TPM unable to change between 1.2 or 2.0 because TPM is owned

Summary: Windows 10 will take ownership of the TPM automatically unless Windows 10 is specifically instructed not to take ownership

Article Content


Symptoms

TPM ownership in Windows 10

Cause

Every time that a Windows 10 system with TPM is restarted, Windows 10 will take ownership of the TPM automatically unless Windows 10 is specifically instructed not to take ownership.

The process of upgrading to TPM 2.0 or downgrading to TPM 1.2 requires that ownership be released prior to the change.
 


Resolution

How to prevent automatic TPM ownership

These instructions will prevent Windows 10 from automatically re-taking ownership of TPM:

  1. Run PowerShell as an Administrator: (Type PowerShell in the Search box, right-click PowerShell on the menu, click Run as Administrator.(See Figure 1.)

    SLN302620_en_US__1Opening-Powershell-with-admin
    Figure 1. Opening PowerShell
  2. In Powershell run the following command: Disable-TpmAutoProvisioning the press the Enter key. (See Figure 2.)

    SLN302620_en_US__2Disable-TPM-autoprovisioning
    Figure 2. Disabling TPM Auto-provisioning in PowerShell.
  3. If Dell Data Protection (DDP) is installed, you will need to complete these additional steps:
    1. Open the Services Desktop App (Type services.msc in the search box, then press the Enter key)
    2. Set the DellMgmtAgent Windows service to Disabled
    3. Stop the DellMgmtAgent Windows service
    4. Set the DellMgmtLoader Windows service to Disabled
    5. Stop the DellMgmtLoader Windows service
    6. Proceed with clearing the TPM
  4. In the search box, type the command: tpm.msc then press the Enter key to open the TPM management console. (See figure 3.)

    SLN302620_en_US__3Clear-TPM
    Figure 3. TPM Management Console
  5. Choose the Clear TPM option.
  6. The system will restart and then power off, then power on again.
  7. Do not enter the BIOS, let the boot back to Windows.
  8. Run the Dell TPM 1.2 firmware utility or Dell TPM 2.0 firmware utility with the AC adapter connected to the system.
  9. If Dell Data Protection (DDP) is installed, you will need to complete these additional steps:
    1. Set the DellMgmtLoader Windows service to Automatic
    2. Start the DellMgmtLoader Windows service
    3. Set the DellMgmtAgent Windows service to Automatic
    4. Start the DellMgmtAgent Windows service

Optional

You can run the following command using the command line to determine if TPM is owned. (CTRL+R type cmd, then right click cmd.exe and run as administrator)

Type: Wmic /namespace:\\root\CIMV2\Security\MicrosoftTpm path Win32_Tpm get /value then press the Enter key. (See Figure 4.)

SLN302620_en_US__4Command-line-TPM-status
Figure 4 - TPM ownership status

Article Properties


Last Published Date

21 Feb 2021

Version

4

Article Type

Solution

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters