DonatShell
Server IP : 180.180.241.3  /  Your IP : 216.73.216.252
Web Server : Microsoft-IIS/7.5
System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.3.28
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Windows/Help/Windows/en-US/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /Windows/Help/Windows/en-US/tpmadmin.h1s
MZ@PEL!@0Zh@.rsrc@@.its @@0	HX||4VS_VERSION_INFOStringFileInfo040904b0b!FileVersion1.00.00                         l"FileDescriptionCompiled Microsoft Help 2.0 TitleBFileStampDE27561601CA041F4JCompilerVersion2.5.71210.08579VCompileDate2009-07-14T01:10:25      >TopicCount53000000000000ALegalCopyright 2005 Microsoft Corporation. All rights reserved.CCCCCCCCCCCCCDVarFileInfo$Translation	ti5V'Û(ITOLITLS(X쌡^
V`   x DCAOLPHHC ITSF #DV'	Q-Y쌡^
VY쌡^
VIFCMAOLLDIFCM AOLLP//$FXFtiAttribute//$FXFtiAttribute/BTREEq/$FXFtiAttribute/DATA/$FXFtiAttribute/PROPERTY	N/$FXFtiMain//$FXFtiMain/BTREE
/$FXFtiMain/DATA%~/$FXFtiMain/PROPERTY#N/$Index/$ATTRNAMEg\/$Index/$PROPBAGI/$Index/$STRINGS?/$Index/$SYSTEMF
/$Index/$TOC//$Index/$TOC/$TPMAdmin/$Index/$TOPICATTRW/$Index/$TOPICS#`/$Index/$URLSTR[ /$Index/$URLTBL{(/$Index/$VTAIDXCt/$Index/AssetId//$Index/AssetId/$BL07/$Index/AssetId/$LEAF_COUNTS7/$Index/AssetId/$LEAVES?	/$OBJINST/assets/0/assets/01444377-1e10-40e4-a389-b442a99676a8.xmlt 0/assets/067e16b6-9049-4bbb-bcb9-9bce4cead04d.xmlr0/assets/0af6b604-fdf2-4037-a658-5bf11ec816e9.xmlA0/assets/0beee185-4eff-431d-ad1d-212e684926f8.xmlG+0/assets/148bb87d-a3c1-4344-958e-5f5b7de14a9c.xmlr#0/assets/171a5a07-00b0-4ff6-bd73-4d1dd841bf1b.xml?0/assets/1b68f329-0db3-4f0e-a0bb-72a3dd1a65f9.xmlTW0/assets/21a02891-8efe-462a-81ea-85482b3da000.xml+}0/assets/303a688a-6ab7-4193-9208-ae52c2b6b7f9.xml(50/assets/371a29c7-b746-4473-8849-2670bdbfd730.xml]K0/assets/40fb8523-ddfc-4d25-91ee-20794b381236.xml(Y0/assets/45da796d-ded5-423f-bf90-07c670384a2a.xml:0/assets/560eb6cc-53e2-49d2-935b-b07de311b6a5.xml;&0/assets/5f2457b7-2ccb-479c-9ec4-7ac5ecb0b5b7.xmlae0/assets/6108f562-e060-476b-9683-4a3e3009f994.xmlFO0/assets/6652692c-19e6-46cd-91a7-4b108042a3d7.xmlW0/assets/6c911321-0e0d-4376-afe1-162326c42018.xmll0/assets/6d0d6ca6-0ed4-4bc3-bbab-f26edd4117d7.xml'0/assets/74461555-98a1-475c-904c-2762bc9e7fc2.xml+s0/assets/84920211-a685-4dfc-9b46-649cf3d0268f.xml0/assets/bbc02bd1-3e31-4db9-8b19-1d857f52a77b.xml7:0/assets/bf114ca2-122b-4aa8-b10d-f35480979677.xmlq0/assets/c7536fa5-981c-4a21-8460-99c90e13fdd7.xmlq40/assets/cac0a9f7-77c6-4674-a793-e8f741888db8.xml%0/assets/e6a30c7e-34bf-473c-ab64-8f78cefeb7f0.xml8>0/assets/ef63d9c0-d932-46bc-9f7c-7b666cb8126c.xmlvK
/tpmadmin.h1cA
/TPMAdmin.H1FD
/TPMAdmin.H1Tb
/TPMAdmin.H1V`/TPMAdmin_AssetId.H1Kbk/TPMAdmin_BestBet.H1KMk/TPMAdmin_LinkTerm.H1K8l/TPMAdmin_SubjectTerm.H1K$o::DataSpace/NameList<(::DataSpace/Storage/MSCompressed/Content,::DataSpace/Storage/MSCompressed/ControlDataT )::DataSpace/Storage/MSCompressed/SpanInfoL/::DataSpace/Storage/MSCompressed/Transform/List<_::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/i::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/ResetTable)P3::Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/w	o\I6%BRpDUncompressedMSCompressedFX쌡^
VPLZXCHH<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Troubleshooting TPM Management</maml:title><maml:introduction>
<maml:para>This section contains the following topics:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Troubleshoot TPM Initialization</maml:linkText><maml:uri href="mshelp://windows/?id=cac0a9f7-77c6-4674-a793-e8f741888db8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Connect to the Network</maml:linkText><maml:uri href="mshelp://windows/?id=6c911321-0e0d-4376-afe1-162326c42018"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage the TPM Manually</maml:linkText><maml:uri href="mshelp://windows/?id=171a5a07-00b0-4ff6-bd73-4d1dd841bf1b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understand the TPM Endorsement Key</maml:title><maml:introduction>
<maml:para>The endorsement key is an encryption key that is permanently embedded in the Trusted Platform Module (TPM) security hardware, generally at the time of manufacture. This private portion of the endorsement key is never released outside of the TPM. The public portion of the endorsement key helps to recognize a genuine TPM.</maml:para>

<maml:para>TPM operations that involve signing pieces of data can make use of the endorsement key to allow other components to verify that the data can be trusted. To sign a piece of data, a private key is used to encrypt a small piece of information. The signature can be verified by using the corresponding public key to decrypt that same piece of data. If it can be decrypted with the public key, then it must have been encrypted by the corresponding private key. As long as that private key has been kept secret, this digital signature can be trusted.</maml:para>

<maml:para>The endorsement key is defined by the Trusted Computing Group (TCG). For more information, consult the "TCG Architecture overview" specification document available from the TCG Web site (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=69584</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=69584"></maml:uri></maml:navigationLink>).</maml:para>

<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understand the TPM Storage Root Key</maml:linkText><maml:uri href="mshelp://windows/?id=40fb8523-ddfc-4d25-91ee-20794b381236"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Initialize the TPM</maml:title><maml:introduction>
<maml:para>The Trusted Platform Module (TPM) must be initialized before it can be used to help secure your computer.</maml:para>

<maml:para>Computers manufactured to meet requirements for the Windows Vista Logo Program include pre-boot BIOS functionality that makes it easy to initialize a computer's TPM through the TPM Initialization Wizard. </maml:para>

<maml:para>When you start the TPM Initialization Wizard, you can determine whether the computer's TPM has been initialized or not.</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure. In addition, the computer must be equipped with a compatible BIOS and TPM. </maml:para>

<maml:procedure><maml:title>To start the TPM Initialization Wizard</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, click <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Run</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Open</maml:ui> box, type <maml:computerOutputInline>tpm.msc</maml:computerOutputInline>, and then press ENTER.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>. </maml:para>

</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Initialize TPM</maml:ui> to start the TPM Initialization Wizard.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the TPM has never been initialized or is turned off, the TPM Initialization Wizard will display the <maml:ui>Turn on the TPM security hardware</maml:ui> dialog box. This dialog box provides guidance for initializing or turning on the TPM. Continue with this procedure.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If the TPM is already turned on, the TPM Initialization Wizard displays the <maml:ui>Create the TPM owner password</maml:ui> dialog box. Skip the remainder of this procedure and continue with the "To set ownership of the TPM" procedure later in this topic.</maml:para>
</maml:alertSet>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If the TPM Initialization Wizard detects that you do not have a compatible BIOS, you cannot continue with the TPM Initialization Wizard, and you are alerted to consult the computer manufacturer's documentation for instructions to initialize the TPM.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Restart</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Follow the BIOS screen prompts. An acceptance prompt is displayed to ensure that a user has physical access to the computer and that no malicious software is attempting to turn on the TPM.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>BIOS screen prompts and required keystrokes vary by computer manufacturer.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>After the computer restarts, log on to the computer with the same administrative credentials you used to start this procedure.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>The TPM Initialization Wizard will automatically restart. If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Continue with the next procedure.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>To finish initializing the TPM for use, you must set an owner for the TPM. The process of taking ownership includes creating an owner password for the TPM. To learn more about the owner password, see <maml:navigationLink><maml:linkText>Understand the TPM Owner Password</maml:linkText><maml:uri href="mshelp://windows/?id=c7536fa5-981c-4a21-8460-99c90e13fdd7"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To set ownership of the TPM</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you are not continuing immediately from the last procedure, start the TPM Initialization Wizard. If you need to review the steps to do so, see "To start the TPM Initialization Wizard" earlier in this topic.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Create the TPM owner password</maml:ui> dialog box, click <maml:ui>Automatically create the password (recommended)</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Save your TPM owner password</maml:ui> dialog box, click <maml:ui>Save the password</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Save As</maml:ui> dialog box, select a location to save the password, and then click <maml:ui>Save</maml:ui>. The password file is saved as <maml:replaceable>computer_name.tpm</maml:replaceable>.</maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>We highly recommend saving the TPM owner password to removable media and storing the media in a safe location.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Print the password</maml:ui> if you want to print a hard copy of your password.</maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>We highly recommend printing a hard copy of your TPM owner password and storing it in a safe location.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Initialize</maml:ui>.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The process of initializing the TPM might take a few minutes to complete.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Close</maml:ui>.</maml:para>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>Do not lose your password. If you do, you will be unable to make administrative changes unless you clear the TPM. This could result in the loss of data.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Resources for TPM Management</maml:title><maml:introduction>
<maml:para>TPM Management works with Trusted Platform Module (TPM) security hardware that supports the specifications defined by the Trusted Computing Group (TCG). For more information, consult the TCG Web site (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=69593</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=69593"></maml:uri></maml:navigationLink>).</maml:para>

<maml:para>TPM security hardware is used to enable other components or software that protect your system or encrypt data, such as BitLocker Drive Encryption.</maml:para>

<maml:para>You may find the following resources helpful in understanding the role of TPM Management and BitLocker:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Microsoft Trusted Platform Module Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink?linkid=139769</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink?linkid=139769"></maml:uri></maml:navigationLink>) </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Microsoft BitLocker Drive Encryption Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=140225</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=140225"></maml:uri></maml:navigationLink>)</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?linkid=140308</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=140308"></maml:uri></maml:navigationLink>)</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Store TPM Recovery Information in Active Directory Domain Services</maml:title><maml:introduction>
<maml:para>Active Directory Domain Services (AD DS) can be used to store Trusted Platform Module (TPM) recovery information. </maml:para>

<maml:para>There is only one TPM owner password per computer; therefore, the hash of the TPM owner password is stored as an attribute of the computer object in AD DS. The attribute has the common name (CN) of ms-TPM-OwnerInformation. </maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Active Directory requirements</maml:title><maml:introduction>
<maml:para>To store TPM information in AD DS, all domain controllers must be running Windows Server 2003 with Service Pack 1 or later. You also need to install schema extensions if all domain controllers are running Windows Server 2003.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Step-by-step instructions</maml:title><maml:introduction>
<maml:para>For step-by-step instructions for configuring AD DS and Group Policy to support the storage of recovery and owner information, see BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=140308</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=140308"></maml:uri></maml:navigationLink>).</maml:para>

<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Windows BitLocker Drive Encryption Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=140225</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=140225"></maml:uri></maml:navigationLink>)</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Windows Trusted Platform Module Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink?linkid=139769</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink?linkid=139769"></maml:uri></maml:navigationLink>)</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Manage the TPM Manually</maml:title><maml:introduction>
<maml:para>Microsoft works closely with hardware manufacturers and industry groups to make it possible to manage most functions of the Trusted Platform Module (TPM) from within TPM Management. However, on some occasions, it may not be possible to control all aspects of your TPM security hardware from Windows. Examples may include:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Hardware that does not fully support the TPM 1.2 specification</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Hardware that does not contain a fully supported BIOS</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Hardware that has an option to hide the TPM security hardware from the operating system</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Hardware for which the manufacturer has decided to require that the BIOS screens be used to turn on, turn off, or clear the TPM</maml:para>
</maml:listItem>
</maml:list>

<maml:para>In such cases, you may be able to manage your TPM security hardware from the BIOS or setup screens of your computer.</maml:para>

<maml:para>Each manufacturer may use different terminology and have different menus or steps to manage the TPM. For example, rather than being called a "Trusted Platform Module," your manufacturer may refer to the TPM as an "embedded security device" or use a localized or translated name for TPM.</maml:para>

<maml:para>To learn how to enter the BIOS or setup system on your computer and how to perform TPM-related operations, please review the owner's manual, setup guide, or similar documentation provided with your computer. Most manufacturers also make troubleshooting and setup information available online.</maml:para>

<maml:para>When searching for instructions about managing the TPM, you may want to use some of the following search terms: "embedded security," "TPM," "trusted platform," "security module," "security chip," "TCG," "Trusted Computing Group," or these terms with verbs representing the specific action, such as "enable," "turn on," or "turn off." A good resource for learning about how a TPM works is the Trusted Computing Group Trusted Platform Module (TPM) Specifications (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=139770</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=139770"></maml:uri></maml:navigationLink>).
</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Control TPM Command Blocking by Using Group Policy</maml:title><maml:introduction>

<maml:para>Administrators can use Group Policy to block or allow specific Trusted Platform Module (TPM) commands. Commands that are blocked by policy cannot be enabled by using TPM Management. However, commands that are allowed by policy can be blocked by using TPM Management.</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To block and allow TPM commands by using the Local Group Policy Editor</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Start</maml:ui>, click <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Run</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the <maml:ui>Open</maml:ui> box, type <maml:computerOutputInline>gpedit.msc</maml:computerOutputInline>, and then press ENTER.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>The Local Group Policy Editor is displayed with the local computer policy open for editing. </maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>Administrators with appropriate privileges in a domain can configure a Group Policy object (GPO) to apply through Active Directory Domain Services (AD DS).</maml:para></maml:alertSet></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the console tree, under <maml:ui>Computer Configuration</maml:ui>, expand <maml:ui>Administrative Templates</maml:ui>, and then expand <maml:ui>System</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Under <maml:ui>System</maml:ui>, click <maml:ui>Trusted Platform Module Services</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the details pane, double-click <maml:ui>Configure the list of blocked TPM commands</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Enabled</maml:ui>, and then click <maml:ui>Show</maml:ui>.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>For each command that you want to block, click <maml:ui>Add</maml:ui>, enter the command number, and then click <maml:ui>OK</maml:ui>.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>There are currently 120 commands listed in TPM Management, organized into 27 categories of functionality. For a reference to the list of commands in TPM Management, see the Trusted Platform Module (TPM) Specifications (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=139770</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=139770"></maml:uri></maml:navigationLink>).</maml:para></maml:alertSet></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>After you have added numbers for each command that you want to block, click <maml:ui>OK</maml:ui>, and then click <maml:ui>OK</maml:ui> again.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>If desired, you can enable policies that prevent the blocking of commands based on the default block list or the local list. For more information about each of these options, read the help text displayed in the Local Group Policy Editor for the <maml:ui>Ignore the default list of blocked TPM commands</maml:ui> policy setting and the <maml:ui>Ignore the local list of blocked commands</maml:ui> policy setting.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>Local administrators cannot allow TPM commands that are blocked through Group Policy. Commands blocked by local administrators using TPM Management and commands on the default block list are also blocked unless the Group Policy settings are changed from the default settings.</maml:para></maml:alertSet></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Close the Local Group Policy Editor.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure></maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Reset the TPM Lockout</maml:title><maml:introduction>
<maml:para>The Trusted Platform Module (TPM) will lock itself to prevent tampering or attack; this is referred to as lockout. TPM lockout often lasts for a variable amount of time or until the computer is turned off. While the TPM is in lockout mode, it generally returns an error when it receives commands that require an authorization value. One exception is that the TPM always allows the owner at least one attempt to reset the TPM lockout when it is in lockout mode. If your TPM has entered lockout mode or is responding slowly to commands, we recommend resetting the lockout value. Resetting the TPM lockout requires the TPM owner authorization. TPM owner authorization is set when the administrator initially takes ownership of the TPM. The owner authorization password is hashed to create an owner authorization value, which is stored by the TPM. The administrator is encouraged to save the owner authorization hash value to a TPM owner password file ending with a .tpm extension that contains the owner authorization hash value within an XML structure. For security, the TPM owner password file does not contain the original owner password. TPM ownership is commonly taken the first time that BitLocker Drive Encryption is turned on for the computer. In this scenario, the TPM owner authorization password is saved along with the BitLocker recovery key. When the BitLocker recovery key is saved to a file, BitLocker also saves a TPM owner password file (.tpm) with the TPM owner password hash value. When the BitLocker recovery key is printed, the TPM owner password is printed at the same time. You can also save your TPM owner password hash value to Active Directory Domain Services (AD DS) if your organization's Group Policy settings are configured to do so.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Understanding TPM protection mechanisms</maml:title><maml:introduction>
<maml:para>In some scenarios, encryption keys are protected by a TPM by requiring a valid authorization value to access the key. (A common example is BitLocker Drive Encryption configured to use the TPM + PIN key protector, where the user must type the correct PIN during the boot process to access the volume encryption key protected by the TPM.) To prevent malicious entities from discovering authorization values, TPMs implement protection logic. The protection logic is designed to slow or stop responses from the TPM if it detects that an entity might be trying to guess authorization values.</maml:para>
<maml:para>The industry standards from the Trusted Computing Group (TCG) organization specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 chips. Different TPM manufacturers implement different protection mechanisms and behavior. The general guidance is for the TPM chip to take exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when mistyping an authorization value sent to the TPM, essentially preventing them from using the TPM for a period of time. Users may reset the protection mechanisms in the TPM by completing the following procedure.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The protection logic in the TPM also applies to the TPM owner authorization value. The industry standards specify that the user is allowed at least one attempt to reset the TPM lockout by using the owner authorization value, even when the TPM is locked out. If the wrong value is used when attempting to reset the TPM lockout, on subsequent attempts to enter the owner authorization value, the TPM may respond as if the correct value is incorrect or respond that the TPM is locked out.</maml:para>
</maml:alertSet></maml:introduction>

<maml:sections>
<maml:section>
<maml:title> </maml:title>
<maml:introduction>
<maml:procedure><maml:title>To reset the TPM lockout</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the TPM Management (tpm.msc) snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Action</maml:ui> pane, click <maml:ui>Reset TPM Lockout</maml:ui> to start the Reset TPM Lockout wizard.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Choose the method for entering the TPM owner password:</maml:para><maml:list class="unordered"><maml:listItem><maml:para>If you saved your TPM owner password to a .tpm file, click <maml:ui>I have the owner password file</maml:ui>, and then either type the path to the file or click <maml:ui>Browse</maml:ui> to navigate to the file location.</maml:para></maml:listItem><maml:listItem><maml:para>If you want to manually enter your TPM owner password, click <maml:ui>I want to enter the owner password</maml:ui>, and then type the password in the space provided. If you enabled BitLocker and your TPM at the same time and chose to print your BitLocker recovery password when you turned on BitLocker, your TPM owner password may also have been printed on the same paper. </maml:para></maml:listItem></maml:list></maml:section></maml:sections></maml:step></maml:procedure>
<maml:para>Once the TPM owner password is authenticated, a dialog box confirming that the TPM lockout was reset is displayed.</maml:para>
</maml:introduction></maml:section>
</maml:sections></maml:section><maml:section>
<maml:title>Frequently Asked Questions (FAQ)</maml:title><maml:introduction>






</maml:introduction>

<maml:sections>
<maml:section address="BKMK_faq1">
<maml:title>When should I reset the TPM lockout?</maml:title><maml:introduction>
<maml:para>The most likely scenario is that during the boot process users will notice slow response times when using a key protector—which consists of the TPM and a PIN—and entering the incorrect PIN. The system may appear to freeze for a period of time before informing the user that the incorrect PIN was entered and that the TPM is locked out. When the TPM is locked out, it is also possible that the user will enter the correct PIN, but the TPM will respond as if the incorrect PIN was entered for a period of time. Similar behavior may occur for other applications that use the TPM with authorization values, but it is more likely only the application that is communicating with the TPM will be unresponsive if the operating system has already started. Because a TPM may indefinitely store all incorrect authorization attempts sent to it, users may want to proactively reset the TPM lockout if they often mistype authorization values such as the BitLocker PIN.</maml:para>
</maml:introduction></maml:section>
<maml:section address="BKMK_faq2">
<maml:title>What behavior should I expect if the TPM protection logic is activated to protect authorization values?</maml:title><maml:introduction>
<maml:para>The behavior of the hardware platform will vary depending on implementation choices made by the platform manufacturer. It is generally expected that hardware manufacturers will exponentially delay responses from the TPM chip. It is also possible that the TPM chip may be responsive but respond as if the correct authorization value is incorrect for a period of time. For more specific information about behavior, contact your platform manufacturer.</maml:para>
<maml:para>If the TPM is currently locked out when using BitLocker, there will be an opportunity during the boot process to either open the BitLocker recovery console or wait to reenter the PIN.</maml:para>
<maml:para>Once Windows has started, TPM Management will show the status of the TPM as currently locked out.</maml:para>
<maml:para>Any commands that involve authorization values or attempt to send the TPM owner password to the TPM will result in an error from the TPM while the TPM is locked out.</maml:para></maml:introduction></maml:section>
<maml:section address="BKMK_faq3">
<maml:title>What should I do if I do not remember my TPM owner password?</maml:title><maml:introduction>
<maml:para>It is possible that the TPM owner authorization hash value was saved to a file ending with a .tpm extension when the administrator originally took ownership of the TPM on your computer. Search your file system for a file ending with .tpm. If you printed your BitLocker recovery password, your TPM owner password may have been printed at the same time. If you cannot find your TPM owner password, you can clear the TPM and take ownership again. This should be done carefully because data encrypted with the TPM will be lost. If you are using BitLocker, make sure to suspend or turn off BitLocker before clearing the TPM. For more information about clearing your TPM, see <maml:navigationLink><maml:linkText>Clear the TPM</maml:linkText><maml:uri href="mshelp://windows/?id=45da796d-ded5-423f-bf90-07c670384a2a"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section>
<maml:section address="BKMK_faq4">
<maml:title>Is it important to keep my TPM owner authorization hash value secret?</maml:title><maml:introduction>
<maml:para>Yes. If a malicious entity obtained your TPM owner authorization hash value, the entity could make several attempts to guess an encryption key authorization value (for example, the BitLocker PIN), use the TPM owner authorization hash value to reset the TPM lockout, and repeat indefinitely. Eventually it is likely that the authorization value could be discovered if the size was small.</maml:para>
</maml:introduction></maml:section>
<maml:section address="BKMK_faq5">
<maml:title>How is the TPM owner password related to the TPM owner authorization hash value?</maml:title><maml:introduction>
<maml:para>The TPM owner password is hashed by using SHA-1 and is base-64 encoded to create the TPM owner authorization hash value.</maml:para>
</maml:introduction></maml:section>

</maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add the TPM Management Snap-In to MMC</maml:title><maml:introduction>
<maml:para>TPM Management is a Microsoft Management Console (MMC) snap-in. You can run TPM Management as a stand-alone console or add it to any MMC.</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>Add the TPM Management snap-in to MMC</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, click <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Run</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Open</maml:ui> box, type <maml:computerOutputInline>mmc</maml:computerOutputInline>, and press ENTER.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>File</maml:ui> menu, click <maml:ui>Add/Remove Snap-in</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Available snap-ins</maml:ui> list, click <maml:ui>TPM Management</maml:ui>, and then click <maml:ui>Add</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Select Computer</maml:ui> dialog box, click <maml:ui>Local computer</maml:ui>.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>You can also use this method to manage the Trusted Platform Module (TPM) on a remote computer.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>, and then click <maml:ui>OK</maml:ui> again.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Depending on the configuration of your computer, the <maml:ui>User Account Control</maml:ui> prompt may appear. It will not appear if you are logged on with the built-in Administrator account (the local Administrator account is disabled by default in this version of Windows).</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If User Account Control is enabled, it can be configured to allow non-administrators to enter the credentials of an administrator to complete administrative tasks without being a member of the <maml:phrase>Administrators</maml:phrase> group. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>By default, members of the local <maml:phrase>Administrators</maml:phrase> group have sufficient rights and privileges to complete this task. In your environment, security may be managed such that non-administrators have additional rights. </maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing the Trusted Platform Module</maml:linkText><maml:uri href="mshelp://windows/?id=560eb6cc-53e2-49d2-935b-b07de311b6a5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list></maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Using the TPM Management Snap-In</maml:title><maml:introduction>
<maml:para>TPM Management is a Microsoft Management Console (MMC) snap-in. You can run TPM Management as a stand-alone console or add it to any MMC.</maml:para>

<maml:para>This section contains the following topics:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Start TPM Management</maml:linkText><maml:uri href="mshelp://windows/?id=bf114ca2-122b-4aa8-b10d-f35480979677"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Add the TPM Management Snap-In to MMC</maml:linkText><maml:uri href="mshelp://windows/?id=303a688a-6ab7-4193-9208-ae52c2b6b7f9"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understand the TPM Storage Root Key</maml:title><maml:introduction>
<maml:para>The storage root key is embedded in the Trusted Platform Module (TPM) security hardware. It is used to protect TPM keys created by applications, so that these keys cannot be used without the TPM. </maml:para>

<maml:para>Unlike the endorsement key (which is generally created when the TPM is manufactured), the storage root key is created when you take ownership of the TPM. This means that if you clear the TPM and a new user takes ownership, a new storage root key is created.</maml:para>

<maml:para>The storage root key is defined by the Trusted Computing Group (TCG). For more information, consult the "TCG Architecture overview" specification document available from the TCG Web site (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=69584</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=69584"></maml:uri></maml:navigationLink>). </maml:para>

<maml:para><maml:phrase>Additional references </maml:phrase></maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understand the TPM Endorsement Key</maml:linkText><maml:uri href="mshelp://windows/?id=067e16b6-9049-4bbb-bcb9-9bce4cead04d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Clear the TPM</maml:title><maml:introduction>
<maml:para>Clearing the Trusted Platform Module (TPM) resets the TPM to an unowned state. After clearing the TPM, you need to complete the TPM initialization process before using software that relies on the TPM, such as BitLocker Drive Encryption.</maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Clearing the TPM can result in the loss of data. To avoid data loss, make sure you have a backup or recovery method for any data protected or encrypted by the TPM.</maml:para>
</maml:alertSet>

<maml:para>After the TPM is cleared, it is also turned off.</maml:para>

<maml:para>To temporarily suspend TPM operations, turn the TPM off instead of clearing it. For more information, see <maml:navigationLink><maml:linkText>Turn the TPM On or Off</maml:linkText><maml:uri href="mshelp://windows/?id=6d0d6ca6-0ed4-4bc3-bbab-f26edd4117d7"></maml:uri></maml:navigationLink>.</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To clear the TPM</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, click <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Run</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Open</maml:ui> box, type <maml:computerOutputInline>tpm.msc</maml:computerOutputInline>, and then press ENTER. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Under <maml:ui>Actions</maml:ui>, click <maml:ui>Clear TPM</maml:ui>. If the TPM is off, follow the procedure <maml:navigationLink><maml:linkText>Initialize the TPM</maml:linkText><maml:uri href="mshelp://windows/?id=0af6b604-fdf2-4037-a658-5bf11ec816e9"></maml:uri></maml:navigationLink> to reinitialize it before clearing it.</maml:para>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>Clearing the TPM resets it to factory defaults and turns it off. You will lose all created keys and data protected by those keys.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Clear the TPM Security Hardware</maml:ui> dialog box, select a method for entering your password and clearing the TPM:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>If you have the removable media onto which you saved your TPM owner password, insert it, and click <maml:ui>I have a backup file with the TPM owner password</maml:ui>. In the <maml:ui>Select backup file with the TPM owner password</maml:ui> dialog box, use <maml:ui>Browse</maml:ui> to navigate to the .tpm file saved on your removable media. Click <maml:ui>Open</maml:ui>, and then click <maml:ui>Clear TPM</maml:ui>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you do not have the removable media onto which you saved your password, click <maml:ui>I want to type the TPM owner password</maml:ui>. In the <maml:ui>Type your TPM owner password</maml:ui> dialog box, enter your password (including hyphens), and click <maml:ui>Clear TPM</maml:ui>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you do not know your TPM owner password, click <maml:ui>I don't have the TPM owner password</maml:ui>, and follow the instructions provided to clear the TPM without entering the password.</maml:para>
</maml:listItem>
</maml:list>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you have physical access to the computer, you can clear the TPM and perform a limited number of management tasks without entering the TPM owner password.</maml:para>
</maml:alertSet>

<maml:para>The status of your TPM is displayed under <maml:ui>Status</maml:ui> in TPM Management.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing the Trusted Platform Module</maml:title><maml:introduction>
<maml:para>This section contains the following topics:</maml:para>

<maml:list class="unordered">


<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Store TPM Recovery Information in Active Directory Domain Services</maml:linkText><maml:uri href="mshelp://windows/?id=148bb87d-a3c1-4344-958e-5f5b7de14a9c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Clear the TPM</maml:linkText><maml:uri href="mshelp://windows/?id=45da796d-ded5-423f-bf90-07c670384a2a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Reset the TPM Lockout</maml:linkText><maml:uri href="mshelp://windows/?id=21a02891-8efe-462a-81ea-85482b3da000"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Turn the TPM On or Off</maml:linkText><maml:uri href="mshelp://windows/?id=6d0d6ca6-0ed4-4bc3-bbab-f26edd4117d7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Command Management</maml:linkText><maml:uri href="mshelp://windows/?id=74461555-98a1-475c-904c-2762bc9e7fc2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understand TPM Initialization</maml:title><maml:introduction>
<maml:para>A Trusted Platform Module (TPM) can be in one of the following states:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Unowned and turned off</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Unowned and turned on</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Owned but turned off</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Owned and turned on</maml:para>
</maml:listItem>
</maml:list>

<maml:para>The TPM must be turned on and owned before it can be used to help secure your computer. The process of ensuring that the TPM is both turned on and owned is called initialization. During initialization, the TPM creates new root keys that are used by the TPM. </maml:para>

<maml:para>Computers manufactured to meet requirements specified for this version of Windows include preboot BIOS functionality that makes it easy to initialize a computer's TPM by using the TPM Initialization Wizard. Normally, initialization of the TPM requires physical access to the computer to turn on the TPM. This requirement helps protect against the threat of malicious software being able to initialize a TPM.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>In a business or enterprise environment, your network administrator may have initialized the TPM, or your organization may have arranged specific processes with your hardware manufacturer to support TPM initialization without user intervention.</maml:para>
</maml:alertSet>

<maml:para>If the TPM is not initialized, the TPM Initialization Wizard guides you through the steps required to turn on and take ownership of the TPM. </maml:para>

<maml:para>In order to be used by software such as BitLocker Drive Encryption, the TPM must be initialized. The BitLocker setup wizard starts the initialization process automatically while configuring BitLocker, if needed.</maml:para>

<maml:para>For more information on how to initialize the TPM, see <maml:navigationLink><maml:linkText>Initialize the TPM</maml:linkText><maml:uri href="mshelp://windows/?id=0af6b604-fdf2-4037-a658-5bf11ec816e9"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Overview of TPM Management</maml:title><maml:introduction>
<maml:para>TPM Management is a Microsoft Management Console (MMC) snap-in that allows administrators to interact with Trusted Platform Module (TPM) Services. TPM Services is used to administer the TPM security hardware in your computer. The TPM Services architecture provides the infrastructure for hardware-based security by providing access to and assuring application-level sharing of the TPM.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>What is a Trusted Platform Module?</maml:title><maml:introduction>
<maml:para>A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer and communicates with the rest of the system by using a hardware bus.</maml:para>

<maml:para>Computers that incorporate a TPM can create cryptographic keys and encrypt them so that they can only be decrypted by the TPM. This process, often called "wrapping" or "binding" a key, can help protect the key from disclosure. Each TPM has a master "wrapping" key, called the storage root key, which is stored within the TPM itself. The private portion of a key created in a TPM is never exposed to any other component, software, process, or person.</maml:para>

<maml:para>Computers that incorporate a TPM can also create a key that has not only been wrapped but is also tied to certain platform measurements. This type of key can only be unwrapped when those platform measurements have the same values that they had when the key was created. This process is called "sealing" the key to the TPM. Decrypting the key is called "unsealing." The TPM can also seal and unseal data generated outside of the TPM. With this sealed key and software such as BitLocker Drive Encryption, you can lock data until specific hardware or software conditions are met. </maml:para>

<maml:para>With a TPM, private portions of key pairs are kept separate from the memory controlled by the operating system. Keys can be sealed to the TPM, and certain assurances about the state of a system—assurances that define the  "trustworthiness" of a system—can be made before the keys are unsealed and released for use. Because the TPM uses its own internal firmware and logic circuits for processing instructions, it does not rely on the operating system and is not exposed to vulnerabilities that might exist in the operating system or application software.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Trusted Platform Module Services components</maml:title><maml:introduction>
<maml:para>The following table details the individual components that comprise the TPM Services feature set.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>TPM component</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Purpose</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para><maml:phrase>TPM driver</maml:phrase></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The TPM driver is a kernel-mode device driver designed for TPM security hardware that conforms to the Trusted Computing Group (TCG) 1.2 specifications. Conforming to TCG 1.2 provides more platform stability and eliminates the need for vendor-specific device drivers.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:phrase>TPM Base Services (TBS)</maml:phrase></maml:para>
</maml:entry>
<maml:entry>
<maml:para>TBS is a service that provides sharing of the limited resources on the TPM. TBS acts as the resource controller for all applications that are using the TPM.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:phrase>TPM Windows Management Instrumentation (WMI) provider</maml:phrase></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The TPM WMI provider exposes common TPM configuration tasks to administrators programmatically. Administrators can write a script that uses this provider.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:phrase>TPM Management snap-in</maml:phrase></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The TPM Management snap-in exposes common TPM configuration tasks to administrators through a user interface. Administrators can use this snap-in to access the TPM Initialization Wizard.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:phrase>TPM Initialization Wizard</maml:phrase></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The purpose of the TPM Initialization Wizard is to turn on and configure the TPM to work with applications or services that use the TPM, such as BitLocker Drive Encryption.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>For more information, review other topics in this help file and the resources listed in <maml:navigationLink><maml:linkText>Resources for TPM Management</maml:linkText><maml:uri href="mshelp://windows/?id=0beee185-4eff-431d-ad1d-212e684926f8"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Setting Up the TPM for First Use</maml:title><maml:introduction>
<maml:para>An administrator must complete a series of steps before the Trusted Platform Module (TPM) can be used to protect your system or to encrypt your data.</maml:para>

<maml:para>This section includes the following topics:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understand TPM Initialization</maml:linkText><maml:uri href="mshelp://windows/?id=5f2457b7-2ccb-479c-9ec4-7ac5ecb0b5b7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Initialize the TPM</maml:linkText><maml:uri href="mshelp://windows/?id=0af6b604-fdf2-4037-a658-5bf11ec816e9"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connect to the Network</maml:title><maml:introduction>
<maml:para>You cannot complete the initialization of the Trusted Platform Module (TPM) in your computer when disconnected from your organization's network if either of the following two conditions exist:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>An administrator has configured your computer to require that TPM recovery information be saved in Active Directory Domain Services (AD DS). This requirement can be configured through Group Policy.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>A domain controller cannot be reached. This can occur on a computer that is currently disconnected from the network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network interface card).</maml:para>
</maml:listItem>
</maml:list>

<maml:para>In either case, an error appears, and you will not be able to complete the initialization process.</maml:para>

<maml:para>To avoid this issue, initialize the TPM while you are connected to the corporate network and able to contact a domain controller. </maml:para>
<maml:para>For step-by-step procedures on how to set up the TPM on your computer, see the Windows Trusted Platform Module Management Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=139769</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=139769"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Turn the TPM On or Off</maml:title><maml:introduction>
<maml:para>Normally, the Trusted Platform Module (TPM) is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM Management snap-in.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Turn the TPM on</maml:title><maml:introduction>
<maml:para>If the TPM has been initialized but has never been used, or if you want to use the TPM again after you have turned it off, you should turn the TPM on. </maml:para>
<maml:procedure><maml:title>To turn on the TPM</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the TPM Management (tpmadmin.msc) snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Action</maml:ui> pane, click <maml:ui>Turn TPM On</maml:ui> to display the <maml:ui>Turn on the TPM Security Hardware</maml:ui> page. Read the instructions on this page.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click <maml:ui>Shutdown</maml:ui> (or <maml:ui>Restart</maml:ui>), and then follow the BIOS screen prompts. </maml:para><maml:para>After the computer restarts, but before you log on to Windows, you will be prompted to accept the reconfiguration of the TPM. This ensures that the user has physical access to the computer and that malicious software is not attempting to make changes to the TPM.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section><maml:section>
<maml:title>Turn the TPM off</maml:title><maml:introduction>
<maml:para>If you want to stop using the services provided by the TPM, you can use TPM Management to turn off the TPM. If you have the TPM owner password, physical access to the computer is not required to turn off the TPM. If you do not have the TPM owner password, you must have physical access to the computer to turn off the TPM.</maml:para>

<maml:para>You can also turn off the TPM to simulate or test the BitLocker Drive Encryption recovery process.</maml:para>
<maml:procedure><maml:title>To turn off the TPM</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the TPM Management (tpmadmin.msc) snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Action</maml:ui> pane, click <maml:ui>Turn TPM Off</maml:ui> to display the <maml:ui>Turn off the TPM Security Hardware</maml:ui> page.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>In the <maml:ui>Turn off the TPM security hardware</maml:ui> dialog box, select a method for entering your owner password and turning off the TPM:</maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>If you have the removable media onto which you saved your TPM owner password, insert it, and then click <maml:ui>I have a backup file with the TPM owner password</maml:ui>. In the <maml:ui>Select backup file with the TPM owner password</maml:ui> dialog box, click <maml:ui>Browse</maml:ui> to locate the .tpm file saved on your removable media, click <maml:ui>Open</maml:ui>, and then click <maml:ui>Turn TPM Off</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>If you do not have the removable media onto which you saved your TPM owner password, click <maml:ui>I want to type the TPM owner password</maml:ui>. In the <maml:ui>Type your TPM owner password</maml:ui> dialog box, enter your password (including hyphens), and then click <maml:ui>Turn TPM Off</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>If you do not know your TPM owner password, click <maml:ui>I do not have the TPM owner password</maml:ui>, and follow the instructions provided in the dialog box and subsequent BIOS screens to turn off the TPM without entering the password. </maml:para></maml:listItem></maml:list></maml:section></maml:sections></maml:step></maml:procedure>

<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understand TPM Initialization</maml:linkText><maml:uri href="mshelp://windows/?id=5f2457b7-2ccb-479c-9ec4-7ac5ecb0b5b7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Initialize the TPM</maml:linkText><maml:uri href="mshelp://windows/?id=0af6b604-fdf2-4037-a658-5bf11ec816e9"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Command Management</maml:title><maml:introduction>
<maml:para>After ownership of the Trusted Platform Module (TPM) has been taken, the TPM owner can limit which TPM commands can be run by using Group Policy or TPM Management.</maml:para>

</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Understanding TPM commands </maml:title><maml:introduction>
<maml:para>The TPM hardware is a passive hardware device. It does not initiate or interrupt processes on the computer. Instead, it accepts and responds to commands from other applications, such as device drivers and operating systems. The current version of the TPM command specification defined by the Trusted Computing Group provides a set of 120 standard commands for use in directing the operation of the TPM. These commands are displayed when you select <maml:ui>Command Management</maml:ui> in TPM Management. </maml:para>
<maml:para>For a reference to the list of commands in TPM Management, see the Trusted Platform Module (TPM) Specifications (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=139770</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=139770"></maml:uri></maml:navigationLink>). </maml:para>

</maml:introduction></maml:section><maml:section><maml:title>Blocking and allowing TPM commands</maml:title><maml:introduction>
<maml:para>You can control which commands the TPM on your computer can accept and respond to by selecting the command in <maml:ui>Command Management</maml:ui> and then deciding whether that command is allowed to be accepted by the TPM or blocked from being accepted by the TPM. There are three possible lists of blocked commands: the default list provided with the operating system, a list maintained on the local computer and managed by local administrators, and the list of commands controlled by Group Policy objects. If a TPM command exists in any of the lists, it will be blocked from the TPM. If a service or application attempts to run a blocked command, an error will be returned to the service or application that sent the command.
</maml:para>
<maml:para>For more information, see <maml:navigationLink><maml:linkText>Control TPM Command Blocking by Using TPM Management</maml:linkText><maml:uri href="mshelp://windows/?id=bbc02bd1-3e31-4db9-8b19-1d857f52a77b"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Using Group Policy to control TPM commands</maml:title>
<maml:introduction><maml:para>The Group Policy settings for TPM services are located in <maml:ui>Computer Configuration\Administrative Templates\System\Trusted Platform Module Services</maml:ui>. The following table details the policy settings that can be used to control TPM commands.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry><maml:para>Setting name</maml:para></maml:entry>
<maml:entry><maml:para>Description</maml:para></maml:entry>
</maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry><maml:para><maml:ui>Configure the list of blocked TPM commands</maml:ui></maml:para></maml:entry>
<maml:entry><maml:para>This policy setting allows you to manage the Group Policy list of TPM commands blocked by Windows. If you enable this policy setting, Windows will block the commands you specify in this setting from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number <maml:ui>129</maml:ui> is <maml:ui>TPM_OwnerReadInternalPub</maml:ui>, and command number <maml:ui>170</maml:ui> is <maml:ui>TPM_FieldUpgrade</maml:ui>. To add commands to this list, enable the setting and then click <maml:ui>Show</maml:ui> to open the list of blocked commands. In the <maml:ui>Show Contents</maml:ui> dialog box, click in the <maml:ui>Value</maml:ui> field and type the command number that you want to block. If you want to block multiple commands, enter each command number on a separate line of the list.</maml:para>
<maml:para>If this setting is disabled or not configured, the Group Policy block list is not used, and only those TPM commands specified through the default or local lists will be blocked by Windows.</maml:para></maml:entry>
</maml:row>
<maml:row>
<maml:entry><maml:para><maml:ui>Ignore the default list of blocked TPM commands</maml:ui></maml:para></maml:entry>
<maml:entry><maml:para>This policy setting allows you to enforce or ignore the computer's default list of blocked TPM commands. If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list. The default list of blocked TPM commands is preconfigured by Windows. The commands on the default list have either been deprecated by the Trusted Computing Group or have privacy implications that should be considered before allowing these commands to be used with TPMs in your organization.</maml:para></maml:entry>
</maml:row>
<maml:row>
<maml:entry><maml:para><maml:ui>Ignore the local list of blocked TPM commands</maml:ui></maml:para></maml:entry>
<maml:entry><maml:para>This policy setting allows you to enforce or ignore the computer's local list of blocked TPM commands. If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.</maml:para></maml:entry>
</maml:row></maml:table>
<maml:para>For more information, see <maml:navigationLink><maml:linkText>Control TPM Command Blocking by Using Group Policy</maml:linkText><maml:uri href="mshelp://windows/?id=1b68f329-0db3-4f0e-a0bb-72a3dd1a65f9"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section><maml:title>Blocking new commands</maml:title><maml:introduction>
<maml:para>Because some hardware vendors may have provided additional commands or the Trusted Computing Group may decide to add new commands in the future, TPM Management supports the ability to block new commands through the <maml:ui>Block New Command</maml:ui> item on the <maml:ui>Action</maml:ui> menu. If there is an additional command that you do not want your TPM to be able to accept, click <maml:ui>Block New Command</maml:ui> and then type the number of the command. </maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Change the TPM Owner Password</maml:title><maml:introduction>
<maml:para>As with any password, you should change your Trusted Platform Module (TPM) owner password if it has become compromised (that is, if you suspect it is no longer a secret).</maml:para>

<maml:para>If you want to invalidate all of the existing keys created since you took ownership of the TPM, you can clear the TPM instead of changing your owner password.</maml:para>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Clearing the TPM can result in the loss of data. To avoid data loss, make sure you have a backup or recovery method for any data protected or encrypted by the TPM.</maml:para>
</maml:alertSet>

<maml:para>If you want to keep all existing keys and data intact but want to disable the services provided by the TPM, you can turn off the TPM instead of changing your owner password.</maml:para>

<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understand the TPM Owner Password</maml:linkText><maml:uri href="mshelp://windows/?id=c7536fa5-981c-4a21-8460-99c90e13fdd7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Control TPM Command Blocking by Using TPM Management</maml:title><maml:introduction>
<maml:para>Trusted Platform Module (TPM) commands can be managed by using TPM Management. Administrators can explore the commands available to the TPM. They can also block or allow specific commands.</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To block and allow TPM commands by using TPM Management</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, click <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Run</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Open</maml:ui> box, type <maml:computerOutputInline>tpm.msc</maml:computerOutputInline>, and then press ENTER. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Command Management</maml:ui>. A list of TPM commands is displayed.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the list, select a command that you want to block or allow.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Under <maml:ui>Actions</maml:ui>, click either <maml:ui>Block Selected Command</maml:ui> or <maml:ui>Allow Selected Command</maml:ui> as needed.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Local administrators cannot allow TPM commands that are blocked through Group Policy. Also, commands on the default block list for the TPM cannot be allowed until the Group Policy settings are changed to ignore the default block list.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Control TPM Command Blocking by Using Group Policy</maml:linkText><maml:uri href="mshelp://windows/?id=1b68f329-0db3-4f0e-a0bb-72a3dd1a65f9"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Start TPM Management</maml:title><maml:introduction>
<maml:para>TPM Management is a Microsoft Management Console (MMC) snap-in. You can run TPM Management as a stand-alone console or add it to any MMC. To start TPM Management as a stand-alone console, you can use Windows Explorer or a command line.</maml:para>

<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group, or equivalent, is the minimum required to complete this procedure.</maml:para>

<maml:procedure><maml:title>To start TPM Management by using Windows Explorer</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, click <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Run</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Open</maml:ui> box, type <maml:computerOutputInline>tpm.msc</maml:computerOutputInline>, and then press ENTER.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, confirm that the action it displays is what you want, and then click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:procedure><maml:title>To start TPM Management by using a command line</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>At a command prompt, type <maml:computerOutputInline>tpm.msc</maml:computerOutputInline>, and press ENTER.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>

<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>You can configure your own MMC that includes TPM Management as part of that console. For more information, refer to "Additional references" in this topic. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Depending on the configuration of your computer, the <maml:ui>User Account Control</maml:ui> prompt may or may not appear. It will not appear if you are logged on with the built-in Administrator account (the local Administrator account is disabled by default in this version of Windows).</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If User Account Control is enabled, it can be configured to allow non-administrators to enter the credentials of an administrator to complete administrative tasks without being a member of the <maml:phrase>Administrators</maml:phrase> group. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>By default, members of the local <maml:phrase>Administrators</maml:phrase> group have sufficient rights and privileges to complete this task. In your environment, security may be managed such that non-administrators have additional rights. </maml:para>
</maml:listItem>
</maml:list>

<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add the TPM Management Snap-In to MMC</maml:linkText><maml:uri href="mshelp://windows/?id=303a688a-6ab7-4193-9208-ae52c2b6b7f9"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understand the TPM Owner Password</maml:title><maml:introduction>
<maml:para>The Trusted Platform Module (TPM) owner password defines who the owner of the TPM is. You own the TPM if you are able to set the TPM owner password. Only one owner password exists per TPM, so anyone who knows that password is effectively the TPM owner. The owner of the TPM can make full use of TPM capabilities. Once an owner is set, no other user or software can claim ownership of the TPM. Only the TPM owner can enable, disable, or clear the TPM without having physical access to the computer (for example, by using the command-line tools remotely). Taking ownership of the TPM can be done as part of the initialization process. For more information, see <maml:navigationLink><maml:linkText>Setting Up the TPM for First Use</maml:linkText><maml:uri href="mshelp://windows/?id=6652692c-19e6-46cd-91a7-4b108042a3d7"></maml:uri></maml:navigationLink>.</maml:para>

<maml:para>Applications, including BitLocker Drive Encryption, can automatically start the initialization process. If you enable BitLocker without manually initializing the TPM, the TPM owner password will be automatically created and saved in the same location as the BitLocker recovery password.</maml:para>

<maml:para>The TPM owner password can be saved as a file on a USB flash drive, or in a folder in a location away from your local computer. The password can also be printed. In TPM Management, when an action can only be performed by the TPM owner, you can choose the appropriate option to type the password or use the password that has been saved. </maml:para>

<maml:para>The TPM commands available to an owner are defined by the Trusted Computing Group. For more information, consult the "Owner Permission Settings" section of the specification "Structures of the TPM" available from the Trusted Computing Group Web site (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=69584</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=69584"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Troubleshoot TPM Initialization</maml:title><maml:introduction>
<maml:para>Managing the Trusted Platform Module (TPM) is usually a straightforward procedure. If are unable to complete the initialization procedure, review the following information:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>If the TPM is not detected by Windows, verify that your computer hardware contains a compatible TPM and BIOS. Ensure that no BIOS settings have been used to hide the TPM from the operating system.</maml:para>
</maml:listItem>
<maml:listItem><maml:para>If you are attempting to initialize the TPM as part of the BitLocker setup, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers provided by Microsoft with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM is not present on the computer. If you have a non-Microsoft driver installed, remove it and then try to initialize the TPM again. The following table lists the three standard TPM drivers that are provided by Microsoft. </maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry><maml:para>Driver name</maml:para></maml:entry>
<maml:entry><maml:para>Manufacturer</maml:para></maml:entry>
</maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry><maml:para>Trusted Platform Module 1.2</maml:para></maml:entry>
<maml:entry><maml:para>(Standard)</maml:para></maml:entry>
</maml:row>
<maml:row>
<maml:entry><maml:para>Broadcom Trusted Platform Module (A1), v1.2</maml:para></maml:entry>
<maml:entry><maml:para>Broadcom</maml:para></maml:entry>
</maml:row><maml:row>
<maml:entry><maml:para>Broadcom Trusted Platform Module (A2), v1.2</maml:para></maml:entry>
<maml:entry><maml:para>Broadcom</maml:para></maml:entry>
</maml:row></maml:table>
</maml:listItem>
<maml:listItem>
<maml:para>If the TPM has been previously initialized and you do not have the owner password, you may have to clear or reset the TPM to factory default values. For more information, see <maml:navigationLink><maml:linkText>Clear the TPM</maml:linkText><maml:uri href="mshelp://windows/?id=45da796d-ded5-423f-bf90-07c670384a2a"></maml:uri></maml:navigationLink>.</maml:para>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>Clearing the TPM can result in the loss of data. To avoid data loss, make sure you have a backup or recovery method for any data protected or encrypted by the TPM.</maml:para>
</maml:alertSet>
</maml:listItem>
</maml:list>

<maml:para>Because your TPM security hardware is a physical part of your computer, you may want to read the manuals or instructions that came with your computer, or search the manufacturer's Web site. Some hints to help locate TPM-related information are included in the topic <maml:navigationLink><maml:linkText>Manage the TPM Manually</maml:linkText><maml:uri href="mshelp://windows/?id=171a5a07-00b0-4ff6-bd73-4d1dd841bf1b"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Keys and Passwords Used by the TPM</maml:title><maml:introduction>
<maml:para>The Trusted Platform Module (TPM) makes extensive use of asymmetric key pairs, often called "public-private key pairs." The private key is kept secret, and the corresponding public key can be widely distributed. </maml:para>

<maml:para>Topics in this section discuss some of the most important keys used by the TPM security hardware, and also discuss the owner password. This section includes the following topics:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understand the TPM Owner Password</maml:linkText><maml:uri href="mshelp://windows/?id=c7536fa5-981c-4a21-8460-99c90e13fdd7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Change the TPM Owner Password</maml:linkText><maml:uri href="mshelp://windows/?id=84920211-a685-4dfc-9b46-649cf3d0268f"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understand the TPM Storage Root Key</maml:linkText><maml:uri href="mshelp://windows/?id=40fb8523-ddfc-4d25-91ee-20794b381236"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understand the TPM Endorsement Key</maml:linkText><maml:uri href="mshelp://windows/?id=067e16b6-9049-4bbb-bcb9-9bce4cead04d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>TPM Management</maml:title><maml:introduction>
<maml:para>TPM Management is a Microsoft Management Console (MMC) snap-in that allows administrators to interact with Trusted Platform Module (TPM) Services. TPM Services is used to administer the TPM security hardware in your computer. The TPM Services architecture provides the infrastructure for hardware-based security by providing access to and assuring application-level sharing of the TPM.</maml:para>

<maml:para>This help file contains topics in the following areas:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Overview of TPM Management</maml:linkText><maml:uri href="mshelp://windows/?id=6108f562-e060-476b-9683-4a3e3009f994"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using the TPM Management Snap-In</maml:linkText><maml:uri href="mshelp://windows/?id=371a29c7-b746-4473-8849-2670bdbfd730"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing the Trusted Platform Module</maml:linkText><maml:uri href="mshelp://windows/?id=560eb6cc-53e2-49d2-935b-b07de311b6a5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting Up the TPM for First Use</maml:linkText><maml:uri href="mshelp://windows/?id=6652692c-19e6-46cd-91a7-4b108042a3d7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Keys and Passwords Used by the TPM</maml:linkText><maml:uri href="mshelp://windows/?id=e6a30c7e-34bf-473c-ab64-8f78cefeb7f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Troubleshooting TPM Management</maml:linkText><maml:uri href="mshelp://windows/?id=01444377-1e10-40e4-a389-b442a99676a8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Resources for TPM Management</maml:linkText><maml:uri href="mshelp://windows/?id=0beee185-4eff-431d-ad1d-212e684926f8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><?xml version="1.0" encoding="utf-8"?>
<HelpCollection Id="TPMAdmin" DTDVersion="1.0" FileVersion="" LangId="1033" Copyright="© 2005 Microsoft Corporation. All rights reserved." Title="TPM Management" xmlns="http://schemas.microsoft.com/help/collection/2004/11">
	<CompilerOptions CompileResult="H1S" CreateFullTextIndex="Yes" BreakerId="Microsoft.NLG.en.WordBreaker">
		<IncludeFile File="TPMAdmin.H1F" />
	</CompilerOptions>
	<TOCDef File="TPMAdmin.H1T" Id="TPMAdmin_TOC" />
	<VTopicDef File="TPMAdmin.H1V" />
	<KeywordIndexDef File="TPMAdmin_AssetId.H1K" />
	<KeywordIndexDef File="TPMAdmin_BestBet.H1K" />
	<KeywordIndexDef File="TPMAdmin_LinkTerm.H1K" />
	<KeywordIndexDef File="TPMAdmin_SubjectTerm.H1K" />
	<ItemMoniker Name="!DefaultTOC" ProgId="HxDs.HxHierarchy" InitData="AnyString" />
	<ItemMoniker Name="!DefaultFullTextSearch" ProgId="HxDs.HxFullTextSearch" InitData="AnyString" />
	<ItemMoniker Name="!DefaultAssetIdIndex" ProgId="HxDs.HxIndex" InitData="AssetId" />
	<ItemMoniker Name="!DefaultBestBetIndex" ProgId="HxDs.HxIndex" InitData="BestBet" />
	<ItemMoniker Name="!DefaultAssociativeIndex" ProgId="HxDs.HxIndex" InitData="LinkTerm" />
	<ItemMoniker Name="!DefaultKeywordIndex" ProgId="HxDs.HxIndex" InitData="SubjectTerm" />
</HelpCollection><?xml version="1.0" encoding="utf-8"?>
<HelpFileList xmlns="http://schemas.microsoft.com/help/filelist/2004/11">
	<File Url="assets\01444377-1e10-40e4-a389-b442a99676a8.xml" />
	<File Url="assets\067e16b6-9049-4bbb-bcb9-9bce4cead04d.xml" />
	<File Url="assets\0af6b604-fdf2-4037-a658-5bf11ec816e9.xml" />
	<File Url="assets\0beee185-4eff-431d-ad1d-212e684926f8.xml" />
	<File Url="assets\148bb87d-a3c1-4344-958e-5f5b7de14a9c.xml" />
	<File Url="assets\171a5a07-00b0-4ff6-bd73-4d1dd841bf1b.xml" />
	<File Url="assets\1b68f329-0db3-4f0e-a0bb-72a3dd1a65f9.xml" />
	<File Url="assets\21a02891-8efe-462a-81ea-85482b3da000.xml" />
	<File Url="assets\303a688a-6ab7-4193-9208-ae52c2b6b7f9.xml" />
	<File Url="assets\371a29c7-b746-4473-8849-2670bdbfd730.xml" />
	<File Url="assets\40fb8523-ddfc-4d25-91ee-20794b381236.xml" />
	<File Url="assets\45da796d-ded5-423f-bf90-07c670384a2a.xml" />
	<File Url="assets\560eb6cc-53e2-49d2-935b-b07de311b6a5.xml" />
	<File Url="assets\5f2457b7-2ccb-479c-9ec4-7ac5ecb0b5b7.xml" />
	<File Url="assets\6108f562-e060-476b-9683-4a3e3009f994.xml" />
	<File Url="assets\6652692c-19e6-46cd-91a7-4b108042a3d7.xml" />
	<File Url="assets\6c911321-0e0d-4376-afe1-162326c42018.xml" />
	<File Url="assets\6d0d6ca6-0ed4-4bc3-bbab-f26edd4117d7.xml" />
	<File Url="assets\74461555-98a1-475c-904c-2762bc9e7fc2.xml" />
	<File Url="assets\84920211-a685-4dfc-9b46-649cf3d0268f.xml" />
	<File Url="assets\bbc02bd1-3e31-4db9-8b19-1d857f52a77b.xml" />
	<File Url="assets\bf114ca2-122b-4aa8-b10d-f35480979677.xml" />
	<File Url="assets\c7536fa5-981c-4a21-8460-99c90e13fdd7.xml" />
	<File Url="assets\cac0a9f7-77c6-4674-a793-e8f741888db8.xml" />
	<File Url="assets\e6a30c7e-34bf-473c-ab64-8f78cefeb7f0.xml" />
	<File Url="assets\ef63d9c0-d932-46bc-9f7c-7b666cb8126c.xml" />
</HelpFileList><?xml version="1.0" encoding="utf-8"?>
<VTopicSet DTDVersion="1.0" xmlns="http://schemas.microsoft.com/help/vtopic/2004/11">
	<Vtopic Url="assets\01444377-1e10-40e4-a389-b442a99676a8.xml" RLTitle="Troubleshooting TPM Management">
		<Attr Name="assetid" Value="01444377-1e10-40e4-a389-b442a99676a8" />
		<Keyword Index="AssetId" Term="01444377-1e10-40e4-a389-b442a99676a8" />
		<Keyword Index="AssetId" Term="01444377-1e10-40e4-a389-b442a99676a81033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="01444377-1e10-40e4-a389-b442a99676a8" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\067e16b6-9049-4bbb-bcb9-9bce4cead04d.xml" RLTitle="Understand the TPM Endorsement Key">
		<Attr Name="assetid" Value="067e16b6-9049-4bbb-bcb9-9bce4cead04d" />
		<Keyword Index="AssetId" Term="067e16b6-9049-4bbb-bcb9-9bce4cead04d" />
		<Keyword Index="AssetId" Term="067e16b6-9049-4bbb-bcb9-9bce4cead04d1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="067e16b6-9049-4bbb-bcb9-9bce4cead04d" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\0af6b604-fdf2-4037-a658-5bf11ec816e9.xml" RLTitle="Initialize the TPM">
		<Attr Name="assetid" Value="0af6b604-fdf2-4037-a658-5bf11ec816e9" />
		<Keyword Index="AssetId" Term="0af6b604-fdf2-4037-a658-5bf11ec816e9" />
		<Keyword Index="AssetId" Term="0af6b604-fdf2-4037-a658-5bf11ec816e91033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="0af6b604-fdf2-4037-a658-5bf11ec816e9" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\0beee185-4eff-431d-ad1d-212e684926f8.xml" RLTitle="Resources for TPM Management">
		<Attr Name="assetid" Value="0beee185-4eff-431d-ad1d-212e684926f8" />
		<Keyword Index="AssetId" Term="0beee185-4eff-431d-ad1d-212e684926f8" />
		<Keyword Index="AssetId" Term="0beee185-4eff-431d-ad1d-212e684926f81033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="0beee185-4eff-431d-ad1d-212e684926f8" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\148bb87d-a3c1-4344-958e-5f5b7de14a9c.xml" RLTitle="Store TPM Recovery Information in Active Directory Domain Services">
		<Attr Name="assetid" Value="148bb87d-a3c1-4344-958e-5f5b7de14a9c" />
		<Keyword Index="AssetId" Term="148bb87d-a3c1-4344-958e-5f5b7de14a9c" />
		<Keyword Index="AssetId" Term="148bb87d-a3c1-4344-958e-5f5b7de14a9c1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="148bb87d-a3c1-4344-958e-5f5b7de14a9c" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\171a5a07-00b0-4ff6-bd73-4d1dd841bf1b.xml" RLTitle="Manage the TPM Manually">
		<Attr Name="assetid" Value="171a5a07-00b0-4ff6-bd73-4d1dd841bf1b" />
		<Keyword Index="AssetId" Term="171a5a07-00b0-4ff6-bd73-4d1dd841bf1b" />
		<Keyword Index="AssetId" Term="171a5a07-00b0-4ff6-bd73-4d1dd841bf1b1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="171a5a07-00b0-4ff6-bd73-4d1dd841bf1b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\1b68f329-0db3-4f0e-a0bb-72a3dd1a65f9.xml" RLTitle="Control TPM Command Blocking by Using Group Policy">
		<Attr Name="assetid" Value="1b68f329-0db3-4f0e-a0bb-72a3dd1a65f9" />
		<Keyword Index="AssetId" Term="1b68f329-0db3-4f0e-a0bb-72a3dd1a65f9" />
		<Keyword Index="AssetId" Term="1b68f329-0db3-4f0e-a0bb-72a3dd1a65f91033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="1b68f329-0db3-4f0e-a0bb-72a3dd1a65f9" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\21a02891-8efe-462a-81ea-85482b3da000.xml" RLTitle="Reset the TPM Lockout">
		<Attr Name="assetid" Value="21a02891-8efe-462a-81ea-85482b3da000" />
		<Keyword Index="AssetId" Term="21a02891-8efe-462a-81ea-85482b3da000" />
		<Keyword Index="AssetId" Term="21a02891-8efe-462a-81ea-85482b3da0001033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="21a02891-8efe-462a-81ea-85482b3da000" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\303a688a-6ab7-4193-9208-ae52c2b6b7f9.xml" RLTitle="Add the TPM Management Snap-In to MMC">
		<Attr Name="assetid" Value="303a688a-6ab7-4193-9208-ae52c2b6b7f9" />
		<Keyword Index="AssetId" Term="303a688a-6ab7-4193-9208-ae52c2b6b7f9" />
		<Keyword Index="AssetId" Term="303a688a-6ab7-4193-9208-ae52c2b6b7f91033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="303a688a-6ab7-4193-9208-ae52c2b6b7f9" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\371a29c7-b746-4473-8849-2670bdbfd730.xml" RLTitle="Using the TPM Management Snap-In">
		<Attr Name="assetid" Value="371a29c7-b746-4473-8849-2670bdbfd730" />
		<Keyword Index="AssetId" Term="371a29c7-b746-4473-8849-2670bdbfd730" />
		<Keyword Index="AssetId" Term="371a29c7-b746-4473-8849-2670bdbfd7301033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="371a29c7-b746-4473-8849-2670bdbfd730" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\40fb8523-ddfc-4d25-91ee-20794b381236.xml" RLTitle="Understand the TPM Storage Root Key">
		<Attr Name="assetid" Value="40fb8523-ddfc-4d25-91ee-20794b381236" />
		<Keyword Index="AssetId" Term="40fb8523-ddfc-4d25-91ee-20794b381236" />
		<Keyword Index="AssetId" Term="40fb8523-ddfc-4d25-91ee-20794b3812361033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="40fb8523-ddfc-4d25-91ee-20794b381236" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\45da796d-ded5-423f-bf90-07c670384a2a.xml" RLTitle="Clear the TPM">
		<Attr Name="assetid" Value="45da796d-ded5-423f-bf90-07c670384a2a" />
		<Keyword Index="AssetId" Term="45da796d-ded5-423f-bf90-07c670384a2a" />
		<Keyword Index="AssetId" Term="45da796d-ded5-423f-bf90-07c670384a2a1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="45da796d-ded5-423f-bf90-07c670384a2a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\560eb6cc-53e2-49d2-935b-b07de311b6a5.xml" RLTitle="Managing the Trusted Platform Module">
		<Attr Name="assetid" Value="560eb6cc-53e2-49d2-935b-b07de311b6a5" />
		<Keyword Index="AssetId" Term="560eb6cc-53e2-49d2-935b-b07de311b6a5" />
		<Keyword Index="AssetId" Term="560eb6cc-53e2-49d2-935b-b07de311b6a51033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="560eb6cc-53e2-49d2-935b-b07de311b6a5" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5f2457b7-2ccb-479c-9ec4-7ac5ecb0b5b7.xml" RLTitle="Understand TPM Initialization">
		<Attr Name="assetid" Value="5f2457b7-2ccb-479c-9ec4-7ac5ecb0b5b7" />
		<Keyword Index="AssetId" Term="5f2457b7-2ccb-479c-9ec4-7ac5ecb0b5b7" />
		<Keyword Index="AssetId" Term="5f2457b7-2ccb-479c-9ec4-7ac5ecb0b5b71033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5f2457b7-2ccb-479c-9ec4-7ac5ecb0b5b7" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6108f562-e060-476b-9683-4a3e3009f994.xml" RLTitle="Overview of TPM Management">
		<Attr Name="assetid" Value="6108f562-e060-476b-9683-4a3e3009f994" />
		<Keyword Index="AssetId" Term="6108f562-e060-476b-9683-4a3e3009f994" />
		<Keyword Index="AssetId" Term="6108f562-e060-476b-9683-4a3e3009f9941033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6108f562-e060-476b-9683-4a3e3009f994" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6652692c-19e6-46cd-91a7-4b108042a3d7.xml" RLTitle="Setting Up the TPM for First Use">
		<Attr Name="assetid" Value="6652692c-19e6-46cd-91a7-4b108042a3d7" />
		<Keyword Index="AssetId" Term="6652692c-19e6-46cd-91a7-4b108042a3d7" />
		<Keyword Index="AssetId" Term="6652692c-19e6-46cd-91a7-4b108042a3d71033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6652692c-19e6-46cd-91a7-4b108042a3d7" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6c911321-0e0d-4376-afe1-162326c42018.xml" RLTitle="Connect to the Network">
		<Attr Name="assetid" Value="6c911321-0e0d-4376-afe1-162326c42018" />
		<Keyword Index="AssetId" Term="6c911321-0e0d-4376-afe1-162326c42018" />
		<Keyword Index="AssetId" Term="6c911321-0e0d-4376-afe1-162326c420181033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6c911321-0e0d-4376-afe1-162326c42018" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6d0d6ca6-0ed4-4bc3-bbab-f26edd4117d7.xml" RLTitle="Turn the TPM On or Off">
		<Attr Name="assetid" Value="6d0d6ca6-0ed4-4bc3-bbab-f26edd4117d7" />
		<Keyword Index="AssetId" Term="6d0d6ca6-0ed4-4bc3-bbab-f26edd4117d7" />
		<Keyword Index="AssetId" Term="6d0d6ca6-0ed4-4bc3-bbab-f26edd4117d71033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6d0d6ca6-0ed4-4bc3-bbab-f26edd4117d7" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\74461555-98a1-475c-904c-2762bc9e7fc2.xml" RLTitle="Command Management">
		<Attr Name="assetid" Value="74461555-98a1-475c-904c-2762bc9e7fc2" />
		<Keyword Index="AssetId" Term="74461555-98a1-475c-904c-2762bc9e7fc2" />
		<Keyword Index="AssetId" Term="74461555-98a1-475c-904c-2762bc9e7fc21033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="74461555-98a1-475c-904c-2762bc9e7fc2" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\84920211-a685-4dfc-9b46-649cf3d0268f.xml" RLTitle="Change the TPM Owner Password">
		<Attr Name="assetid" Value="84920211-a685-4dfc-9b46-649cf3d0268f" />
		<Keyword Index="AssetId" Term="84920211-a685-4dfc-9b46-649cf3d0268f" />
		<Keyword Index="AssetId" Term="84920211-a685-4dfc-9b46-649cf3d0268f1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="84920211-a685-4dfc-9b46-649cf3d0268f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\bbc02bd1-3e31-4db9-8b19-1d857f52a77b.xml" RLTitle="Control TPM Command Blocking by Using TPM Management">
		<Attr Name="assetid" Value="bbc02bd1-3e31-4db9-8b19-1d857f52a77b" />
		<Keyword Index="AssetId" Term="bbc02bd1-3e31-4db9-8b19-1d857f52a77b" />
		<Keyword Index="AssetId" Term="bbc02bd1-3e31-4db9-8b19-1d857f52a77b1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="bbc02bd1-3e31-4db9-8b19-1d857f52a77b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\bf114ca2-122b-4aa8-b10d-f35480979677.xml" RLTitle="Start TPM Management">
		<Attr Name="assetid" Value="bf114ca2-122b-4aa8-b10d-f35480979677" />
		<Keyword Index="AssetId" Term="bf114ca2-122b-4aa8-b10d-f35480979677" />
		<Keyword Index="AssetId" Term="bf114ca2-122b-4aa8-b10d-f354809796771033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="bf114ca2-122b-4aa8-b10d-f35480979677" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c7536fa5-981c-4a21-8460-99c90e13fdd7.xml" RLTitle="Understand the TPM Owner Password">
		<Attr Name="assetid" Value="c7536fa5-981c-4a21-8460-99c90e13fdd7" />
		<Keyword Index="AssetId" Term="c7536fa5-981c-4a21-8460-99c90e13fdd7" />
		<Keyword Index="AssetId" Term="c7536fa5-981c-4a21-8460-99c90e13fdd71033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c7536fa5-981c-4a21-8460-99c90e13fdd7" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\cac0a9f7-77c6-4674-a793-e8f741888db8.xml" RLTitle="Troubleshoot TPM Initialization">
		<Attr Name="assetid" Value="cac0a9f7-77c6-4674-a793-e8f741888db8" />
		<Keyword Index="AssetId" Term="cac0a9f7-77c6-4674-a793-e8f741888db8" />
		<Keyword Index="AssetId" Term="cac0a9f7-77c6-4674-a793-e8f741888db81033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="cac0a9f7-77c6-4674-a793-e8f741888db8" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e6a30c7e-34bf-473c-ab64-8f78cefeb7f0.xml" RLTitle="Understanding Keys and Passwords Used by the TPM">
		<Attr Name="assetid" Value="e6a30c7e-34bf-473c-ab64-8f78cefeb7f0" />
		<Keyword Index="AssetId" Term="e6a30c7e-34bf-473c-ab64-8f78cefeb7f0" />
		<Keyword Index="AssetId" Term="e6a30c7e-34bf-473c-ab64-8f78cefeb7f01033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e6a30c7e-34bf-473c-ab64-8f78cefeb7f0" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ef63d9c0-d932-46bc-9f7c-7b666cb8126c.xml" RLTitle="TPM Management">
		<Attr Name="assetid" Value="ef63d9c0-d932-46bc-9f7c-7b666cb8126c" />
		<Keyword Index="AssetId" Term="ef63d9c0-d932-46bc-9f7c-7b666cb8126c" />
		<Keyword Index="AssetId" Term="ef63d9c0-d932-46bc-9f7c-7b666cb8126c1033" />
		<Attr Name="appliesToProduct" Value="Windows 7" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1752" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ef63d9c0-d932-46bc-9f7c-7b666cb8126c" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
</VTopicSet><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpTOC>
<HelpTOC xmlns="http://schemas.microsoft.com/help/toc/2004/11" DTDVersion="1.0" Id="TPMAdmin_TOC" FileVersion="" LangId="1033" ParentNodeIcon="Book" PluginStyle="Hierarchical">
	<HelpTOCNode Url="mshelp://windows/?tocid=1ac39973-c7c1-48ad-aa17-8454b68ddfa9" Title="">
		<HelpTOCNode Url="mshelp://windows/?id=ef63d9c0-d932-46bc-9f7c-7b666cb8126c" Title="TPM Management">
			<HelpTOCNode Url="mshelp://windows/?id=6108f562-e060-476b-9683-4a3e3009f994" Title="Overview of TPM Management" />
			<HelpTOCNode Url="mshelp://windows/?id=371a29c7-b746-4473-8849-2670bdbfd730" Title="Using the TPM Management Snap-In">
				<HelpTOCNode Url="mshelp://windows/?id=bf114ca2-122b-4aa8-b10d-f35480979677" Title="Start TPM Management" />
				<HelpTOCNode Url="mshelp://windows/?id=303a688a-6ab7-4193-9208-ae52c2b6b7f9" Title="Add the TPM Management Snap-In to MMC" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=560eb6cc-53e2-49d2-935b-b07de311b6a5" Title="Managing the Trusted Platform Module">
				<HelpTOCNode Url="mshelp://windows/?id=148bb87d-a3c1-4344-958e-5f5b7de14a9c" Title="Store TPM Recovery Information in Active Directory Domain Services" />
				<HelpTOCNode Url="mshelp://windows/?id=45da796d-ded5-423f-bf90-07c670384a2a" Title="Clear the TPM" />
				<HelpTOCNode Url="mshelp://windows/?id=21a02891-8efe-462a-81ea-85482b3da000" Title="Reset the TPM Lockout" />
				<HelpTOCNode Url="mshelp://windows/?id=6d0d6ca6-0ed4-4bc3-bbab-f26edd4117d7" Title="Turn the TPM On or Off" />
				<HelpTOCNode Url="mshelp://windows/?id=74461555-98a1-475c-904c-2762bc9e7fc2" Title="Command Management">
					<HelpTOCNode Url="mshelp://windows/?id=bbc02bd1-3e31-4db9-8b19-1d857f52a77b" Title="Control TPM Command Blocking by Using TPM Management" />
					<HelpTOCNode Url="mshelp://windows/?id=1b68f329-0db3-4f0e-a0bb-72a3dd1a65f9" Title="Control TPM Command Blocking by Using Group Policy" />
				</HelpTOCNode>
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=6652692c-19e6-46cd-91a7-4b108042a3d7" Title="Setting Up the TPM for First Use">
				<HelpTOCNode Url="mshelp://windows/?id=5f2457b7-2ccb-479c-9ec4-7ac5ecb0b5b7" Title="Understand TPM Initialization" />
				<HelpTOCNode Url="mshelp://windows/?id=0af6b604-fdf2-4037-a658-5bf11ec816e9" Title="Initialize the TPM" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=e6a30c7e-34bf-473c-ab64-8f78cefeb7f0" Title="Understanding Keys and Passwords Used by the TPM">
				<HelpTOCNode Url="mshelp://windows/?id=c7536fa5-981c-4a21-8460-99c90e13fdd7" Title="Understand the TPM Owner Password" />
				<HelpTOCNode Url="mshelp://windows/?id=84920211-a685-4dfc-9b46-649cf3d0268f" Title="Change the TPM Owner Password" />
				<HelpTOCNode Url="mshelp://windows/?id=40fb8523-ddfc-4d25-91ee-20794b381236" Title="Understand the TPM Storage Root Key" />
				<HelpTOCNode Url="mshelp://windows/?id=067e16b6-9049-4bbb-bcb9-9bce4cead04d" Title="Understand the TPM Endorsement Key" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=01444377-1e10-40e4-a389-b442a99676a8" Title="Troubleshooting TPM Management">
				<HelpTOCNode Url="mshelp://windows/?id=cac0a9f7-77c6-4674-a793-e8f741888db8" Title="Troubleshoot TPM Initialization" />
				<HelpTOCNode Url="mshelp://windows/?id=6c911321-0e0d-4376-afe1-162326c42018" Title="Connect to the Network" />
				<HelpTOCNode Url="mshelp://windows/?id=171a5a07-00b0-4ff6-bd73-4d1dd841bf1b" Title="Manage the TPM Manually" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=0beee185-4eff-431d-ad1d-212e684926f8" Title="Resources for TPM Management" />
		</HelpTOCNode>
	</HelpTOCNode>
</HelpTOC><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="AssetId" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="BestBet" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="LinkTerm" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="SubjectTerm" /> eyT`!FEO=$E)R)TJDBSIڡi]¥$NR
W@jD
s{_8]C%6xK+!rfY(qBf6% ]EaHnTC@
Dfw.WyZAIT{߿n<K6OlWjpǮoq[WEpw-b呟#ph]ͽ!x|;q7~	xýw0e6ϻ|66aPUփ^wǰzc[?]z^g<c?bM4a.37ਗi|^5oxC:"xy8gG\{vW縏J-s9nvCWt
Ds
~zwwq:7݃"
r!_9]qs{9yG/t;{oM=<u[w	N]{}>3{Nlc83}~~䋧['ܸH}Q.LӎޛϿf-|&ϭl.g<vnxvgϦטox6UyRyO_;k<__zqr'
8M=4Ӏ}g7y~BAO83|9>ul\o|9>[}$)Mz}z+}8H<$Sv'{/rtE56l.z=vc>ۆ?r΂yP&؋Y_䑺'ϟFMv+kvk/mgS4ۯ]g;?:[ʱ=wcvz_=5T>
*Q܎m=Ytl_Q[s=cwnzC=i;뗛k۱?]]a߹7cpjZfGDŽǾl=s;#czn<܈_{s^_؏=X߃g=k}η?S>9:gЇ;ַu}ρok~o=k}[o[G[ok'}[o-dWtgO٭g}{_/\ӷ6=vj~۵vnfo]oR7k<ӱ㞽m[]omwu~꽻qUjXQګk\}U_^u/G<R{꾷}nR|RWdUɫWkKݵ~f~:Zz=KﵗėkZčKK֥5R
|NZ7R=%u-||ž|˭u}RzV8sױ_|;'qtcݘ'ّnwqvCvh]|j?v]Np;7o7E_;~>w,!c~Qw}@yGT>`}n7;LHeuqxaOss:?wjjIޯv7>ÿxvvooz^SJS:3=:SJgtOb<dOYҝ)Ϟ)=:SJgN{tg{Jt^MOmoON靝)9?S:=:S3=S:=:ߨSJguOxzOYҝ)=S:s:tUҝ))9ҝ)y	):_S>S:3>:'S/>S:g|JtfƧJv|t|JtȧJ|tuJ霔O\OΖYoS:guJܽN);t˧JvN)c>S:g|Jte:So>S:gvJ霜OOΞY?);tfm:S3>S:;tqYҝG)>S:g}Jt.uҝM)ߝS:3;tԧJwOΪ鼬OOήYS:gwJN)t')t׷8Vx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋׯFhz{h

ÈGh4R|<!h4Z|?2G!h8>
3ap|4r;>
0Ѱhh?8Ώah<?ah?@Џa4|>
EGÐ4,~
#яhX"?IGCP4\~
æGh:?OGC4|>
YGCaМ|4T?ah4~
3ՏhX~4
GPhx|4u>
íGh~4
?CGaP4}>
Eh!?^+▇pD`00``00``00``00``00``00``00``0	6""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""">"}«߷׻1ཿoͿ?딾گOqϛ:޸nuuSǜ}V򮛷?5;<o:)|r/_x%"gS}piEDZA#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b SYC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐn"[o?FWG0xј+~$\N\.¸p.\…p\.¸p.\.ܸ7.\…p\.¸p.\…p\.8.\Ņ\.¸p.\…pVtw…p\.¸p?\=B]OuMuw…p\.…p\.¸p.\…qḮ:뎯>s_}vv!d>Qvg>4vlځG<V;]vGn}+n;CsIh{쎘>8}x;Rcqs;!~32ǝ\Oiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiijګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjڶqii˞kiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii߶jjګjjګjjڵjõ[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[ծ~>5iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii{/qݺ7ww7ąps\.>jjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjm\_giiiiiiiiiiiiiiiiiiiiiiid^
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiۦiiiiiiiiiiiiiiiiiiiiiiiiiiiii4-M44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM46Miiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii;|/4MM;e^ըmvg>z;IV^xW-w ?ȟp?koΥPV/Os=_]w)Mw^}_?FL{w?W|w7r]}Ov^064?orOoܜkPE@>HXx׶m3T˸*iZB2⚍C*5!`"-)t-Utla
Ps"3޵K<y=$ᩓ*|l<UX}ɉawL\١*ݛ팭7IkF
]+o|45*S&kY&e<40
F+m`,%ڼ+ёCUf֬ǁVjq,A%,;H	W (=X==L	?0o>4!PȄ@C^t4$>:9
ɲ`i"D-3hi.	!v{͢Bt 9Ks4yH8a&}()!IF%UKFR%Rr_'7r,v{H"iElzJyYJJC[  qzbJ1^RsbiL;:URz@$8YnĘg_	ձlKV1M@^[HLS)RF
m33Ŭȩz_GN/H3aS$rR|A?Y~_RznH{NL?r
PcDB:ʝ.-/%Iцޑ,V3}z`;kg2bT~(/^bHHITzẠE<gAj뼼_S,m6Wfo"o%pycXnUˁW]wЌ-Cּl'*NOɉ
%kEFnCV1DtR}ߥl
;k\\x7x_֜2|nEt'2[2eA(\|)xsx?4[y][ňtJBoT0sۮGtw{X	
W}<]YJ>IIՋ{g#Q+d%OTf~{oVu
yzfKOŦɍMlFǒ$yjBgQMH
σjH[Yu	'y$Ljh]EJO砥1}%(r{9M-a+^wn\5Sj>$_	k@DLsrh󤋺-08~O}4mH`:S1/"TGG֏Z:knsz^R {hקԥTD5樚C	0VumD
LtA=qt~|*
yW|-jm2M?Zc̢
/ؓ{qحu+u^JE4B"ѨhȬ\!C?4h%\]xK7x^"*SIخrb)
fEƭ|
rVCP[FV.D/H{,!A4۸j-Ɇw41FmKW8*ye̘'/,)">3J,<M칮OΜI^:K˱G=>%
;Z٥y*^lCucy9R%Zr^gEJBwC%IWomP]f+wb¬6aD+qJןG:HmBF+}yBRJ<Zʚ!O+Y$#-%Dr<|<4nO#o62J!{Ҧ_;pgq?g~ڽ̂'xa;;:[ o$AW9{{'3}zg]'^vcvj[UE<'36:6WiN7U6Kw+!$7¬]^p̽<tюrSZoZ޹ܑt4`1{g}Jq7h{wwuWZO
CxXpH	I|ڈ
1m_	4L^9菾QρyGq-,/G1H<ctVaO">Unj?1c[>9X6ȳoxq(#҈ViZLG;
-.1y6lJ^f<@ܙIO岓۴(C]C-cf*Ums.s7mR3DҎ.sitef墑PplnvB[9k{G<˔KܦѕW_Q|gʏ^88,w@[-<ePls44%%_'+۹5Qx8)K
!X O.y~oʀjoMmi0:
Pߥ1-C:Ɩ:`kUV,6TZcQEpS},Ƣ5gݱ"[b/Lԅ|@*~hQ>T5Ԗ*z.0<f!WaL6HAn
og	L2"ؼySjcxtsT$hhPcDEʕsuEӓ^mE{1!	cwhYYt|ƱUdG?hrQ#Fڒ\P0TUHYG jeّtr?P<!OPw
nړIp-`w>bsR[EIk֯An*H_>ao5nD|'Bk9f}tk>_tABxH#fv1Ks4NXMs,==\2F
h"EJ->-#Ik
u]!q@*Mj&w+i#dqsʰqn߆l4ICST/ҥloyoJ_kAn뗩d?Uq$/4
t'vOґL38
$2@z9\.$dפ-*25kg[<TE\p9VةdLsxvDk$@ln|̧3t3/HqbJ+̱X"eP27
]2tuR(@=箟B3
|f#<Ĕ};8܉28 hޖwˌq{{AiD[Y3R!x9/ygp<Fa:ڿ+L7htjg
:?ۯ;
X(fgy~t(\xX`**
%lF>O:ENдi]	-_
,;%0	!<'b133Ԓ#~;IEf^bN	57!:C1$:ԞU%^j+
,]%D1I*UW=c'¢4&LnRylv`SkĴ79^^Fi1h\_Mf>JIĕvp%߹GIIjKp-ѐܡTuz%'Hvljv,J.	&"L?o'ֆBu;NYa"[^MXlد*Tfq+(ι2ʺĀ:?HTIK0he!#PӤj &5\s;B),׹ӮQێ}Ckimm2MoU:Dr'{5J+V		Bշeؠ"'i*ۻ;.ФZ.@/OV)h7eY	e4չdFv5RA嘳I*!2d|HФTe{v Q_1w#Ν	b,W&
>$~zt6?%шwj-gǭ	eRY?.0 <QBucIg[gG[!7KepuJ@dVa161
p]xN⼸S94ȫC^@%l]׼rOESGAa<
lllD0L/T`@21(HME_&ETlO@oy~a 6p]ݾ+몑2zD
~?;$tH9CS:Қу}9m	 (}DaX[fA=2YAܽJVCQ[Fyr}~{AԖ=<޲.jFq1^x+5<n(L}HaQJBTzEA:	f.ѨD[CC6ڋ=m8!~C̺_X
{yR_
{SmGc1?gWھ|ˆ2G? ]Tߖj]=9>u}x&*#ő
vSfd
M0cMr1Cm8Wz5`7NSѸY\>#?UXo'"y4(k5_B*F^7rPA25+L37m,R&#xNdlJazP;<L[yelMCؒ,*`ꊅ)E۷._fxXB7@^7p7QSǁS&>܍Qܟ#	mtAǼOJ ޭ[-H\{G\8LjEoK@D]S9yH|e,"}]Lj)%_ۑIS)1ɟ!6`bzKFmIݫQhm—ƕ,!W]vҭny:^g0UGatRvϥBLuҭ~{DNkhE7i.]З+zJ`rӚ.*uqN3at^=o.)Ѻru|!ia@;F|FN/N|P| EgŽ:Wr;>ķӱ23uy(L5T`foҊf
"_{xʹ<dr_`m85SMM&03r7(dQ኱|3..1i%mEW%RPQL'Z':	gIRyIL(F$DP*>&D%E<90kS0R7B"07	
ď?K`G*QqH HH  HH  HH  H?C@hs}p:CrQljl,SMqb~~ņF)vԲ]Q'PX|Mٲp@egUs>惒iTq9ĬqcIjVd|qtE
R3lmˬ>
cdVKqB{{傀籃
rIOTWD	43U뛑.880$lQVG~a3.|=bn/F"s$[ݓcn~xGoO|ޥw[fu!־h2+T38
\F8WGf :u^xU1kMF+1W+sZYR[|fF^ފ}GlE7~~~˚WeN)Ta)WsAH>d:++O
!|[G6_rӔb.1WTPAnӍ&QSo	>e47#yJRnΡg!T	!4s3|sމ5>Ӑ0GZ )>EcŲ\}8v+_!p
yӽ!
ԕUMׅ/H7Y,ͧjm%7ahlb𶖨z 	vIWu	sR
*`4GYm'T0:BSzѬ6V&Y@wP22^3ࡀnCx1d|ƵU!6vhb'_4\\cwm/{u8r+n?3ϸui _#?׌krh"n
l1c'^Xkty8CE%T_\PT]H:xBCx+ efO+!nu!8"x0
hButIٺ?_L4&<G-Npi0<ׇA#)·7Ǧ/
9}06,\SmqB-Cbc=vPe:C
9 4odB'0U
Rfs9i%UtE9Z5%Vsq2JؾVn7Ӄ'Ąާ^k+'<[rm^Z¡V{tFyom2NFǼdH'<]nJGqJheЖ$NPei9%Y5U;E+1#<r+5XȊ<b/uG0vo
+	1a5X[MQ/鎇l
l0փ|Ң:|*=)'#~J
/ vbT+il!cOMY$֬Kr*"@1([i뫪Jm$涎TJ5	ʍ}4]2rGՍؓIw6-#W_C8<[NҬ^5.d/fZԮ@/p?A\'F"[">G>5k
NuK>H%z<،#]APqCbJ*H
nNU%ٽe\ yjvaUs53ėX~թ+55ZkZ!Qi#q{jjjHJG*QqLC»t	6x}=dN5jsDҐfU[eɕ1*NZ6ӌqz{FͫW쏙Xl}i\ȭO-Q2d`T9ӞGOa,GcbyӇ_u[j J&e-&6Y*B0,va?f״	DS8awWϵE`oSƁN*
~Uޘ!2wC_DB~8쇯&	9}Q`ƿ͍DReM9ZlH(" 齒J_VFH>r]N8X^;;drʽ̿~/> ubhܽ~rs?^5q~-6~KE
.ȥǤr&3a݋vT)$c| (NP;4q:iC%HrlXWn1s;[vbUrFClVY4-4UQWSB8{FZBc_vf(!#}Vp%R擋H|r
5M7&kB3vQ2\aP#
~		T- Lz|IZe0Y!XRU;Z74'T	lm~u?S7}vOKϘ51Lrx!*HؗJ@c^q˙'E޲s(GMԞKIO{
PW^Xn
"+ǃaXڹD j2J8f'zr>@Qlg7L
!$(?2Lbi.法'58O<$h+&GÕw6%xUT5%X1a,es/+x<”YSǾl?
1Nx	tsgc2{0٧n^BB`M5Z[|BUwbbfT2EDZy
w#yKQ까9ƌ2XDNK}}
~	kaNkyڕAd#Z|mWb3sAI^n-ࣃ'WYPZ!84
K`z|r`Xy~3=74jhAcz7=T_ð##YʵE%I[SX@ѵDa@1!(tQmψ}wiѦ	U猇q`Z\7tLgӕJ1w4cbN|RV a%(.p4mqB~s(~<s-RHSZ%FEqZWұ:ң$W+;kRj٢-Qtm3qmLWkYQ27|sĕVl((L,uF$oi/3⧱iVwdS`yLcWkxJ!e%^I+ҋ>YTDA_̙喺U!8z<;d7Dkb=XLjuүE[gdK>
Bb^jެCX0z6$oj%
>ݶiQӗS~0:Q?e|
J5+Ҥ7ٶ,6bI=g,X5w"Q1_<+*JKhu_B|SAEiֺS^7q,[<2aq&oLm枵\S bB]3h  |*3Flx;|Bz}[Ûn(ᒂr}1~k4^[޸%bnO۩	Q+o8&8Axu4|a_p:

Άz<"i9	8
צ7<hWvgsJ38.tU]9i;:[Q>vTL
+Wuk"%Ԣ-J{42?NVAOa	KΰSuէG]áUFvOh>3MPIg7WˡҜenXXo`G{MIwgOKB{pl" ؘ5rꊿ
g^xo<A,/xˇO1.>3JR9R7{|yeS$p*~$Jp"5Nn[bMtR@GK—_nD}b|hַ@(x|3w"]IAIz&65-WN[&X|0	@AiS5h|)s⍟{pRJ)_)\tY	5DG+YG.ynw'%;T\iӅ6:x_ەt^eFAUw%Jɒyv4ܔDڭ>q\
Aceе_6?LLGcW<txa/rՅӒբBT!SL(A&%dgu K	懞
6
ZN&TCHfJ@(;e>>?skLRAJ4ABAiIȓSo8n
(lO%5kh}{^^h56@%r=O&鎇+C監r짏=\{&%qSgpu>_J.uTk>^VNÂ5swQ?ӫBV]'F/34|gt\ð?V|lYh/M_1`׭\A_/aVxSإW2P(g2ş:78`f(~]X"6P8]=DM|"/
(b誠~I%s}ab2g>qL4s0]vBf)@4Wݕlu;%rZ{W3\o-_Jc.8楇1dF/c_4L/[
ŏppg;)&DZUou8O
aE_7(_r9>$]O!=\sLi+AL
en+\gT5KYBqHJF]E]蔼ſFb2rԦ:|2J-0\3n1-◺yOpg0
C$NCJJ39S&@ךlpDk	~)OW
:dTō`a2Q|‡o'C5[?6kBza#m:SJxa/}>Az
HSz3>?d[nvul,޾ɨ҅;[-.<Q3VkI_mEəuS20:p4[0-m9?^ۣ4s>,B8xы^/BnCZ+o1hna=O9dYzУ ȑF9	R$$ƥKk|WHQV.ą]!+pǴY
@ۨ]/&ĕ4oN!<|>v4lL4U%.ة'|oHʾ^eq\RS1rFEU=)|ffQN^p\-ʙΚE*9f 
iq6s#
ݗO	/fhBq!UN\l\FW_~okfKm7983K:.qKABûޗkgG'WHۂ0#숍8Ɛؙ{yԹqyTXV4T9p2v`]QyWșY{7эts{dyIPEnl	)XiU%׮++ZC y##{g?C	=~m`3zPQio̐t c{&C~.Wd2fᅫB(sqYCMjmr<]\S
Putgu3R3˴*,bs'+St/KV{=eR`bP#{p5yوy=]Pæ'r_@ZP)
(3r^ie&uҔ|Bt&B]I|GrD1VŞrb4$%Ehq5
I
=(<3E8Cj;TܥDI/+̙LJx;r>زDњulN$7őAv(	iϪ7I8/=.V}.
}:
~呺YWx6#g/mWS-`m{:G0<Y/xG?bܴw-}Gi<[G[,(iꓺ)E|vH}(i5	3;ss$;CNx=N
ՠe"ږhھX9Ǚț9-W`̫#K&VZ^Y!?Zĩd	OxZD9`fq[/ծ"|%#_/b./Xb`l~Y>\/q*[Ws78e3K2MӇq!c}f,~qA65a%:LE3A~紥s;W#AeٸfD6G#Nu0	EnG~PO'3±6j>ڡ(	,؀IlA;{G"5IH<i
תo՞^]gxrC.dp;^QXMCjtazU~*د!/ŬHAo,(Z7Ѷ{Tq<5VTի7,a%'=e~fȴgslmtƩT;`㖤yV~3u_z:'H؂3}VZ"o	Dq|C#.Iyu!\u/hd'^Jm@ER,v
٢Rd g3čyxPP˳RZN3eXݵ|o'x`xij;CM޸6{tCx\*֞Ԙs"]`P~%`|[ALV;_OZº*
mz^1=t[]r(Eh{8K9(A/Y+	)Cx! HU$o~hc6mB--ok#7-MnMA	KDn);Fupm#'521[#y*l1.\6=<6}S:
O81*药AuKsyuuId;A~*ӏCaC-bŴDKwb~b0HOb<:I7Ks9cuě`ZvIɷ<?<[;!'
|=
_X,*I)o3ռ$@<kڳMЍY|vm^2C*=m[R8n.v/pEy`34haP`'7Ubsi:D$JƦ	:8LFCe¨/m^Xț}h֋n	MvDSE0
{2l[L2&Vز83S:b
׆puqvR9P2]V3o0o`v`
_Q@j_DŐLy%"0Z漄үAOG/pN
49ߢ*O?E /vn+3Mî4A.v:9';aU8zG*,g}k8Hhj++cR4s㽥7oop\!XENQJi !yW'Z2IX.HAz#HR`xg{̈́c$biGw\_`΢%%D蝩ܚŸj02hP4ݠj;z$LFYFl)n%?{;#--sJ9wB0@~esnAIGE!oj>GBl{B8yrv4!>*3-^#?PXIeءyx=Gzdsm|&j%,?G?IMKzoTqp$CVEGT_4ӻ0Xg6xp:ݵћ4%uE#ǧ*Ð&+R5ޝ7m&oܹS' H'0{Vli*d0]Zuk	Wy~Y<d@`KEvӡ,y|bjVbM8UXirK$?N߉G"\˥Ř8}$260/hj@n(+]c
?/Ysȃ
Sw,[xu!	]DTخ*
\g {߉S.K HRK. t@<xbtJ8"bjKI(Go^x.
LnNv9i>:5UČ=l1_Whd!r^O2
CQlV -ڵ{O?bx|u8d+%;#{k;'!?zExv*
%!v<3BZQ(	,y\_@*u=vj#Qg@3G2~Ss"غTZO[%,oI/%Ł"dƤ̈́ErLRAYTtUId)A\ 5|,-x$!#:l2Ah VA(S$(3Uv6V6/+uXiȻH!+^s\/U\|{p#pn*df9U*$:ni^OW[:<U5QakT&%72߼ui|{qa~l
s4HaILߥ:<bgiwJ3/o4p	9h
âlO#᷐?V
TN=yIěyzjo
=ʷȶVx"7{WE|+PĦC͆{cmADV3u?2hn>26bՔY7b!~__Q٣@R`
+hZ06	N<=У
E·y?fpp5ZAPdgWgʎX(v~	X$kwYYw&EҖQ{C[=~GLAp_CtWqojAq>Vt{9#)J1$\Ge`0Y`z{͚*XUKLEbS*0a1͜NsWB,^`Pú[xrPOt>7lH|X%pB%DTG<ŧ2ݩnz֕Cʿ<hDvɲs/67\$zST\Mt"1Zxs̀0,X+JGlo1K.zI;$ `\tAHI2mgKoiރu.s̮wN~Jh>n=,'}CaEbg)nJ.[PQs.6XوgcwY`+EN%f̚(_J#mx'DKhΏBJ{h"7hG:)qC/4IC!&øZ)=KONku)cSZAΌ*wLNF[YbtjŦ	T/wtA|Bլ]o@mL'ߑ;1AzoY-Ґgaֈ9?BRX`xFW"EG+	EV$Q 	޿<=fV\dD) \UᄅK!!{A);/?B<E/RVϕז:6h1o8oMϕT{@cINzԧe:1KVUA#O)O%[V5\v1v/fp&ӎ-n"u	RaBQB2b9Ii\.QX'#U2apO<Kc0}m]DQg
E5S`1X=2P7͖ew9vP/'ṹ9{㽜OM6XvӁub~<ן1JyJwAuaO*ϟI\L%]8/Rj6o0y>R;	gՕ5vvh`,C+R,A.vq&vi>=xbˀ<&&dXY$
v:l]lY:U%z'Nʲr0d/q CH39ʺU[SQ&N/4SUj݋(YBuB	]ID,{ ,|L/\bABo079!{UJ*|,`ʵ0A4IM:*a%Mʁ6T]嚖I#Jyj~l㖙Vc#ȾtmVp,_%՜:o2WoGWA[+p-h?<("]8&p"Rs5rMh|K×1q.a\6Ʒvcr:N9.>fMcTa|(<cR@(8uT
]o"^a
´g[ڭJ'.NAA_yZV>F/>g񊒝}zEA䦋,AY_!ן[
Z!CۡdlM}Lv07(

 'oFy?g&=F`rxYJŝ誕VAY+P	2sP0VyL^]_gVٰ
K2\_t#(
Ȝaآ:fH}J<
kRJNd;|B*NQcCH.^LI0e%G1^Yvŋg-&;+`ɎU	1kKݗZPO9vPCa\"86jTQbw=)Zfh.ളݶr}<`U3ܡp(DJW)j%-S8!1IB]$Pr˱8O]I`<F5pWU#8G	56̄!8do閣ׂ7XO(	w/Gx_xP)N-IC{lo0i&b?{œ"2U!C5h^t~[6d'|c&q&sutx\'ڕC4-$づʎǰnc^feV8(t7EJ VGcyq3?u4H-UcjZ}	5p+/LE:xIWWn7Fc=ŒGri,*+r"j	}|zCyiyer
Za>t(ڪav/(n3fܬj2;`p;VJ&gD.R.ٞ[֕LY3A ՠ{Cά^&
̣sjb8Zcd BƎ??иl2]_/uӄ7i¢GO1hw@ן*/FY<:Ǎwgs38ȗ??ΐDMK	n*m&n8s؎wc`s+E<V׮#JK,TC葪m]0k*8MXsҩy؞<aS$ݺEps?y4tu#4P'7j6pb~kRa;ef9eQSOcN4gc~YGw҃њr5!IxwqAO6՟0Xr3[W@hPp.t;f%q>) زLKʙf7*-XZɉM)ϱM#8=@flZpo1b$ZZL)>"s5$DCNo$gj4-n$ɡCKo/HgJ9H
G󘖔ԷZ4}=Ib&ۄ}@ݝ>YŘ|5\V/MJ34!
C£irctʇ~ȍB/yE15ؠ8㞸7e5OK,#[S-F".zi2bQ.&>5.u*Yt7ƹֆC;4'Y:
V5sA/7.D}Ub<%ڋMԛ$[Ijv\j)l>׼p,K&s5 $R`H?-R2ښII&)Wb"+*Xrx\G%<vtA%eCwmRyфַ˯@9fUn|Z)}02{@,55OR'T0S$iYi[B8^z]ExH&|ԁjg;vjfNQ44RH Kšr˴\Uwywj31/IB$7D`.Deʆ. ^ ;P|!TrWR R2R2Ji&@ ؗTt I~3FD䠞q4\טQI{J6
T*U4ب&kAXҲXڷdy&I~LIM}/EeE狉lD`ϨR]aV޺"nLABDzm/J%5zsR^gG&et",=a\)Ԯ	5&M(FZ+wdø;&/JUѺTyʍ\	dqtw#e@BnwLoR)·TkG|%P&DKK31˔:Ybu>I+0PNOs6~ͦ!K&jHɲjhE6JɱZЗT,$D{<L:5(_>]e(<cYf2HbRH	DƤQژ	I:=zG`3;dIY}H4#CReVVtp#'A4uZ)7#]:T*iRE)MQI'rL͙Ԩsec*cHau>?Izbエ]IOe2djL姓Ŕ:[8PЏ49^	S
R&<~^
+ yo-o!*LJMJAMSްqNF#zyH$b?KdX-Υ1?	O{~FB3j$ean8I%L]H^˦)lElV(RaI[Z}=)X-!rq^a]|Âms3ǖ
,Ct'O(^pr)CK[i
ⵜ%W1n|"`kʓIJ-6P-WLW2p~L%VGLQ'(3*D;Tr$*+x?Ǩ|}>7=4+GF#HsY!f!CizK :
ߢ>Z`s7@P  YyQCAA@a*E\d(L]{,0YQE00~8
SWF <
&k| =J0rWO*xk%6le!
`-4+Wf|䃡x
	f2|Iɟ=uby^	v2@_[VqwkQܭ㳝v~뫵x\k?'_۠&$*5$3}UnVUlt+u;9=Z~?|mWM?:ϟ/ʫ+-жnřnG蟷&$kJwEAVR2J!7BwBkϛR_.@φFY&[܃w-@k.u||s;ޖ0
T=hB9.{+z3FRzNt"@{dFbKQ8Zґ}By>j7Z^Hٴ4yZ/5SZ=銈FqMsgV#0ҩtxh	H)Lp|AM݄8Ie93OZqCfMy_!ufx
Oy-s *l+vH$g$ ~!'xJ7QG@f>pSȮV}eTAUT@ER(݊t	TCl*FCAh&5Kϣ-+x˽=BzA#rGlRlAuv!?^;qFT0!lݟ9<}@-fɰ	tSB$BU#%u.B40!?]l2x=D&}9`:xUKGj {q!
pfyCnΧٸBh<!oo!j[s]ylټ Οkr7opHpHi&`h:ᶑEAm*yo#NѨ;"ESyC=w:AU`\4`TgsiC_
jZtnùXHFz[LxAhXޅ\&6Y\Rб~z‚+Zgwsǖn=khb 8<Nfy56p(i'=P$t:0웈CxjpA#@l#[=
,adh%FM4mv!룸F6uށLAQE\S65_|69 uso{6_)}O/kj_Pyg[p~,)op5Bh/EjHT~rh:jLN
EBS*jZuNu7Z|E+aǨH[CQ@׎X&ns
?jSO^"\>֏ȆAzZӑeMT
K=MS}N3Rr87;X/'W5dZuU);Z}_4
nu62piW+×eQvJߖɦ^s~H#C NΙ?Noڛh|?r6~n5`	$@$	@$vvU(2OdBAE!D} @fbt`#16xOjt=4` J3MKwzoY_,B5>N4H
P
}5Ao#3OJ_/9,Aj=T@QG_J-/zygbw7=P5	=o o't2|e?/) hy*	Ah ?@G>$2:xzc{s[|55=	E+;[P<٫DRbLK~=&^%;`G/AuG` K1R>c=^K{A pt,?օi8֏~մ,љ3j%5)ŋ~Xh-(."}}u6دWhc
j`r:5S
AAFmS>*ꗥr2hQ
	(~&'V0?SIyn/Jy79QNui4"&haz$ R/k.Ex#hEEýx_xEEhhEE3xϪhEEkxhEEx?hEE۽xwxEExhEEKhhEExoE@]6%]crχcCӽa=k֡^06/h@Opu贗'8Lv4:;)oTC=as^0ЀᎢuh'8ov:;G;ze	cЇ{Y@zh;֡^0Jhu'v8:P;Qԇ{Y@zjA֡^0@/h@Op yu贗'=MUTAor' P_.C/h@OzHe	RCY=дR HH  H7\靘ӄ%`uaC7rӼ~.WdHH&kF
[{J٦1o.KnSGޟR@k(ROko"|?%)Hmpe?wN<=7݉F4MbŗoGԏjJ]Q?|'TGSx6õ6?KO`Kn1
Bѷ]+wGȈd@꠾
{-wnzنɻ6${<_6t!wQ
595j~n]F9źɿ|w$pjĒ$sJpw4.m}}N/ ;`Fg\E(F<^wuݷ~^/'zwvfO}~Mg[ĚMo7 YrE#pojkjoLセ{{K]j=l.}η؊L-" H0ҠDUq+L,$	 R32wEpg+oief$T/aħj:Iv5ԫb[k\ݘxΚvkmm!e ـ
@Fh
[ۙdIr--9R,f>`}R"@?gFsk2Aw}C^# pEA=>"}TTy<Cbe6K^{]T?dzn~ޔ"vOu4[2c+q>VD-W\]\L晷E#Eެ$=C
a*%))7ùhlgLґj1K^/bKFaX|՘)e|%|y!fUPbEI]jF}dٙݗ@sk*x/3	:BО}D!zXQRV)O2z>@c<>~VP륉^V43>r[_xƣ;\?$(D|;h/ϖ^]*P/9_:)|z̩
v,zgGV=恪kkua)iBxOOPkHI	++41W{(uW'DFkvhCi(;
sp\DYs3ÌƦfRMu*Ld)^w̛g"EUjv;P9ML+FQB1\+3Cn[
.CoAŎ߆/
?
 M{]o9*$mN8JkrpE?	K)U]++Ӊ)2NF6i:1aZ
ZP$&]rVy-w3}o3T`=tMf+,dǦ#d!C<f
ZIyՏrvM?ٳv:,mtbgٲ(r_A
s15t
fNwP۝~+ov$NҺ	_6
/C;:2i+gڱ7#k	oicTU41}6+9?>S;7aF1nnU<sFQ>*9|T)Ў(~tɣQl9l i2Hٮ2mY2jQUV1dȈfR8WpiBqSq6u"A[P&ˋ	CL6Ӻ;i^xG{[kB^J+
we
.͢JT+L1]ȗ¶X'uiS@LYKvqئCԹ7&Bluč7gLEA_J}3W@fp.},SVoםJiA5鳂3DKl@A~X!vit0SrȼxWdc3X 1V$Q{5816xAj1V,؊(řJx̭Ev`5f$;˻Tl-S,2~}IʨUiT!Y)(L6c]LNWX,c%ŴVm-u?vJ`	tY`Y=ѣR쎲+YB٢1imQTgKid4fqc)<,%8YaJ/Ԕ<
˖#ȦfVcƯLWԯM)Z'e+=uQ'q[evRev3S
Sf;ᯏxNJ<(R8%!yA1y9 le<5I
A97^؈Ȭhޙi['lU;")yChhywS[?$cY
7{㺊CVʤ*[5V+HIP_q5Y;BHײMy󱍂^IȊ-ɰ|"R|^%bʊjܸՃ
9Aym>N"-
`9B(1kHz׉V%>YP'm5ɒpx,Wj1yډ*,jLC]`'P#X=6Ƴz!%`ت]Rβ䯝B*+,ÞPp E(m%@mS ʊ[p"6NB++N86g.LcZEFe(Ħ%ar%U^R4mOb&vnvKM`}P=Ƞ(=%KyZm	zĠ%Pߏbj^}+ޔ
DQ5]܈n*-	0T
V`t`_pW_d۵GN}2r_Om5zЂ7osܦƶ6.۰'7Ǖzu#sw\?rqm`#~{:3>s[g]]q@ono;ݬ{oEp!Q9-Nӂ񲆎7o)z#F1kv[n4r;'D^yMe~
~dc)k]&\ܴ[nqM6CUS~7ujʽ}{l|=LK?tBޣ+'o͢׹:>u u)MoG7:[mL1E&$R&5"sJJJ9V+**+++++i~mV^'06suIt€ؚ@l+2pѼk݅T/116ە ̫܊ =ZJOoa_/Z{qb{DZV}<t|h/ˋpAyGܾ$<,؞2^KhZ3L
!c;,;;b9.)\ιb7h.Uvnxm;l6RyK&,'S<xwzײnvگ25;޽&Zʎ݃;w6e9ȥJN-V*խX:@dzL_B̏	={pӓRH^A=b`f紮_ѯL_cjmkk8^:tELT
yYj6ofge4xO_+&f5NZR+ªnX9\Tt]mOfm;%KG8To`n	un
WSQ\ނ|aؼ\C]m@]qV%nt7*(
9z<+psǝu.c*.K1
D?mLإKDC  @@  @@  @@ `(Pl($\*q

Anon7 - 2022
AnonSec Team