Hey folks! I hope everyone is doing well! I have a question about Windows Hello for Business (WHfB) using TPM. As far as I know, there's a limit of 10 users per device. What's the best way to handle this remotely when one of those users leaves the company? I need to free up that TPM slot for a new staff member. I'm sure there's a straightforward solution, and I'm just overlooking something. Thanks!
3 Answers
It sounds like you're dealing with a shared device. I'm curious—why don’t you have dedicated devices for each user? If you're only using WHfB for shared PCs, that might not be the best approach. It could be more effective to consider using physical keys for sign-in instead of relying on biometrics. Would love to hear more about your setup!
Got it! That makes sense. The turnover issue definitely complicates things!
If you're looking to reset the TPM, you could suspend BitLocker, reset the TPM, and then resume BitLocker. Just ensure that it's not still associated with the other users, as that could cause issues.
You might want to try using the command 'Certutil -deletehellocontainer' to manage the TPM slots. Not entirely sure if it’s the perfect solution but it might be useful! Still, it could lead you to a workaround.
We're managing multiple branches with medical staff that move around a lot. Our doctors use shared workstations across 30 branches, so 10 users quickly become a limitation. It’s a real logistical challenge!