Hello. We are going to be purchasing a lot of HP Z240 Tower Workstations from our supplier in the future and I have been given one to QA in our environment.

We currently use HP BCU to make available and enable the TPM on our current HP systems. We are using version 4.0.13.1 of HPBCU. Today I have downloaded version 4.0.15.1 of the HPBCU to begin creating a configuration file for the new Z240 workstations.

The problem I have is that the TPM PPI (physical presence) settings are nowhere to be found in the UEFI/BIOS firmware user interface. What we want to do is suppress the prompt that would allow users to deny modifications. This is/was possible in previous incarnations of HPBCU on different models of workstation in the form of the following setting.

Embedded Security Activation Policy
   F1 to Boot
   Allow user to reject
   *No prompts

Unfortunately this is not in the file created using 4.0.15.1 on the Z240 and as I said nothing appears in the user interface. I have checked under Security > TPM Embedded Security but the only options I see there are TPM Device and TPM State.

Is it possible to configure the physical presence settings on this model of workstation using HPBCU? If not then I will need to reccommend an appropriate alternative make/model where it is possible.

We deploy scripts that run HPBCU through configmgr(SCCM) and can't have this prompt annoying our users and potentially allowing them to deny the change.

We also can't have technicians visit every Z240 to configure this manually. Our I.T. estate is fairly large at 5000 computers so automatic management is crucial to us.

Any help would be massively appreciated.

Many Thanks

C