Powershell Commandlets - TrustedPlatformModule

Powershell Commandlet Reference
TrustedPlatformM
odule
By Les Lewis
This is a reference of listing of the full commands and switches found

within the referenced Powershell app. It is the same found in it’s Get-Help
command, just cleaned up into an easier to read format.
Contents
Clear-Tpm ................................................................................................................................................... 6
SYNOPSIS ............................................................................................................................................... 6
SYNTAX .................................................................................................................................................... 6
DESCRIPTION ......................................................................................................................................... 6
PARAMETERS ........................................................................................................................................... 6
INPUTS .................................................................................................................................................... 7
OUTPUTS.................................................................................................................................................. 7
Example 1: Reset TPM.................................................................................................................. 7
Example 2: Reset TPM with a supplied authorization value ................................... 7
Example 3: Reset TMP using authorization value from file ................................... 8
RELATED LINKS .................................................................................................................................... 8
ConvertTo-TpmOwnerAuth ......................................................................................................................... 9
SYNOPSIS ............................................................................................................................................... 9
SYNTAX .................................................................................................................................................... 9
DESCRIPTION ......................................................................................................................................... 9
PARAMETERS ........................................................................................................................................... 9
INPUTS .................................................................................................................................................... 9
OUTPUTS.................................................................................................................................................. 9
Example 1: Convert to owner authorization value ..................................................... 10
RELATED LINKS .................................................................................................................................. 10
Disable-TpmAutoProvisioning ................................................................................................................... 11
SYNOPSIS ............................................................................................................................................. 11
SYNTAX .................................................................................................................................................. 11
DESCRIPTION ....................................................................................................................................... 11
PARAMETERS ......................................................................................................................................... 11
INPUTS .................................................................................................................................................. 11
OUTPUTS................................................................................................................................................ 11
Example 1: Disable auto-provisioning ............................................................................. 12
Example 2: Disable auto-provisioning for next restart ........................................ 12
RELATED LINKS .................................................................................................................................. 12
Enable-TpmAutoProvisioning ................................................................................................................... 13
SYNOPSIS ............................................................................................................................................. 13
SYNTAX .................................................................................................................................................. 13
DESCRIPTION ....................................................................................................................................... 13
PARAMETERS ......................................................................................................................................... 13
INPUTS .................................................................................................................................................. 13
OUTPUTS................................................................................................................................................ 13
Example 1: Enable auto-provisioning ............................................................................... 14
RELATED LINKS .................................................................................................................................. 14
Get-Tpm .................................................................................................................................................... 15
SYNOPSIS ............................................................................................................................................. 15
SYNTAX .................................................................................................................................................. 15
DESCRIPTION ....................................................................................................................................... 15
PARAMETERS ......................................................................................................................................... 15
INPUTS .................................................................................................................................................. 15
OUTPUTS................................................................................................................................................ 15
Example 1: Display TPM information ................................................................................. 16
RELATED LINKS .................................................................................................................................. 16
Get-TpmEndorsementKeyInfo .................................................................................................................. 17
SYNOPSIS ............................................................................................................................................. 17
SYNTAX .................................................................................................................................................. 17
DESCRIPTION ....................................................................................................................................... 17
PARAMETERS ......................................................................................................................................... 17
INPUTS .................................................................................................................................................. 17
OUTPUTS................................................................................................................................................ 17
Example 1: Get endorsement key information ................................................................ 18
RELATED LINKS .................................................................................................................................. 18
Get-TpmSupportedFeature ....................................................................................................................... 19
SYNOPSIS ............................................................................................................................................. 19
SYNTAX .................................................................................................................................................. 19
DESCRIPTION ....................................................................................................................................... 19
PARAMETERS ......................................................................................................................................... 19
INPUTS .................................................................................................................................................. 19
OUTPUTS................................................................................................................................................ 19
Example 1: Verify support for key attestation ......................................................... 19
RELATED LINKS .................................................................................................................................. 20
Import-TpmOwnerAuth ............................................................................................................................. 21
SYNOPSIS ............................................................................................................................................. 21
SYNTAX .................................................................................................................................................. 21
DESCRIPTION ....................................................................................................................................... 21
PARAMETERS ......................................................................................................................................... 21
INPUTS .................................................................................................................................................. 21
OUTPUTS................................................................................................................................................ 22
Example 1: Import an owner authorization value ....................................................... 22
Example 2: Import an owner authorization value from a file ............................. 22
RELATED LINKS .................................................................................................................................. 23
Initialize-Tpm ............................................................................................................................................. 24
SYNOPSIS ............................................................................................................................................. 24
SYNTAX .................................................................................................................................................. 24
DESCRIPTION ....................................................................................................................................... 24
PARAMETERS ......................................................................................................................................... 24
INPUTS .................................................................................................................................................. 24
OUTPUTS................................................................................................................................................ 25
Example 1: Initialize a TPM ................................................................................................ 25
RELATED LINKS .................................................................................................................................. 25
Set-TpmOwnerAuth .................................................................................................................................. 26
SYNOPSIS ............................................................................................................................................. 26
SYNTAX .................................................................................................................................................. 26
DESCRIPTION ....................................................................................................................................... 26
PARAMETERS ......................................................................................................................................... 26
INPUTS .................................................................................................................................................. 27
OUTPUTS................................................................................................................................................ 27
Example 1: Replace imported owner authorization value ........................................ 28
Example 2: Replace owner authorization value with value in file .................. 28
Example 3: Replace owner authorization value ........................................................... 28
RELATED LINKS .................................................................................................................................. 29
Unblock-Tpm ............................................................................................................................................. 30
SYNOPSIS ............................................................................................................................................. 30
SYNTAX .................................................................................................................................................. 30
DESCRIPTION ....................................................................................................................................... 30
PARAMETERS ......................................................................................................................................... 30
INPUTS .................................................................................................................................................. 31
OUTPUTS................................................................................................................................................ 31
Example 1: Reset a lockout................................................................................................... 31
RELATED LINKS .................................................................................................................................. 31
Clear-Tpm
SYNOPSIS
Resets a TPM to its default state.
SYNTAX
Clear-Tpm [[-OwnerAuthorization] <String>] [<CommonParameters>]
Clear-Tpm -File <String> [<CommonParameters>]
DESCRIPTION
The Clear-Tpm cmdlet resets the Trusted Platform Module (TPM) to its
default state. A reset removes the owner authorization value and any keys
stored in the TPM. To reset a TPM, you must provide a valid owner
authorization value. You can enter an owner authorization value or
specify a file that contains the value. If you do not provide a value,
the cmdlet attempts to use a value stored in the registry.
For more information on TPM, see the Trusted Platform Module Technology
Overview (http://technet.microsoft.com/en-us/library/jj131725.aspx) in
the TechNet library.
PARAMETERS
-File <String>
Specifies a file that contains the current owner authorization value for
the TPM. You can use the TPM Management Console to create this file.
Required?true
Position?named
Default valuenone
Accept pipeline input? false
Accept wildcard characters? false
-OwnerAuthorization [<String>]
Specifies the current owner authorization value for the TPM.
Required?false
Position?2
Default valuenone
Accept pipeline input? true (ByValue)
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
String
This cmdlet accepts the owner authorization value for the TPM.
OUTPUTS
TpmObject
This cmdlet returns a TpmObject object contains the following

information:
-- TpmReady. Whether a TPM complies with Windows Server® 2012 standards.

-- TpmPresent. Whether there is a TMP on the current computer.
-- ManagedAuthLevel. The level at which the operating system manages the
owner authorization. Possible values are Legacy, Balanced, and Full.
-- OwnerClearDisabled. Whether TPM can be reset. If this value is True,
the TPM cannot be reset through the operating system by using the owner
authorization value. If this value is False, the TPM can be reset through
the operating system.
-- AutoProvisioning. Whether the computer can use auto-provisioning.
Possible values are NotDefined, Enabled, Disabled, and
DisabledForNextBoot.
-- LockedOut. Whether a TPM is locked out.
-- SelfTest. Information returned by a test that TPM runs.
Example 1: Reset TPM
PS C:\> Clear-Tpm
TpmReady : False
TpmPresent : True
ManagedAuthLevel : Full
OwnerAuth :
OwnerClearDisabled : True
AutoProvisioning : Disabled
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command resets the TPM. The command uses the owner authorization
value stored in the registry instead of specifying a value or using a
value in a file.
Example 2: Reset TPM with a supplied authorization value
PS C:\> Clear-Tpm -OwnerAuthorization "vjnuW6rToM41os3xxEpjLdIW2gA="

TpmReady : False
TpmPresent : True
OwnerAuth : OwnerClearDisabled : True
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command resets the TPM by using the specified owner authorization
value.
Example 3: Reset TMP using authorization value from file
PS C:\> Clear-Tpm -File "MyOwnerAuthFile.tpm"

TpmReady : False
TpmPresent : True
OwnerAuth :
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command resets the TPM by using the owner authorization value
included in the specified file.
RELATED LINKS
Online Version:
Get-Tpm
Initialize-Tpm
Unblock-Tpm
ConvertTo-TpmOwnerAuth
SYNOPSIS
Creates a TPM owner authorization value from a supplied string.
SYNTAX
ConvertTo-TpmOwnerAuth [-PassPhrase] <String> [<CommonParameters>]
DESCRIPTION
The ConvertTo-TpmOwnerAuth cmdlet creates a Trusted Platform Module (TPM)
owner authorization value based on a pass phrase string. A computer
requires an owner authorization value to manage a TPM.
the Technet library.
PARAMETERS
-PassPhrase <String>
Specifies a pass phrase string. This cmdlet converts the pass phrase to
an owner authorization value.
Required?true
Position?2
Default valuenone
Accept pipeline input? True (ByValue)
<CommonParameters>
INPUTS
String
This cmdlet accepts a user-supplied pass phrase string.
OUTPUTS
String
This cmdlet returns an owner authorization value.

Example 1: Convert to owner authorization value
PS C:\> ConvertTo-TpmOwnerAuth -PassPhrase "Saturn1977&&"

puJvGK4O6Qvl0loP8r1bIxipDVo=
This command converts the string Saturn1977&& to an owner authorization

value.
RELATED LINKS
Online Version:
Import-TpmOwnerAuth
Set-TpmOwnerAuth
Disable-TpmAutoProvisioning
SYNOPSIS
Disables TPM auto-provisioning.
SYNTAX
Disable-TpmAutoProvisioning [-OnlyForNextRestart] [<CommonParameters>]
DESCRIPTION
The Disable-TpmAutoProvisioning cmdlet disables Trusted Platform Module
(TPM) auto-provisioning. Provisioning is the process of preparing a TPM
to be used. You can disable provisioning completely or only for the next
restart. You can use the Enable-TpmAutoProvisioning cmdlet to enable
auto-provisioning.
PARAMETERS
-OnlyForNextRestart [<SwitchParameter>]
Indicates that the cmdlet disables auto-provisioning only for the next
computer restart. During the restart after that, auto-provisioning
begins.
Required?false
Position?named
Default valuenone
<CommonParameters>
ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer,
PipelineVariable, and OutVariable. For more information, see
INPUTS
SwitchParameter
OUTPUTS
TpmObject
This cmdlet returns a TpmObject object that contains the following
information:

Example 1: Disable auto-provisioning
PS C:\> Disable-TpmAutoProvisioning
TpmReady : False
TpmPresent : True
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command disables TPM auto-provisioning. You can use the Enable-
TpmAutoProvisioning cmdlet to enable auto-provisioning.
Example 2: Disable auto-provisioning for next restart
PS C:\> Disable-TpmAutoProvisioning -OnlyForNextRestart

TpmReady : False
TpmPresent : True
AutoProvisioning : DisabledForNextBoot
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command disables TPM auto-provisioning for the next restart. In the
next restart after that, auto-provisioning continues.
RELATED LINKS
Online Version:
Enable-TpmAutoProvisioning
Enable-TpmAutoProvisioning
SYNOPSIS
Enables TPM auto-provisioning.
SYNTAX
Enable-TpmAutoProvisioning [<CommonParameters>]
DESCRIPTION
The Enable-TpmAutoProvisioning cmdlet enables Trusted Platform Module
(TPM) provisioning to occur during auto-provisioning. Provisioning is the
process of preparing a TPM to be used. You can use the Disable-
TpmAutoProvisioning cmdlet to prevent auto-provisioning, either
permanently or for the next restart.
PARAMETERS
<CommonParameters>
INPUTS
OUTPUTS
TpmObject

information:

Example 1: Enable auto-provisioning
PS C:\> Enable-TpmAutoProvisioning
TpmReady : False
TpmPresent : True
AutoProvisioning : Enabled
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command enables auto-provisioning for the current computer.
RELATED LINKS
Online Version:
Disable-TpmAutoProvisioning
Get-Tpm
SYNOPSIS
Gets an object that contains information about a TPM.
SYNTAX
Get-Tpm [<CommonParameters>]
DESCRIPTION
The Get-Tpm cmdlet gets a TpmObject. This object contains information
about the Trusted Platform Module (TPM) on the current computer.
PARAMETERS
<CommonParameters>
INPUTS
OUTPUTS
TpmObject

information:

-- TpmPresent. Whether there is a TPM on the current computer
Example 1: Display TPM information
PS C:\> Get-Tpm
TpmReady : False
TpmPresent : True
OwnerAuth :
AutoProvisioning : Enabled
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command displays information about the TPM of the current computer.
RELATED LINKS
Online Version:
Clear-Tpm
Initialize-Tpm
Unblock-Tpm
Get-TpmEndorsementKeyInfo
SYNOPSIS
Gets information about the endorsement key and certificates of the TPM.
SYNTAX
Get-TpmEndorsementKeyInfo [[-HashAlgorithm] <String>]
[<CommonParameters>]
DESCRIPTION
The Get-TpmEndorsementKeyInfo cmdlet gets information about the
endorsement public key and certificates of the Trusted Platform Module
(TPM).
PARAMETERS
-HashAlgorithm [<String>]
Specifies the hash algorithm used for the public key. The acceptable
values for this parameter are: Sha256.
Required?false
Position?2
Default valuenone
<CommonParameters>
ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer,
PipelineVariable, and OutVariable. For more information, see
INPUTS
String
This accepts the name of the algorithm, as a string, used to hash the
public key. Sha256 is the only supported algorithm.
OUTPUTS
EndorsementKeyObject
This cmdlet generates an EndorsementKeyObject object that contains the

following members:
-- IsPresent. A Boolean that represents whether the endorsement public

key is known to the operating system.
-- PublicKey. An AsnEncodedData object that contains the asn.1 encoded
public portion of the endorsement key.
-- PublicKeyHash. The hash, as a String, of the public key if the cmdlet
used a hash algorithm.
-- ManufacturerCertificates. A X509Certificate2Collection object that
contains the manufacturer endorsement key certificates. This object can
contain the manufacturer and platform certificates.
-- AdditionalCertificates. A X509Certificate2Collection object that
contains a collection of additional endorsement key certificates that are
registered to the operating system, such as any enterprise certificates.
Example 1: Get endorsement key information
PS C:\> Get-TpmEndorsementKeyInfo -Hash "Sha256"

IsPresent: True
PublicKey: System.Security.Cryptography.AsnEncodedData
PublicKeyHash:
70769c52b6e24ef683693c2a0208da68d77e94192e1f4080ae7c9b97c6caa681
ManufacturerCertificates : {[Subject]
OID.2.23.133.2.3=1.2,
OID.2.23.133.2.2=C4T8SOX3.5,
OID.2.23.133.2.1=id:782F345A
[Issuer]
CN=Contoso TPM CA1, OU=Contoso
Certification Authority, O=Contoso, C=KR
[Serial Number]
77A120A
[Not Before]
6/4/2012 6:35:58 PM
[Not After]
6/4/2022 6:35:57 PM
[Thumbprint]
77378D1480AB48FEA2D4E610B2C7EEF648FEA2
}
AdditionalCertificates : {}
This command gets information about the endorsement key of the TPM. The
command uses the Sha256 algorithm to hash the public key.
RELATED LINKS
Online Version:
Trusted Platform Module Cmdlets in Windows PowerShell
Get-TpmSupportedFeature
SYNOPSIS
Verifies whether a TPM supports specified features.
SYNTAX
Get-TpmSupportedFeature [[-FeatureList] <StringCollection>]
DESCRIPTION
The Get-TpmSupportedFeature cmdlet verifies whether a Trusted Platform
Module (TPM) supports specified TPM features. Not all TPMs support all
features.
PARAMETERS
-FeatureList [<StringCollection>]
Specifies feature names as a string collection. The cmdlet verifies the
features that you specify. If you specify an empty collection, $Null,
or do not include this parameter, the cmdlet verifies all features.
Required?false
Position?2
Default valuenone
<CommonParameters>
INPUTS
StringCollection
This cmdlet accepts a collection of features to verify.
OUTPUTS
StringCollection
This cmdlet generates a StringCollection object that contains features

that the TPM of the computer supports.
Example 1: Verify support for key attestation

PS C:\> Get-TpmSupportedFeatures -FeatureList "Key Attestation"
key attestation
This command verifies whether TPM supports the key attestation feature.
The cmdlet displays the string, key attestation, so TPM supports that
feature.
RELATED LINKS
Online Version:
Trusted Platform Module Cmdlets in Windows PowerShell
Import-TpmOwnerAuth
SYNOPSIS
Imports a TPM owner authorization value to the registry.
SYNTAX
Import-TpmOwnerAuth -File <String> [<CommonParameters>]
Import-TpmOwnerAuth [-OwnerAuthorization] <String> [<CommonParameters>]
DESCRIPTION
The Import-TpmOwnerAuth cmdlet imports a valid Trusted Platform Module
(TPM) owner authorization value to the registry.
PARAMETERS
-File <String>
Required?true
Position?named
Default valuenone
-OwnerAuthorization <String>
Required?true
Position?2
Default valuenone
<CommonParameters>
INPUTS
String
Specifies the owner authorization value for the TPM.

OUTPUTS
TpmObject

information:

Example 1: Import an owner authorization value
PS C:\> Import-TpmOwnerAuth -OwnerAuthorization

"Qn2sdCFQmvjf+tBtSWH4GT87sQs="
TpmReady : False
TpmPresent : True
OwnerAuth : Qn2sdCFQmvjf+tBtSWH4GT87sQs=
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command imports the specified owner authorization value to the

registry.
Example 2: Import an owner authorization value from a file
PS C:\> Import-TpmOwnerAuth -File "OwnAuthFile.tpm"

TpmReady : False
TpmPresent : True
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command imports the owner authorization value in the specified file
to the registry.
RELATED LINKS
Online Version:
Set-TpmOwnerAuth
Initialize-Tpm
SYNOPSIS
Performs part of the provisioning process for a TPM.
SYNTAX
Initialize-Tpm [[-AllowClear]] [[-AllowPhysicalPresence]]
DESCRIPTION
The Initialize-Tpm cmdlet performs part of the provisioning process for a
Trusted Platform Module (TPM). Provisioning is the process of preparing
a TPM to be used. You may need to perform other steps to fully provision
a TPM.
PARAMETERS
-AllowClear [<SwitchParameter>]
Indicates that the provisioning process clears the TPM, if necessary, to
move the TPM closer to complying with Windows Server® 2012 standards.
Required?false
Position?2
Default valuenone
-AllowPhysicalPresence [<SwitchParameter>]
Indicates that the provisioning process may send physical presence
commands that require a user to be present in order to continue.
Required?false
Position?3
Default valuenone
<CommonParameters>
INPUTS
SwitchParameter
OUTPUTS
TpmProvisioningObject
This cmdlet returns a TpmProvisioningObject object that includes the

following information:
-- TpmReady. Whether the TPM is complies with Windows Server® 2012

standards.
-- RestartRequired. Whether the computer requires a restart to continue
the provisioning process.
-- ShutdownRequired. Whether the computer must be shut down to continue
the provisioning process.
-- ClearRequired. If this has a value of True, you must import an owner
authorization value or remove the owner authorization value.
-- PhysicalPresenceRequired. Whether a person must be at the computer
during restart to continue the provisioning process.
Example 1: Initialize a TPM
PS C:\> Initialize-Tpm -ForceClearAllowed -PhysicalPresenceAllowed

TpmReady : False
RestartRequired : True
ShutdownRequired : False
ClearRequired: True
PhysicalPresenceRequired : True
This command initializes a TPM. The ForceClearAllowed parameter means

that the owner authorization value needs to be imported or reset in order
for provisioning to continue. The PhysicalPresenceAllowed parameter means
that a user must be present during a restart to continue the process.
The cmdlet returns an object with information about the state of the
provisioning process.
RELATED LINKS
Online Version:
Clear-Tpm
Get-Tpm
Unblock-Tpm
Set-TpmOwnerAuth
SYNOPSIS
Changes the TPM owner authorization value.
SYNTAX
Set-TpmOwnerAuth -File <String> -NewFile <String> [<CommonParameters>]
Set-TpmOwnerAuth -File <String> -NewOwnerAuthorization <String>

Set-TpmOwnerAuth [[-OwnerAuthorization] <String>] -NewFile <String>

Set-TpmOwnerAuth [[-OwnerAuthorization] <String>] -NewOwnerAuthorization

<String> [<CommonParameters>]
DESCRIPTION
The Set-TpmOwnerAuth cmdlet changes the current owner authorization value
of the Trusted Platform Module (TPM) to a new value. You can specify
the current owner authorization value or specify a file that contains the
current owner authorization value. If you do not specify an owner
authorization value, the cmdlet attempts to read the value from the
registry.
Use the ConvertTo-TpmOwnerAuth cmdlet to create an owner authorization

value. You can specify a new owner authorization value or specify a file
that contains the new value.
An owner authorization file is not a simply a password. It is generated

for a specific system. For more information on TPM, see the Trusted
Platform Module Technology Overview (http://technet.microsoft.com/en-
us/library/jj131725.aspx) in the Technet library.
PARAMETERS
-File <String>
Required?true
Position?named
Default valuenone
-NewFile <String>
Specifies a file that contains the new owner authorization value for a
TPM.
Required?true
Position?named
Default valuenone
-NewOwnerAuthorization <String>
Specifies a new owner authorization value for a TPM.
Required?true
Position?named
Default valuenone
Specifies the current owner authorization value for a TPM.
Required?false
Position?1
Default valuenone
<CommonParameters>
INPUTS
String
This cmdlet accepts the owner authorization value for the TPM.
OUTPUTS
TpmObject

information:

Example 1: Replace imported owner authorization value
PS C:\> Set-TpmOwnerAuth -NewOwnerAuthorization

"h4FCmNeWVNp5IMHxRfFL9QEq4vM="
TpmReady : True
TpmPresent : True
OwnerAuth : h4FCmNeWVNp5IMHxRfFL9QEq4vM=
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command replaces the current owner authorization value with the
specified owner authorization value. The command does not specify the
current owner authorization value, so the cmdlet attempts to find it in
the registry. This command does not import the owner authorization value
into the registry. After you run this command, you can use the Import-
TpmOwnerAuth cmdlet to import the new value into the registry, if
necessary.
Example 2: Replace owner authorization value with value in file
PS C:\> Set-TpmOwnerAuth -NewFile "NewOwnerAuth.tpm"

TpmReady : True
TpmPresent : True
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command replaces the current owner authorization value with the
owner authorization value in the specified file.
Example 3: Replace owner authorization value
PS C:\> Set-TpmOwnerAuth -OwnerAuthorization

"oaVq17hNcFS2KSnHwpZa4AlrWBo=" -NewOwnerAuthorization
"h4FCmNeWVNp5IMHxRfFL9QEq4vM="
TpmReady : True
TpmPresent : True
LockedOut : False
SelfTest : {191, 191, 245, 191...}
This command replaces the specified owner authorization value with a new
owner authorization value.
RELATED LINKS
Online Version:
Import-TpmOwnerAuth
Unblock-Tpm
SYNOPSIS
Resets a TPM lockout.
SYNTAX
Unblock-Tpm [[-OwnerAuthorization] <String>] [<CommonParameters>]
Unblock-Tpm -File <String> [<CommonParameters>]
DESCRIPTION
The Unblock-Tpm cmdlet resets a Trusted Platform Module (TPM) lockout.
TPM locks itself to prevent tampering or attack. This is called a
lockout.
To end a TPM lockout, you must provide a valid owner authorization value.
You can enter an owner authorization value or specify a file that
contains the value. If you do not provide a value, the cmdlet attempts to
use a value stored in the registry.
PARAMETERS
-File <String>
Required?true
Position?named
Default valuenone
Required?false
Position?2
Default valuenone
<CommonParameters>
INPUTS
OUTPUTS
TpmObject

information:

the TPM cannot be reset through the operating system by using the
owner authorization value. If this value is False, the TPM can be reset
through the operating system.
NOTES
Be sure to understand the protection logic TPM uses. The TPM allows at
least one attempt to reset the TPM lockout by using the owner
authorization value. For more information, see the Reset the TPM Lockout
(http://technet.microsoft.com/en-us/library/dd851452.aspx) topic in
Example 1: Reset a lockout
PS C:\>Unblock-Tpm -OwnerAuthorization "vjnuW6rToM41os3xxEpjLdIW2gA="
This command resets a TPM lockout. The command specifies the owner
authorization value vjnuW6rToM41os3xxEpjLdIW2gA=.
RELATED LINKS
Online Version:
Clear-Tpm
Get-Tpm
Initialize-Tpm

Powershell Commandlets - TrustedPlatformModule

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Powershell Commandlets - TrustedPlatformModule

Încărcat de

Drepturi de autor:

Formate disponibile

Powershell Commandlet Reference

This is a reference of listing of the full commands and switches found

Clear-Tpm -File <String> [<CommonParameters>]

This cmdlet returns a TpmObject object contains the following

-- TpmReady. Whether a TPM complies with Windows Server® 2012 standards.

Example 1: Reset TPM

Example 2: Reset TPM with a supplied authorization value

PS C:\> Clear-Tpm -OwnerAuthorization "vjnuW6rToM41os3xxEpjLdIW2gA="

Example 3: Reset TMP using authorization value from file

PS C:\> Clear-Tpm -File "MyOwnerAuthFile.tpm"

This cmdlet accepts a user-supplied pass phrase string.

This cmdlet returns an owner authorization value.

PS C:\> ConvertTo-TpmOwnerAuth -PassPhrase "Saturn1977&&"

This command converts the string Saturn1977&& to an owner authorization

-- TpmReady. Whether a TPM complies with Windows Server® 2012 standards.

Example 1: Disable auto-provisioning

Example 2: Disable auto-provisioning for next restart

PS C:\> Disable-TpmAutoProvisioning -OnlyForNextRestart

This cmdlet returns a TpmObject object that contains the following

-- TpmReady. Whether a TPM complies with Windows Server® 2012 standards.

Example 1: Enable auto-provisioning

This command enables auto-provisioning for the current computer.

This cmdlet returns a TpmObject object that contains the following

-- TpmReady. Whether a TPM complies with Windows Server® 2012 standards.

This cmdlet generates an EndorsementKeyObject object that contains the

-- IsPresent. A Boolean that represents whether the endorsement public

Example 1: Get endorsement key information

PS C:\> Get-TpmEndorsementKeyInfo -Hash "Sha256"

This cmdlet accepts a collection of features to verify.

This cmdlet generates a StringCollection object that contains features

Example 1: Verify support for key attestation

Import-TpmOwnerAuth [-OwnerAuthorization] <String> [<CommonParameters>]

Specifies the owner authorization value for the TPM.

This cmdlet returns a TpmObject object that contains the following

-- TpmReady. Whether a TPM complies with Windows Server® 2012 standards.

Example 1: Import an owner authorization value

PS C:\> Import-TpmOwnerAuth -OwnerAuthorization

This command imports the specified owner authorization value to the

Example 2: Import an owner authorization value from a file

PS C:\> Import-TpmOwnerAuth -File "OwnAuthFile.tpm"

This cmdlet returns a TpmProvisioningObject object that includes the

-- TpmReady. Whether the TPM is complies with Windows Server® 2012

Example 1: Initialize a TPM

PS C:\> Initialize-Tpm -ForceClearAllowed -PhysicalPresenceAllowed

This command initializes a TPM. The ForceClearAllowed parameter means

Set-TpmOwnerAuth -File <String> -NewOwnerAuthorization <String>

Set-TpmOwnerAuth [[-OwnerAuthorization] <String>] -NewFile <String>

Set-TpmOwnerAuth [[-OwnerAuthorization] <String>] -NewOwnerAuthorization

Use the ConvertTo-TpmOwnerAuth cmdlet to create an owner authorization

An owner authorization file is not a simply a password. It is generated

This cmdlet returns a TpmObject object contains the following

-- TpmReady. Whether a TPM complies with Windows Server® 2012 standards.

Example 1: Replace imported owner authorization value

PS C:\> Set-TpmOwnerAuth -NewOwnerAuthorization

Example 2: Replace owner authorization value with value in file

PS C:\> Set-TpmOwnerAuth -NewFile "NewOwnerAuth.tpm"

Example 3: Replace owner authorization value

PS C:\> Set-TpmOwnerAuth -OwnerAuthorization

Unblock-Tpm -File <String> [<CommonParameters>]

This cmdlet returns a TpmObject object contains the following

-- TpmReady. Whether a TPM complies with Windows Server® 2012 standards.

Example 1: Reset a lockout

PS C:\>Unblock-Tpm -OwnerAuthorization "vjnuW6rToM41os3xxEpjLdIW2gA="

S-ar putea să vă placă și