Last night a friend contaced me and said “-Did you ever post the vTPM thing?”, i did say yes, but i was wrong, so here it is…
Simple, without testing and verfication, a deployment solution will fail. One of the tasks that takes a lot of time to test and verify is BitLocker and that also includes TPM. Windows 10 and Windows Server 2016 gives you the ability to create Virtuial Machines with a Virtual TPM Chip 2.0.
A VM running Windows Server 2012 R2 with a vTPM chip, The VM is running on Windows Server 2016.
The How-To Part
You need to run Windows Server 2016 TP4 or Windows 10.
On the host, add Isolated UserMode, Hyper-V and Hostguardian Services, by running the following powershell command(elevated):
Add-WindowsFeature -Name “Isolated-UserMode”,”Hyper-V”,”HostGuardian” -IncludeAllSubFeature –IncludeManagementTools
If needed, restart the host.
Before you can enable the vTPM you need to have a Guardian Service guardian object and with that you can crerate a Key Protector.
New-HgsGuardian -Name ‘Guardian’ -GenerateCertificates
$Owner = Get-HgsGuardian -Name ‘Guardian’
$KeyProtector = New-HgsKeyProtector -Guardian $Owner -Owner $Owner –AllowUntrustedRoot
Great, the last piece is to enable the vTPM
Set-VMKeyProtector -VMName ‘WSUS01’ -KeyProtector $KeyProtector.RawData
Enable-VMTPM -VMName ‘WSUS01’
Categories: Deployment, Hyper-V, OSD, Windows 10, Windows Server 2016, Windows Server vNext
if i have an Windows 10 Hyper Host:
How i install Isolated-UserMode and HostGuardian Feature?
As i can see they don’t even exist on a Windows 10 Client…
What version of Windows 10 are you running and what build?
Windows 10 Enterprise… By the way i found the Isolated User Mode but not the Host Guardian Feature…
This is great! Just notice that when using Windows 10 Anniversary Isolated User Mode is now included with Hyper-V so you don’t have to install it separately anymore. Running above PowerShell command will just fail.
Does this also work at a Microsoft Hyper-V Server 2016 ?
Yes, it does