- TPM is a security technology that ensures the integrity of the system. It protects against tampering, rewriting, and modifying the operating system and other software.
- It's designed to securely store cryptographic keys needed for encrypting and decryption data like passwords, credit card numbers, and personal information.
- By storing these keys on the TPM chip instead of on your hard drive or other storage devices, you can rest assured that they won't be lost if your computer crashes or gets stolen.
The TPM (Trusted Platform Module) is a chip that’s built into nearly all modern PCs and laptops. It provides an additional layer of security for your system, and it also helps keep sensitive data secure in case the computer gets stolen.
Like a coin, TPM has two sides: the bad and the good. You may have come across TPM 2.0 errors that put your system at risk. Because of this, it’s important to back up TPM keys so you can restore them in case your computer is damaged or lost.
Why should I back up my TPM keys?
If you’re wondering why a backup of your TPM keys is important, below are some convincing reasons:
- Safeguard your system against malware – Malware can use the TPM to access personal information and change settings without your knowledge. This could lead to identity theft or financial fraud in the future.
- Decryption – If you lose your computer, you’ll need access to those encryption keys so you can decrypt anything on it.
- Lost password – In case you lose your password, you will need to reset the TPM key to take control of your system again. The backup will help you not lose any data.
- Detect unauthorized access – If you are worried that someone might get into your computer and tamper with it, you will want to make sure that the TPM (Trusted Platform Module) is working correctly.
- Protect your data – Backup TPM keys are used to protect the integrity of your data. If you lose access to the backup TPM key, then your operating system will no longer trust your TPM chip. This could lead to problems if you try to boot from that drive again.
- Recover data – In case of system failure and you need to recover the data, you can use the TPM key to recover the encryption key and access your data.
- Reset your PC – In case you make hardware changes to your PC or want to repurpose it, you will need the TPM key hence the need to back up.
What do I need to back up the TPM keys?
The first step is to make sure you have an Active Directory domain service that can be remotely managed. If you don’t have one, you can create one.
With an Active Directory Domain Services (AD DS) server, you’ll be able to ensure that only authorized users can access this key information through a centralized management console.
You also need to configure a Windows Server 2012 R2 or Windows Server 2012 domain controller as a member of the local administrator group on your computer.
A local administrator group is a special group that performs administrative tasks on a computer, including managing Windows Startup and shutdown settings.
Once your Active Directory Domain Services (AD DS) are created, configure them as required as described in the following steps:
- Create a user account with the same name and password as the one used for the TPM owner account.
- Configure permissions on this account so that it has full control over all objects it manages.
- Add this account to the local Administrators group on all computers in your network where certificates will be stored and managed by this toolkit.
- Only use the domain-joined device that is a part of the local administrator group.
How do I back up TPM keys?
- Press the Windows + R keys to open the Run command.
- Type gpedit.msc in the dialog box and press Enter to open the Group Policy Editor.
- Navigate to the following location:
Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\
- On the right panel, double-click on the Turn on TPM backup to Active Directory Domain Services option.
- Next, select the Enabled option then click on the Apply and OK buttons.
- Restart your system to apply the changes.
Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken.
We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.
Click here to download and start repairing.
Once you have enabled this setting, all the TPM information will be on automatic backup henceforth. It’s also important to note that some Active Directory Domain Services automatically back up the TPM keys.
How do I reset TPM without losing data?
You can reset the Trusted Platform Module (TPM) without losing data. However, you need to be aware of several things.
Before resetting your TPM, you should check that it is supported by your computer’s BIOS. If it isn’t, then you will have to contact the manufacturer of your computer. This will allow you to see whether or not they have released a BIOS update that will support the resetting of your TPM.
If they have, then you can simply download and install the update from their website. Now after you have reset TPM, you’re probably asking yourself what happens when you clear the TPM keys.
When you clear the TPM keys, the key is removed from the hardware and memory. The key is deleted from memory when your computer boots up.
Once the operating system starts, it checks to see if a previously-cleared TPM key exists. If it does not, then a new one will be generated and assigned to your account.
And that’s how to back up your TPM keys in Windows 11. The same procedure also applies to Windows 10. Don’t forget to check out our article on what to do in case your TPM device is not detected.
In case you’re in the market for a new TPM 2.0 chip, we have curated a list with detailed specs and price points to help you get started.
Let us know of any issues you may encounter while backing up the TPM keys in the comment section below.
Still having issues? Fix them with this tool:
If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.