After you replaced the motherboard, you need to repopulate the TPM with new information regarding the encryption of the hard disk. I use these commands to repopulate the information in the TPM (without PIN): manage-bde –delete -protectors C: -type TPM manage-bde –protectors –add C: -tpmRay - Author of Windows 7 for XP Professionals

If you intiailize the TPM manually from TPM Management console, we will create the new hash information. Now to back up this in AD, you need to make sure the GPO to backup TPM information is turned ON. Adter you initialize TPM, new hash information of pwd is backed up in AD. Next step is to add tpm as a protector: >manage-bde –delete -protectors C: -type TPM >manage-bde –protectors –add C: -tpm Resume BitLocker Protection if your OS is encrypted and next time you reboot the machine, we will not prompt you for the recovery key. I hope this helps. Manoj Sehgal

Hello everyone, I have a query regarding win 7 laptop which is bitlocker encrypted using TPM+PIN authentication and both TPM owner hash and Recovery password are backed up to AD. if i replace a new motherboard on the laptop it will pop up the recovery password screen and then i can login and boot up to desktop. for the new motherboard my TPM is off and so to avoid the recovery screen coming up every time, I will have to turn on TPM and take the ownership.The GPO's to backup TPM are already applied on the machine(turn on tpm backup to AD is enabled) Can some one helpw me understand what will happen when i turn on TPM for new motherboard(will it overwrite the older TPM owner password hash already present in AD?).also are any additional steps required when i replace the motherboard? Dear All - Please help me- Thanks in advance!!

After you replaced the motherboard, you need to repopulate the TPM with new information regarding the encryption of the hard disk. I use these commands to repopulate the information in the TPM (without PIN): manage-bde –delete -protectors C: -type TPM manage-bde –protectors –add C: -tpmRay - Author of Windows 7 for XP Professionals

Hi Ray Thanks for the reply. after the new motherboard replacement i go to start->run->tpm.msc and click initialize tpm.this gives me options to set the owner password and save it(either to disk or print it). I want to be able to backup the new TPM owner password hash to AD. how do i acheive this .is the old TPM owner password hash in AD overwritten?

If you intiailize the TPM manually from TPM Management console, we will create the new hash information. Now to back up this in AD, you need to make sure the GPO to backup TPM information is turned ON. Adter you initialize TPM, new hash information of pwd is backed up in AD. Next step is to add tpm as a protector: >manage-bde –delete -protectors C: -type TPM >manage-bde –protectors –add C: -tpm Resume BitLocker Protection if your OS is encrypted and next time you reboot the machine, we will not prompt you for the recovery key. I hope this helps. Manoj Sehgal

Thank you manoj So, After i replace motherboard i do the following? 1.suspend bitlocker protection 2.initialize TPM whihc automatically backs up the owner hash to AD , overwriting the previous hash(the GPO is enabled) 3.Add TPM as protector >manage-bde –delete -protectors C: -type TPM >manage-bde –protectors –add C: -tpm 4. resume protection and reboot machine Thanks

Thank you manoj So, After i replace motherboard i do the following? 1.suspend bitlocker protection 2.initialize TPM whihc automatically backs up the owner hash to AD , overwriting the previous hash(the GPO is enabled) 3.Add TPM as protector >manage-bde –delete -protectors C: -type TPM >manage-bde –protectors –add C: -tpm 4. resume protection and reboot machine Thanks No. Don't suspend BitLocker. You just enable and clear the TPM from the BIOS on the new motherboard. Then boot the OS by typing the Recovery Password. Then add the TPM as protector. This will populate the keys in the TPM so that you can start from the TPM next time you boot the system.Ray - Author of Windows 7 for XP Professionals

Hi Ray, Manoj Thank you. I will try this during this weekend. Can you also let me know about the new TPM's owner password hash. Is it backed up to AD and if so does it overwrite the older Motherboard's TPM hash? Thanks Ram