Control TPM Command Blocking by Using TPM Management

  • Article

Applies To: Windows 7, Windows Server 2008 R2

Trusted Platform Module (TPM) commands can be managed by using TPM Management. Administrators can explore the commands available to the TPM. They can also block or allow specific commands.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To block and allow TPM commands by using TPM Management

  1. Click Start, click All Programs, click Accessories, and then click Run.

  2. In the Open box, type tpm.msc, and then press ENTER.

  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  4. In the console tree, click Command Management. A list of TPM commands is displayed.

  5. In the list, select a command that you want to block or allow.

  6. Under Actions, click either Block Selected Command or Allow Selected Command as needed.

Note

Local administrators cannot allow TPM commands that are blocked through Group Policy. Also, commands on the default block list for the TPM cannot be allowed until the Group Policy settings are changed to ignore the default block list.

Additional references