PC & Mobile

How to backup TPM key on Windows 11/10

In this submit, we are going to clarify how to again up TPM key on Windows 11/10. TPM or Trusted Platform Module is a {hardware} part (safety chip) put in inside the motherboard of a desktop laptop or laptop computer. The essential operate of TPM is to safely retailer confidential information of a system, equivalent to authentication credentials, digital certificates, and encryption keys.

Devices that comprise the TPM even have the power to create and encrypt cryptographic keys, particularly the BitLocker keys. These keys can solely be decrypted by the TPM. The Operating System can use them inside the TPM however can’t load them into system reminiscence in order that they keep protected against malware and different cyber assaults. In quick, with TPM put in, Windows gadgets present remarkably improved privateness and safety advantages.

How to backup TPM key on Windows 11/10

The fundamental requirement of utilizing a TPM mechanism is to take possession of the TPM by producing its personal distinctive password (or key). This password is named the TPM proprietor password and is completely impartial of all the opposite passwords that it shops. It is about up when Windows boot for the primary time and establishes possession with the TPM chip put in on a system.

TPM Data Security

System directors can again up TPM proprietor data of a domain-joined laptop to the Active Directory Domain Services (AD DS) – an umbrella of companies offered by Microsoft’s Active Directory that manages computer systems and different gadgets on a community area. TPM proprietor data consists of a cryptographic hash of the TPM proprietor password.

The backup permits system directors to remotely configure TPM on a neighborhood laptop utilizing the AD DS once they have to repurpose and reuse an previous laptop and reset the TPM to manufacturing unit defaults. The saved data may also be utilized in restoration conditions the place the proprietor has forgotten the TPM password.

Backup TPM proprietor data to the Active Directory Domain Services

Follow the steps to backup TPM Owner data to the AD DS utilizing Group Policy settings:

  1. Press the Win+R keys on your keyboard to open the Run dialogue field.
  2. Type gpedit.msc and press the Enter key.
  3. In the Local Group Policy Editor window, navigate to the next location: Computer ConfigurationAdministrative TemplatesSystemTrusted Platform Module Services
  4. In the suitable panel, double-click on the Turn on TPM backup to Active Directory Domain Services setting.
  5. In the coverage setting window, choose the Enabled possibility after which click on on the Apply button.
  6. Click on the OK button.
  7. Reboot your system to apply the modifications.


  • To allow the above Group Policy Object, you will need to signal into the domain-joined laptop with a website account that’s a part of the native directors’ group.
  • You may have to first arrange acceptable schema extensions on the area in order that the backup can succeed.
  • Once you allow this setting, you can’t set or change the TPM proprietor password except you join the pc to the community area.

Hope you discover this convenient.

Also Read: How to allow TPM in Hyper-V to set up Windows 11.

What occurs if I clear my TPM keys?

Clearing the TPM erases all data and resets it to its default state. If you clear the TPM keys, you’ll lose all of the encryption keys which were created by the TPM and in addition entry to the information protected by these keys (sign-in PIN, digital good card, and so forth.). So be sure you have a correct backup and restoration mechanism earlier than you clear the TPM to forestall the lack of information protected or encrypted by the TPM.

Read Next: TPM lacking or not displaying in BIOS.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button