none
How to enable, disable auto provisioning and clear the TPM by creating a packaging on SCCM to push the commands to mutliple clients RRS feed

  • General discussion

  • Hi,

    We have implemented MBAM 2.5 in our environment. Currently we have deployed in the testing environment on a single server architecture and we are using TPM only authentication to enable encryption on the client machines.

    MBAM 2.5 client prerequisites enabling, disabling tpm auto provisioning and clear the tpm are being manually. But before moving to production we have planned to automate these client prerequisites by creating a packaging via SCCM or via task sequence. 

    Please let me know, how this can be achieved and which is the best method to automate these prerequisites.

    Thanks in Advance

    Jegath Rakshagan

    Saturday, June 21, 2014 1:52 PM

All replies

  • In windows 8 you will need to run following command in powershell.

    $tpm = get-wmiobject -class Win32_Tpm -namespace root\cimv2\security\microsofttpm

    $tpm.SetPhysicalPresenceRequest(16)  

    $tpm.SetPhysicalPresenceRequest(18)

    $tpm.DisableAutoprovisioning()

    $tpm.SetPhysicalPresenceRequest(22)

    16 and 18 I added as precaution to set provision that you do not need to be present to set or to clear the TPM.

    After these commands MBAM has been able to take ownership on windows 8 of TPM and started encryption.

    you could just use

    $tpm = get-wmiobject -class Win32_Tpm -namespace root\cimv2\security\microsofttpm

    $tpm.DisableAutoprovisioning()


    IT support

    Friday, July 25, 2014 2:33 PM