You need to minimize the amount of Trusted Platform Module (TPM) authorization information that is stored in the registry

A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.
You need to minimize the amount of Trusted Platform Module (TPM) authorization information that is stored
in the registry.
What should you do?

A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.
You need to minimize the amount of Trusted Platform Module (TPM) authorization information that is stored
in the registry.
What should you do?

A.
Create a Group Policy object (GPO) that disables the Configure the level of TPM owner authorization
information available to operating system policy setting.

B.
Create a Group Policy object (GPO) that enables the Turn on TPM Local Encryption policy setting.

C.
Enable Platform Configuration Register indices (PCRs) 0, 2, 4, and 11 for the Configure TPM validation profile
for native UEFI firmware configuration policy setting.

D.
Create a Group Policy object (GPO) that sets the Configure the level of TPM owner authorization
information available to operating system policy setting to None.

Explanation:
There are three TPM owner authentication settings that are managed by the Windows operating system. You
can choose a value of Full, Delegate, or None.
Full: This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the
TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote
or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not
require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some
TPMbased applications may require that this setting is changed before features that depend on the TPM
antihammering logic can be used.
Delegated: This setting stores only the TPM administrative delegation blob and the TPM user delegation blob
in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM

antihammering logic. When you use this setting, we recommend using external or remote storage for the full
TPM owner authorization value—for example, backing up the value in Active Directory Domain Services (AD
DS). None: This setting provides compatibility with previous operating systems and applications. You can also
use it
There are three TPM owner authentication settings that are managed by the Windows operating system. You
can choose a value of Full, Delegate, or None.
Full: This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the
TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote
or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not
require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some
TPMbased applications may require that this setting is changed before features that depend on the TPM
antihammering logic can be used.
Delegated: This setting stores only the TPM administrative delegation blob and the TPM user delegation blob
in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM
antihammering logic. When you use this setting, we recommend using external or remote storage for the full
TPM owner authorization value—for example, backing up the value in Active Directory Domain Services (AD
DS).
None: This setting provides compatibility with previous operating systems and applications. You can also use it



Leave a Reply 0

Your email address will not be published. Required fields are marked *