TakeOwnership method of the Win32_Tpm class

The TakeOwnership method of the Win32_Tpm class installs an owner for the TPM. The owner of the TPM can make full use of TPM capabilities. After an owner is set, no other user or software can claim ownership of the TPM.

The IsEnabled, IsActivated, and IsOwnershipAllowed methods must all be true before the TakeOwnership method can succeed.


uint32 TakeOwnership(
  [in, optional] string OwnerAuth


OwnerAuth [in, optional]

Type: string

A string that identifies the TPM owner. This string must be a base64-encoded null-terminated string that contains exactly 20 bytes of binary data. Use the ConvertToOwnerAuth method to translate a passphrase to this expected format. The OwnerAuth parameter is read from the registry if none is provided.

Return value

Type: uint32

All TPM errors as well as errors specific to TPM Base Services can be returned.

The following table lists some of the common return codes.

Return code/valueDescription
0 (0x0)

The method was successful.

2147942487 (0x80070057)

The OwnerAuth parameter is not valid.

2150105108 (0x80280014)

An owner already exists on the TPM.

2150105123 (0x80280023)

No endorsement key can be found on the TPM.

To create an endorsement key pair on the TPM, see the CreateEndorsementKeyPair method.

2150105099 (0x8028000B)

An owner cannot be installed on this TPM.

For information about how to allow installation of a device owner, see SetPhysicalPresenceRequest.

2150107139 (0x80280803)

The TPM is defending against dictionary attacks and is in a time-out period. For more information, see the ResetAuthLockOut method.



The methods IsEnabled, IsActivated, and IsOwnershipAllowed must all be true before TakeOwnership can succeed.

You should use the ConvertToOwnerAuth method to change a passphrase into the input value used for the OwnerAuth parameter.

The TakeOwnership method backs up the owner authorization value to Active Directory if the appropriate Group Policy settings have been configured.

Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).


Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]







See also