Initialize the TPM

Applies To: Windows Server 2008

The TPM must be initialized before it can be used to help secure your computer.

Computers manufactured to meet requirements for the Windows Vistaâ„¢ Logo Program include pre-boot BIOS functionality that makes it easy to initialize a computer's TPM through the TPM Initialization Wizard.

When you start the TPM Initialization Wizard, you can determine whether the computer's TPM has been initialized or not.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. In addition, the computer must be equipped with a compatible BIOS and TPM.

To start the TPM Initialization Wizard

  1. Click Start, click All Programs, click Accessories, and then click Run.

  2. In the Open text box, type tpm.msc, and then press Enter.

  3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

    The Trusted Platform Module (TPM) Management console opens.

  4. In the Trusted Platform Module (TPM) Management on Local Computer window, on the Action menu, click Initialize TPM to start the TPM Initialization Wizard.

  5. If the TPM has never been initialized, or is turned off, the TPM Initialization Wizard will display the Turn on the TPM security hardware dialog box. This dialog box provides guidance for initializing or turning on the TPM. Continue with this procedure.

Note

If the TPM is already turned on, the TPM Initialization Wizard displays the Create the TPM owner password dialog box. Skip the remainder of this procedure and continue with Set ownership of the TPM, later in this topic.

Note

If the TPM Initialization Wizard detects that you do not have a compatible BIOS, you cannot continue with the TPM Initialization Wizard, and you are alerted to consult the computer manufacturer's documentation for instructions for initializing the TPM.

  1. Click Restart.

  2. Follow the BIOS screen prompts. An acceptance prompt is displayed to ensure that a user is a physically present user, and that no malicious software is attempting to turn on the TPM.

Note

BIOS screen prompts and required keystrokes vary by computer manufacturer.

  1. The computer restarts again.

  2. Log on to this version of Windows with the same administrative credentials you used to start this procedure.

  3. The TPM Initialization Wizard will automatically restart. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  4. Continue with the next procedure, Set ownership of the TPM

To finish initializing the TPM for use, you must set an owner for the TPM. The process of taking ownership includes creating an owner password for the TPM.

To set ownership of the TPM

  1. If you are not continuing immediately from the last procedure, start the TPM Initialization Wizard. If you need to review the steps to do so, see To start the TPM Initialization Wizard earlier in this topic.

  2. From the Create the TPM owner password dialog box, select Automatically create the password (recommended).

  3. From the Save your TPM owner password dialog box, click Save the password.

  4. In the Save As dialog box, select a location to save the password, then click Save. The password file is saved as computer_name.tpm.

Important

We highly recommend saving the TPM owner password to removable media and storing the media in a safe location.

  1. Click Print the password if you want to print a hard copy of your password.

Important

We highly recommend printing a hard copy of your TPM owner password and storing it in a safe location.

  1. Click Initialize.

Note

The process of initializing the TPM might take a few minutes to complete.

  1. Click Close.

Warning

Do not lose your password. If you do, you will be unable to make administrative changes unless you clear the TPM. This could result in the loss of data.