A company has an Active Directory Domain Services (AD DS) domain. All client computers run
Windows 8. You need to minimize the amount of Trusted Platform Module (TPM) authorization
information that is stored in the registry. What should you do?
A.
Create a Group Policy object (GPO) that disables the Configure the level of TPM owner
authorization information available to operating system policy setting.
B.
Create a Group Policy object (GPO) that enables the Turn on TPM Local Encryption policy setting.
C.
Enable Platform Configuration Register indices (PCRs) 0, 2, 4, and 11 for the Configure TPM
validation profile for native UEFI firmware configuration policy setting.
D.
Create a Group Policy object (GPO) that sets the Configure the level of TPM owner authorization
information available to operating system policy setting to None.
hello
answer D – the policy configures how much of the TPM owner authorization information is stored in the registry of the local computer.
you’ve 3 options: full, delegate, and none.
None – when TPM owner authorization cannot be stored locally
https://technet.microsoft.com/en-us/library/jj679889.aspx#BKMK_tpmgp_oauthos