TPM Must Be Cleared Before Using A Deployment Task Sequence

TPM for BitLocker

Deployment task sequences (such as Dell Client Configuration Toolkit (CCTK)) that attempt to prepare the TPM for BitLocker during deployment will fail if the TPM ownership has already been taken. This is most often seen in systems that were previously deployed and are being reimaged to be sent out to new users.

The TPM must be cleared manually in the BIOS or in the Operating System (OS) before running the task sequence. If the TPM is cleared from within the OS and the system is running Windows 10, the TPM auto provisioning must be disabled or Windows will immediately take ownership again.

The steps below can be followed to disable auto provisioning.

1. Click Start and type powershell in the search box.
2. Right-click PowerShell (x86) and select Run as admin.
3. Type the following PowerShell command Disable-TpmAutoProvisioning and hit Enter.
4. Confirm the result AutoProvisioning : Disabled (Figure 1, English only):
   
   AutoProvisioning : Disabled PowerShell setting
   
   Figure 1
    
5. Click Start and type tpm.msc in the search box, then hit Enter.
6. In the right-side Actions pane, select Clear TPM…
7. Reboot and hit F12 to proceed with clearing when prompted.