Trusted Platform Module (TPM) FAQ
Are there any restrictions?
Are there any things I need to be careful of?
You must be very careful with the TPM. If you Clear it, attempt to change the Owner password or have it changed due to hardware failure, you will be unable to correctly boot the Workstation and will need to decrypt the disk.
It is therefore important that you maintain backups of your Enterprise Server: KB296 - Backing up the Enterprise Server, or migrating an Enterprise Server to a new host
Is there anything I should do?
Keeping regular file level backups of your data is important. It is usually much faster and simpler to restore your back up files than it is to decrypt data, especially if the disk or data is damaged or partially corrupted.
This applies to both the encrypted Workstation as well as your Enterprise Server.
How many attempts do I get to log in?
DESlock+ TPM support uses Active Directory Group Policy settings.
The Default Workstation retries value varies from 32 to 31 (Windows 10 Creators edition) and could vary in other O/S updates, or in other environments.
The "interval" value is the number of times each retry stays active. (Default is 2 hours)
How this works is if you have an interval value of 2 hours and set the number of retries to 31 and use them all then it will take 2 hours to be able to have one more attempt, or wait 4 hours in order to have two more attempts.
This is fully reset by doing a TPM PIN/Password recovery: KB446 - TPM Recovery
Keywords: Full Disk Encryption start initiate hard drive whole tpm transparent pin