Windows 10 and Windows Server 2016 ADMX Templates and BitLocker

I just spend some time trying to find the Turn on TPM backup to Active Directory Domain Services policy after upgrading my group policy ADMX templates to the Windows 10 v1607 and Windows Server 2016 version. It used to be in the Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services node, but after updating the templates it was nowhere to be found.

image
The new TPM.admx template for Windows 10 v1607 and Windows Server 2016, missing the Turn on TPM backup to Active Directory Domain Services policy.

It's gone, all of it

Turned out this setting is indeed removed in Windows 10 v1607 and Windows Server 2016

After a tip from fellow MVP Kaido Järvemets, I got the link to the "documented" changes. It seems that the ability to back up TPM owner information from a computer running Windows 10 v1607 or Windows Server 2016 is removed. As to why it was removed, instead of simply changing the text to reflect on what versions it is supported, is beyond me.

TPM Group Policy settings
http://technet.microsoft.com/en-us/itpro/windows/keep-secure/trusted-platform-module-services-group-policy-settings

Bottom line.

So it seems that you only can enable the Choose how BitLocker-protected operating system drives can be recovered policy, found in Computer Configuration / Policies / Administrative Templates / Windows Components / BitLocker Drive Encryption / Operating System Drives node, for Windows 10 v1607 and Windows Server 2016. Existing policies for Windows 7 deployment will still work, but you won't be able to modify the Turn on TPM backup to Active Directory Domain Services policy after updating the templates. Ugh!

image
The Choose how BitLocker-protected operating system drives can be recovered policy.

About the author

Johan Arwidmark

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

>