Small fixes, improvemts for consistency

2025-06-17 19:33:37 +00:00 · 2017-01-05 15:25:32 -08:00
parent 5b75bb4536
commit e0cbe5be75
5 changed files with 6 additions and 20 deletions
--- a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
@ -1,5 +1,5 @@
 ---
-title: Backup the TPM recovery Information to AD DS (Windows 10)
+title: Back up the TPM recovery information to AD DS (Windows 10)
 description: This topic for the IT professional describes backup of Trusted Platform Module (TPM) information.
 ms.assetid: 62bcec80-96a1-464e-8b3f-d177a7565ac5
 ms.prod: w10
@ -9,7 +9,7 @@ ms.pagetype: security
 author: brianlic-msft
 ---

-# Backup the TPM recovery Information to AD DS
+# Back up the TPM recovery information to AD DS

 **Applies to**
 -   Windows 10, version 1511
--- a/windows/keep-secure/bitlocker-group-policy-settings.md
+++ b/windows/keep-secure/bitlocker-group-policy-settings.md
@ -1509,7 +1509,6 @@ If the **Require BitLocker backup to AD DS** option is not selected, AD DS bac
 TPM initialization might be needed during the BitLocker setup. Enable the **Turn on TPM backup to Active Directory Domain Services** policy setting in **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services** to ensure that TPM information is also backed up.

 For more information about this setting, see [TPM Group Policy settings](trusted-platform-module-services-group-policy-settings.md).
-If you are using domain controllers running Windows Server 2003 with Service Pack 1, you must first set up appropriate schema extensions and access control settings on the domain before a backup to AD DS can succeed. For more info, see [Backup the TPM recovery Information to AD DS](backup-tpm-recovery-information-to-ad-ds.md).

 ### <a href="" id="bkmk-rec4"></a>Choose default folder for recovery password

--- a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
@ -97,22 +97,9 @@ The protection differences provided by multifactor authentication methods cannot

 In your deployment plan, identify what TPM-based hardware platforms will be supported. Document the hardware models from an OEM of your choice, so that their configurations can be tested and supported. TPM hardware requires special consideration during all aspects of planning and deployment.

-### TPM states of existence
+### TPM 1.2 states and initialization

-For each of the TPM states of existence, the TPM can transition into another state (for example, moving from disabled to enabled). The states are not exclusive.
-
-| State | Description |
-| - | - |
-| Enabled| Most features of the TPM are available.<br/>The TPM may be enabled and disabled multiple times within a boot period, if ownership is taken.| 
-| Disabled | The TPM restricts most operations. Exceptions include the ability to report TPM capabilities, extend and reset Platform Configuration Register (PCR) functions, and to perform hashing and basic initialization.<br/>The TPM may be enabled and disabled multiple times within a boot period.| 
-| Activated| Most features of the TPM are available. The TPM may be activated and deactivated only through physical presence which requires a reboot.| 
-| Deactivated| Similar to disabled, with the exception that ownership can be taken while deactivated and enabled. The TPM may be activated and deactivated only through physical presence which requires a reboot.| 
-| Owned| Most features of the TPM are available. The TPM has an endorsement key and storage root key, and the owner knows information about owner authorization data.| 
-| Un-owned| The TPM does not have a storage root key and may or may not have an endorsement key.| 
- 
->**Important:**  BitLocker cannot use the TPM until it is in the following state: enabled, activated, and owned. When the TPM is in this state and only when it is in this state, all operations are available.
- 
-The state of the TPM exists independent of the computer’s operating system. Once the TPM is enabled, activated, and owned, the state of the TPM is preserved if the operating system is reinstalled.
+For TPM 1.2, there are multiple possible states. Windows 10 automatically initializes the TPM, which brings it to an enabled, activated, and owned state. This is the state that BitLocker requires before it can use the TPM.

 ### Endorsement keys

--- a/windows/keep-secure/tpm-fundamentals.md
+++ b/windows/keep-secure/tpm-fundamentals.md
@ -50,7 +50,7 @@ The following sections provide an overview of the technologies that support the
 -   [How the TPM mitigates dictionary attacks](#how-the-tpm-mitigates-dictionary-attacks)

 The following topic describes the TPM Services that can be controlled centrally by using Group Policy settings:
-[TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md)
+[TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md).

 ## Measured Boot with support for attestation

--- a/windows/keep-secure/trusted-platform-module-top-node.md
+++ b/windows/keep-secure/trusted-platform-module-top-node.md
@ -24,7 +24,7 @@ Trusted Platform Module (TPM) technology is designed to provide hardware-based,
 | [Trusted Platform Module Overview](trusted-platform-module-overview.md) | Provides an overview of the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. |
 | [TPM fundamentals](tpm-fundamentals.md) | Provides background about how a TPM can work with cryptographic keys. Also describes technologies that work with the TPM, such as TPM-based virtual smart cards. |
 | [TPM Group Policy settings](trusted-platform-module-services-group-policy-settings.md) | Describes TPM services that can be controlled centrally by using Group Policy settings. |
-| [Backup the TPM recovery information to AD DS](backup-tpm-recovery-information-to-ad-ds.md) | For Windows 10, version 1511 and Windows 10, version 1507 only, describes how to back up a computer’s TPM information to Active Directory Domain Services. |
+| [Back up the TPM recovery information to AD DS](backup-tpm-recovery-information-to-ad-ds.md) | For Windows 10, version 1511 and Windows 10, version 1507 only, describes how to back up a computer’s TPM information to Active Directory Domain Services. |
 | [Manage TPM commands](manage-tpm-commands.md) | Describes methods by which a local or domain administrator can block or allow specific TPM commands. |
 | [Manage TPM lockout](manage-tpm-lockout.md) | Describes how TPM lockout works (to help prevent tampering or malicious attacks), and outlines ways to work with TPM lockout settings. |
 | [Change the TPM owner password](change-the-tpm-owner-password.md) | In most cases, applies to Windows 10, version 1511 and Windows 10, version 1507 only. Tells how to change the TPM owner password. |