owner authorization information available to the operating system

If you enable the policy, your choices are "Full" (4), "Delegated" (2), and "None" (0).

View solution in original post

Whatisacomputer · ‎04-13-2018

I was able to resolve this issue. There are two pieces of information that you need to know. First is this quote from Microsoft:

For TPM 1.2, there are multiple possible states. Windows 10 automatically initializes the TPM, which brings it to an enabled, activated, and owned state. This is the state that BitLocker requires before it can use the TPM.

The second piece of information is the registry setting for one of the TPM policeis:

Key: HKLM\SOFTWARE\Policies\Microsoft\TPM

DWORD: OSMangedAuthLevel

Value Data: 4

The default value for this setting was 2 (Delegated). After I changed the value to 4 (Full), I was able to take control and change all TPM settings at will with TPM.msc. If this value is set to 2, then Windows essentially ownes it. By setting it to 4, you are now able to own it and set the password.

You can also set this value with the policy editor:

Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Configure the level of TPM owner authorization information available to the operating system

If you enable the policy, your choices are "Full" (4), "Delegated" (2), and "None" (0).

Catscratch29 · ‎05-02-2018

Thanks!

I got excactly the same problem after Win10 April '18 upgrade. Win wants me to upgrade TPM.

EliteBook 840 G1

EliteDesk 800 G1 and how to take ownership of TPM

Create an account on the HP Community to personalize your profile and ask a question