Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.

This policy has no additional user input fields.

• Computer
  Configure the level of TPM owner authorization information available to the operating system

  At least Windows Server 2012, Windows 8 or Windows RT
• Computer
  Configure the list of blocked TPM commands

  At least Windows Vista
• Computer
  Configure the system to clear the TPM if it is not in a ready state.

  At least Windows Server 2016, Windows 10 Version 1709
• Computer
  Ignore the default list of blocked TPM commands

  At least Windows Vista
• Computer
  Ignore the local list of blocked TPM commands

  At least Windows Vista
• Computer
  Standard User Individual Lockout Threshold

  At least Windows Server 2012, Windows 8 or Windows RT
• Computer
  Standard User Lockout Duration

  At least Windows Server 2012, Windows 8 or Windows RT