Enable TPM on M73

We have just received some ThinkCentre M73's and need to enable TPM on the pc's as we will be encrypting them with bitlocker as part of an MDT process.  On our Dell pc's there are options within the BIOS to enable and activate the chip but I am unable to find this on the M73's.  Can anyone advise how I can do this please.
Many Thanks
James

I would escalate this through your lenovo rep or through official support in your place.
Disclaimer: While I do work for Lenovo Partner, all my contributions are my personal, non-official and not that of Lenovo or my employer.

Similar Messages

  • How do I enable TPM in the bios on Product name: HP Pavilion dv7 Notebook PC

    Hi,
    I have run into a problem trying to enable MS Bitlocker on Windows 8.1 on
    Product name: HP Pavilion dv7 Notebook PC
    BIOS version is: F.1C
    In the Windows UI, the TPM (Trusted Computing Module) management console says that I need to enable TPM in the BIOS.
    Issue:
    There does not appear to be any proverbial "on" switch in the BIOS for TPM versions 1.2 (or 2).
    Question:
    Anyone out there know how to resolve this?
    I know there may be a way to get around this using group policy on the machine or to buy a USB key solution. 
    Looking for the hardware solution in the laptop if possible please.
    Thanks in advance for any help.

    Hi:
    As far as I am aware, HP consumer notebooks do not have a Trusted Platform Module chip.
    Check the device manager...if there is a TPM chip, there will be a Security Devices category in the device manager, and you would see the TPM chip listed under that category.
    If not, then there isn't one.

  • Lenovo G510 how to enable TPM

    Am have a Lenovo G510 i would like to enable TPM (Trusted Platform Module)
    How do i enable TPM

    hi mbakaimani,
    Welcome to the Forums.
    As per the info below, I'm afraid the Lenovo G510 doesn't have a TPM chip.
    G510 Datasheet
    G510 Tech Specs
    If you're looking into using Bitlocker (which requires the use of a TPM chip), check the guide below on how to proceed:
    How to Turn On or Off BitLocker for Windows 8 OS Drive with or without TPM
    Regards
    Did someone help you today? Press the star on the left to thank them with a Kudo!
    If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
    Follow @LenovoForums on Twitter!

  • Help with enabling TPM in Task Sequence for Dell Laptops

    Hi there,
    I would appreciate some advice on creating a task sequence for Win8.1 with TPM enabling for Dell laptops; I have BitLocker set up manually with a Group policy, but want to have TPM enabled in the task sequence. I have read older posts on sites such as windows
    noob, but can't see how to reference the CCTK and get TPM going for win8.1 in a SCCM2012 environment. 
    Obviously I haven't created this before so any help would be appreciated; I have noticed when I try to import my CCTK configurations into SCCM as it isn't a zip file I cannot do it.

    Luckily Dell wrote a whitepaper about that subject, see:
    http://en.community.dell.com/techcenter/extras/m/white_papers/20209083
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Enable TPM on a HP ENVY 15-j092nr Notebook PC?

    So before I bought this laptop I specificlaly talked to HP help services who assured me that all the newest HP models come with TPM chips. Now I'm trying to enable it on my HP ENVY 15-j092nr Notebook PC and I'm not seeing it in the BIOS. What gives?

    Yeah it's not in the BIOS and I saw that it wasn't in the spec sheet but TPM is standard on many laptops now. Hence the reason I contacted HP and this is literally what I was told:
    07/21/2013 04:31:14PM Session Started with Agent (Lora C)
    07/21/2013 04:31:14PM Victor: "Does the ENVY TouchSmart 15t-j000 Quad Edition series laptop come with a TPM chip? I need it for work and will not purchase this laptop if it doesn't."
    07/21/2013 04:31:19PM Agent (Lora C): "Thank you for contacting HP Home and Home Office Sales Chat. My name is Lora. I've read your concern so let's get started."
    07/21/2013 04:31:39PM Agent (Lora C): "Hello, Victor! How are you? Hope you are doing well today!"
    07/21/2013 04:31:51PM Victor: "I'm fine thanks."
    07/21/2013 04:32:07PM Agent (Lora C): "To answer your question, let me go ahead and check my resources here for you."
    07/21/2013 04:32:19PM Agent (Lora C): "I am glad to know that you are doing fine today. You are welcome."
    07/21/2013 04:33:25PM Agent (Lora C): "By the way, are there any specific features you are looking for in a notebook computer aside from the chip that you are looking for?"
    07/21/2013 04:34:13PM Victor: "well I customized the envy touchsmart quad to fit my other needs. I just want to make sure it has a TPM chip to ensure I can use it as a work laptop as well as a personal one"
    07/21/2013 04:34:52PM Victor: "but I program so the fact that it has a quad core and 16gb of ram is a big sale for me"
    07/21/2013 04:35:50PM Agent (Lora C): "I understand, Victor. You need not to worry, as I have checked the computer it has the Trusted Platform Module (TPM) chip."
    07/21/2013 04:36:11PM Agent (Lora C): "All our HP PC has this kind of chip, Victor."
    07/21/2013 04:36:51PM Victor: "perfect. It wasn't listed in the specs so just wanted to be sure before purchasing"
    07/21/2013 04:36:59PM Agent (Lora C): "Are you ready to make a purchase now for the computer? You have an awesome choice!"
    07/21/2013 04:37:10PM Agent (Lora C): "One of the best resources that we have to place your order is our Sales Center. Please call 866.221.4553 and a Sales Representative will be able to assist you with your order placement and answer any remaining questions that you have. Their hours of opera"
    &nbsp tion are between: 7:00 AM - 2:00 AM EST, seven days a week.
    07/21/2013 04:37:38PM Victor: "okay thanks. This should take care of all my questions"
    07/21/2013 04:37:58PM Agent (Lora C): "I understand, Victor. I can guarantee that the computer does have the chip."
    07/21/2013 04:38:20PM Agent (Lora C): "You are most welcome, Victor. I hope this information has been of great assistance for you today."

  • Enabling TPM in Windows 8.1 after motherboard change S1 Yoga

    Hi all,
    I have a Lenovo S1 Yoga, which had the motherboard recently replaced.
    I have difficulty in getting the TPM to be initialise in Windows 8.1, its unable to initialise saying teh TPM has to be manually enabled.
    I have checked in BIOS and found the Security Chip is active. I have tried to clear the Keys. But still unable to initialise.
    Anyone able to help or share what is the steps required to enable the TPM for Lenovo BIOS once a Motherboard has been replaced.

    The motherboard should not have anything to do with it. With Windows 8.1 it should already be turned on.
    http://technet.microsoft.com/en-us/library/jj131725.aspx#BKMK_AutoProv
    Hoov
    Microsoft MVP - Consumer Security
    SpywareHammer.com

  • How do I check if TPM is enabled without CSS installed?

    After searching for TPM (the Security Chip?) on several different laptop forums, I'm still left with a few questions for my two identical T61p ThinkPads, both with WinXP SP3 as described below in my signature line ..... Note: Lenovo's CSS and R&R have been uninstalled by me.  Each unit has two 7k320 Hitachi BDE drives (using ultrabay adapters for the 2nd drive in each) and both machines have the HDD PWs enabled.  I have to actually enter two separate HDD PWs each time I power up either machine (even if the PWs are the same on each HDD).  In addition to the four 7k320 BDE HDDs across both machines, I keep four more Acronis-cloned backup 7k320 BDE drives at any given time stored safely in another building.
    Question 1:
    Since I can not find the Amtel TPM listed in Device Manager on either machine and I do not have CSS installed, may I assume my TPMs are disabled?  Lending further evidence to that assumption is that I can swap any of my eight PW protected HDDs between the two machines (after a power-down) and they accept the different HDDs at power-up just fine after entering the correct HDD PWs. I even use two different passwords across the eight HDDs … that is, a different unique HDD PW for each machine.
    Question 2:
    If my TPMs are in fact disabled, then my BDE drives may not be encrypting data. I think I read somewhere that BDE/FDE drives use the TPM and the HDD PW to generate the encryption key or keys. If they were encrypting the data on the disks, then I should not be able to swap them between different machines (i.e different TPMs) like I can at present.  Does that sound correct?
    Question 3:
    If my assumption that enabling TPM will limit the use of my HDDs to only one unique machine, then may I presume that the FDE/BDE hardware-based encryption feature of my HDDs is not best suited for my situation of needing to be able to swap HDDs between two different machines on a moment's notice .... and that software based encryption (like I use on my external HDDs) would be more suitable?
    Question 4:
    Is it true that HDDs (non-FDE/BDE and FDE/BDE) that are used on a TPM "enabled" laptop (with a HDD PW also enabled) can lead to major data transfer headaches if your laptop TPM ever fails and/or the motherboard is replaced (i.e. your PW protected Hard Drives may not be useable on the repaired machine, including your back-up data from cloned PW protected backup HDDs)? 
    I thought I read somewhere that a PW protected HDD on a ThinkPad (with TPM enabled) will only work on that one ThinkPad.
    If my understanding of how TPM works with HDD PWs (both regular and BDE/FDE drives), then what's the advantage of using TPM and CSS for a unit that needs to regularly swap-in different HDDs from another machine?
    Rather, is the TPM feature most suitable for traveling situations where potential theft of the laptop and its data is the major risk (rather than something like a failed motherboard that has to be replaced along with its TPM chip)?
    Sorry for the long winded post …… Thanks
    Two (I used to have Five) - T61p 15.4" WS T9300 2.5Ghz units, August 08/08 Builds with FX570M Nvidia Graphics; ... One W520 i7-2860QM w/2000M Nvidia Graphics (most recent acquisition and stupidly fast); .... One - T42 4:3 15" Flexview 1.8GHz with ATI Graphics (still perfect for traveling); ... Two - T500 15.4" units both with ATI HD3650 Graphics.
    Solved!
    Go to Solution.

    Shortwinded answers:
    The TPM state is verified in the BIOS and without Devmgmt.msc or CSS Security, you can also flush the contents from the menu and reset  it back to factory defautls the way a NAND flash based switch or firewall can be reset for asset reclamation  and theoriteically w/o remnant data for the new caretakers.
    Verify your encryption state and take one pof those slaves in a caddy and mount it inside a system with a different bootable partiotn and see if you can read data. You'll have to disarm the drives password or insert into anohter thi8inkpad then enter suspend mode and be ready to use password only since fingervantage security is sporadic from logging on slave disks resuming from power mode.
    The TPM's are flexibible and IBM's enterprise upgrade to server security are designed to implement and montior central security so  TPM certs can be exported  for migration and recovery, you won't need RnR ( RnR is a hard drive parasite anyway and CSS is great for SSO when logging on toAmazon.com.
    Those drive passwords have noting to do with TPM's and that security was arounnd long before a TPM was ever envirosioned. You've likey set the drives user and supervisor password and definion of spuerveror the way Unix deinfes it.  YOu can single sign on those disk passwords by enabling fingerpritns and reboot,  confrim your radeio and oxygen.and swipe the finger, again for confirm and you've just molded thew new spy into old dossier.  Try plugging in one of those drives ino a a different system and you'll just see a block, maybe drive letter and prompted to iniatiaize a disk that is really just well guarded.
    You have Acronis and well worth the 37MB overhead of secure zone and if you don't have Partition Magic or hate GPart, you can use Acronis to create a large "secure zone" then use diskmanager to format it and reclaim is since
    Don't just sit there, take a second and use the Kudo's button to compliment the people who help you.

  • Surface Pro 3 - MBAM/BitLocker/TPM: "An Error Has Occurred" Issue

    We are trying to implement full disk encryption using MBAM Server/Client and BitLocker. We have been successful on standard Windows 7 Ent and Windows 8.1 Ent laptops and the MBAM Console reports encrypted/compliant.
    The Surface Pro 3 running Windows 8.1 Ent however has been a pain in the you-know-what! It just will not work like our laptops. The Event Viewer error we get is as follows:
    "An error occurred while applying MBAM policies.
    Volume ID:\\?\Volume{dfd94fd0-206c-45d1-a19a-6a39019ada1e}\
    Error code:
    0x80310018
    Details:
    You must initialize the Trusted Platform Module (TPM) before you can use BitLocker Drive Encryption."
    For reference, here is our workflow:
    1. Enable TPM in UEFI.
    2. Install .NET 3.5 since this is apparently a Windows 8.1 requirement for MBAM. Reboot. Install related updates from Microsoft Update. Reboot.
    3. Verify relevant MBAM & BitLocker GPOs are applied by running "gpupdate /force" in an elevated command prompt. Reboot.
    4. Run the following elevated PowerShell commands and then reboot:
    $tpm=get-wmiobject -class Win32_Tpm -namespace root\cimv2\security\microsofttpm
    $tpm.DisableAutoProvisioning()
    $tpm.SetPhysicalPresenceRequest(22)
    5. Install MBAM Client 2.5 and KB2975636 hotfix.
    6. Run MBAMClientUI.exe and set PIN. On our laptops, encryption begins, but on the Surface Pro 3 we get a generic "An error has occurred". Event Viewer shows the above error.
    Can anyone help?? There has got to be others that have used MBAM on the Surface Pro 3.

    More testing today and I *think* I may have found my issue.
    I failed to mention that on step 5 above, I have been rebooting after installing the MBAM Client and hotfix. It appears that this extra reboot breaks the process and does not allow the MBAM Client to initialize the TPM when running MBAMClientUI.exe. If I do
    not reboot, then everything seems to work great.

  • Bitlocker TPM + PIN on MS Surface Pro 3 using MDT

    We are new to MDT 2012 and are trying to create a task sequence for Surface Pro 3 Tablets. Everything is going OK apart from Bitlocker. We are required to enable TPM + PIN (yes I've read the articles saying PIN isn't necessary on tablets, but security
    have decided they still want it). To get TPM + PIN working there are a couple of GP settings required - enabling TPM + PIN and enabling pre-boot keyboards on slates.
    To apply these settings we would normally have to join the domain and put the tablet in the correct OU for that Policy, which requires a restart. However once Policy is applying the restart now forces the corporate data warning message and so doesn't continue
    with the sequence. the only solution I can see is to insert the registry settings for these policy settings into the Task Sequence and not do the restart until the end of the sequence. However this seems very messy and could potentially cause maintenance issues
    further down the line if anything needs changing.
    Does anyone have any solutions to this?

    What we had to do was create a deployment OU that blocked pretty much all the domain GP.  Then at the end of the TS we would move machine to its proper OU.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • What models have Trusted Platform Module (TPM)?

    I'm in the processs of enabeling Bitlocker on my new Thinkpad Edge E531 running Windows 7 Ultimate 64-bit. Windows seems to think the machine does not have a Trusted Platform Module (TPM) chip installed, which nowadays one would think would be pretty standard. No where in the bios does anything refer to a TPM chip, so if it has to be enabled, it's not clear how. The E531 User manual also makes no mention of TPM, which you'd think it would since it talks about disk encryption. So.... 1. Does the Thinkpad Edge E531 not have a TPM chip?2. If it does, how does one get Windows to recognize it? It is called something else in the bios?3. If it does not, can one be added? Lenovo does sell a TPM module but gives no info on what models it is for.4. And last. what models of Lenovo's present line contain a TPM chip?

    Andy, I have an Erazer X510 that came with Windows 8.1 I recently purchased.  I installed 8.1 Pro Pack to be able to use Media Center and Bitlocker encryption & am having the same issue not having the ability to enable TPM, an extra security feature for encryption that was not available with standard Windows 8.1.  I would have opted for 8.1Pro when I ordered this desktop from Lenovo,  but it wasn't offered.  I was able to set up a Bitlocker password and recovery pin, but when I attempted to enable everything with TPM it failed because it was not found.  The error message stated it may need to be accessed by changing BIOS.  I tried getting to BIOS settings without restarting the OS as documentation I could find stated how to,  but there wasn't a selection for EUFA Settings on the wash screens.  I will have to try to access it from the usual method of rebooting.  In order to use the Bitlocker encryption it requires TPM 1.2, and one of the popup error responses my system offers refers to possibly it only having version1.0, and also says TPM needs to be accessed in BIOS settings.  1) Can you please elaborate in detail exactly what you were stating needed to be done in your last sentence of your post on this topic?  I know if I do enter BIOS to change settings,  it may have unintended consequences for the system if I alter the wrong options.  2) Which particular option(s) am I required to change to enable the TPM version it has installed?  And, what does it require if it needs an update to version1.2?  If this Erazer system actually has the option with the TPM security chip, it would have been nice for Lenovo to have already had it enabled,  and if it actually is not there,  it would have been helpful if this information could have been stated in documentation.  

  • TPM chip and ESXi 5.5

    Hello,
    I have question about proper enabling TPM functionality in VMWare.
    I installed TPM chip in Cisco blade UCS B200-M3 and I enabled TXT and TPM functionality in BIOS according to Cisco user manual.
    Blade rebooted with no problems and bios does show TPM configured (attached screenshot).
    Unfortunately I can not figure out how to enabled TPM functionality in VMWare.
    The esxcli command shows lack of TPM:
    # esxcli hardware trustedboot get
       Drtm Enabled: false
       Tpm Present: false
    The query "QueryTpmAttestationReport" in webinterface of the ESXi and vCenter
    does not show any PCR entries (screenshot attached). In addition bios shows entry "TPM Owner status: unowned".
    I can not find any option/setting in vCenter or ESXi to manipulate with TPM functionality.
    I searched through KBs in Cisco and VMWare and I can not find any specific information about troubleshooting TPM in ESXi or vCenter. 
    I would appreciate some help in this matter.
    Thank you,
    Robert

    The minimum version, for both Windows 8 and 8.1, is ESXi 5.1
    To upgrade, you need to upgrade at least one of your hosts to ESXi 5.1. To manage that host with vCenter, you will need to upgrade vCenter to 5.1 as well, which will manage your ESXi 5.0 and 5.1 hosts. See the following link for interoperability: http://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php
    Here is the link to upgrade a host to ESXi 5.1:
    http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2032757
    Here is the link to upgrade from vCenter 5.0 to 5.1:
    http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2032283
    I strongly recommend you use the VMware Interoperability Guide, in case you have older ESXi hosts (i.e. 3.5) that will no longer be managed when you move to vCenter 5.1.
    Hope that helps.

  • Deploy Lenovo with SCCM and enable Bitlocker during deploying?

    Hi!
    Do anyone got information how to activate TPM and enable bitlocker during deploy of new Lenovo with SCCM ? 
    Something like this but for Leonovo  
    http://www.nullsession.com/2010/12/02/enable-tpm-in-task-sequence-with-sccm-and-cctk/
    Thanks, Magnus
    Solved!
    Go to Solution.

    jamessnarey wrote:
    has anyone been successful with the WMI script on the M92p models, I recently attempted to activate the TPM using the same script that we use for our M91p and it fails.  When I check the logs, it states that access is denied, when I run it manually I get the same error (access denied).  Our lenovo rep says that you cannot use the WMI to enable the TPM and that the Enable Bitlocker step should enable the TPM.  However we automate our OS deployments so manually enabling bitlocker is not an option, any assistance or feedback is appreciated. 
    I was having the same issue and I discovered another way to accomplish this task. Download this utility:
    http://download.lenovo.com/ibmdl/pub/pc/pccbbs/thinkcentre_bios/9sjw67usa.exe
    Run the EXE to extract the files to the location of your choice, then copy them to your script location. From your script, run the following command: 
    srwin.exe /tpm active
    Then do a couple reboots (this may not be necessary, but I didn't have time to test it.)
    There are a couple of caveats. First, the working directory must be the directory the utility is stored in (presumably so it can find the two .sys files). I.e. you can't do
    c:\utilities\srwin.exe /tpm active
    you have to do
    cd /D c:\utilities
    srwin.exe /tpm active
    Also, I was attempting to run this in a WinPE session (doing OS deployment using SCCM 2012) and I was getting an 0x80070134 error in my logs. I had been using an x64 boot image, and switching to an x86 boot image resolved that issue.
    Hope this helps someone.

  • TPM Legacy Mode

    I am trying to Initialize TPM on windows 8.1 and it is saying..
    "Your TPM is currently running in Legacy mode. If you'd like to use TPM application for this version of Windows, Please contact your administrator."
    Now I have clear TPM once. Disable and enable it in BIOS still no change. I am using UEFI bios and secure boot is enabled.
    Can someone suggest how can I enable TPM coz I need to encrypt my hard drive without TPM it is a very hard thing to do.

    Hi,
    How did you intialize TPM? Was your computer in domain environment? Did you log on with the administrator account?
    TPM and Secure Boot could work together and having both TPM and Secure Both will enhance your PC security.
    Please refer to the following article to check your configuration.
    http://technet.microsoft.com/en-us/windows/dn168169.aspx
    Karen Hu
    TechNet Community Support

  • TPM: activate without BIOS

    We'd like to force an activation of TPM on all our users remotely. Does anyone know if there is a command or utility that can achieve this or are we obliged to manually access each machine's BIOS?
    Thanks in advance

    Hi,
    in case you have the application called "Client Security solution" installed, then you can use for this purpose the file is called "tpmenable.exe", which is by default in the installation folder of CSS:
    %programfiles%\Lenovo\Client Security Solution
    You can simply execute it with following switch "/enable"
    so you should execute it likst this:
    tpmenable.exe /enable
    Please check also other command line options of this file in the CSS manual:
    http://download.lenovo.com/ibmdl/pub/pc/pccbbs/thinkvantage_en/css83dg_en.pdf
    Exactly on the page: 43
    For scriptiong you can also use this link:
    http://technet.microsoft.com/en-us/library/dd875527%28WS.10%29.aspx
    There is a great description, on how to use a WMI scripting to enable TPM chip.
    There is also the option to instlal the CSS on a dummy system and then just use the "tpmenable.exe" file, althought the CSS application is not installed on the client system.
    Please let me know, if you have any additional question to this situation.
    Cheers

  • Satellite A105-S4014 and fingerpint problem

    Hello!
    I have Satellite A105-S4014 (PSAA8U-O2200U) with Vista Ultimate and there is a fingerprint reader issue. When I try to enroll my fingerprints (UPEK) using Protector Suite 5.8.0 program freezes for a moment and then displays an error: An internal error occured (rpnpipe:rpnpipe: no-svr(00000001fusserver)).
    So fingerprint reader doesn't work.
    I did a little search, tried the newest drivers and soft - nothing helps.
    Also in BIOS I have TPM disabled (I can not change it) and I get a feeling that it is connected with my fingerprint reader issue (correct me if I'm mistaken).
    I upgraded my BIOS to 6.0 before this issue. Then I found on one forum that downgrading BIOS may help to enable TPM. So I downgraded to 5.1. Nothing works. Also I know some manufacturers provide a BIOS setting that hides the TPM by default.
    So can anyone help me to enable TPM in BIOS or better give advice to make fingerprint reader work?

    If the BIOS dont provide any options to enable/disable the TPM then its not possible to enable this.
    I dont understand why your previous software was newer than on support page I think you have mixed something
    I see youve installed the Vista Ultimate OS.
    _It would be interesting to know if the finger print would function with the original preinstalled Toshiba image._
    If it would functions then your issue has nothing to do with the new BIOS update!!!
    By the way; I used the search option called +Ask Iris+ and searched for the Toshiba Fingerprint Utility.
    There are newer versions of Toshiba Fingerprint Utility but not for your series!!!

Maybe you are looking for