3.3 Device Authentication Setting

The Trusted Platform Module (TPM) is a crypto-processor available in Windows workstation to achieve actions, such as generating, storing, and limiting the use of cryptographic keys. During the Device Authentication method enrollment, a key pair is generated and stored in the TPM chip. The stored key pair is verified to authenticate users.

By default, the TPM is enabled in Windows workstation. However, in some Windows workstation TPM chip is not available then you can store the generated key pair in the Local Security Authority (LSA) and encrypt the same using PIN.

To disable the TPM chip and allow Device Authentication enrollment in the generate key pair mode perform the following:

  1. Open the configuration file C:\ProgramData\NetIQ\Device Service\config.properties.

    If the file does not exist, create a new file.

  2. Specify deviceAuth.tpmEnabled: false.

    The default value is True.

  3. Save the configuration.

NOTE:This setting is not required in Device Service for Linux and Mac because the TPM mode is not supported on these platforms. However, the non-TPM mode always used on these platforms.