/
  • Last updated
/
  • 6 min read

How to Install or Uninstall the TPM Diagnostics Tool in Windows 11

  • by Ann Conte, IT Technical Writer
How to Install or Uninstall TPM Diagnostics Tool in Windows 11 blog banner image

The TPM Diagnostics Tool in Windows 11 is an optional feature that can display the Trusted Platform Module (TPM)’s status and configuration to IT administrators. The information it provides is particularly useful in enterprise environments and can be utilized to verify TPM usage for BitLocker, Windows Hello, or secure boot implementations.

It’s not installed by default on Windows 11 computers. IT administrators must use optional feature management to fully utilize its features.

What is the TPM Diagnostics tool?

The TPM Diagnostics tool is an optional feature in Windows 11 that allows administrators to access different kinds of information from the TPM installed in their devices. They can use it to see Windows Attestation Identity Keys, Endorsement Key certificates, boot counters, and so much more.

3 different ways to install or uninstall TPM Diagnostics tool on your PC

The TPM Diagnostics tool is only intended for administrative use, and individual users won’t have much use for it. It can be installed or uninstalled using Settings, Command Prompt, or Windows PowerShell.

📌 Prerequisites:

  • This guide applies to all editions of Windows 11.
  • You will need administrator access for all methods. To check if you have the necessary permissions, go to the Start Menu Settings > Accounts. The word “Administrator” should be printed under the username.
  • You will need Internet access to install the TPM Diagnostics tool.

📌 Recommended deployment strategies:

Click to Choose a Method

💻

Best for Individual Users

💻💻💻

Best for Enterprises

Method 1: Install or uninstall via Settings
Method 2: Install or uninstall via Command Prompt
Method 3: Install or uninstall via PowerShell

Method 1: Install or uninstall via Settings

📌 Use Case: This is the most straightforward method and provides users with a user-friendly interface to work with. It’s recommended for standard administrative access.

To install:

  1. Open the Start Menu Settings.
  2. Navigate to Apps Optional features.
    • If that’s not available, you can select System Optional features.
  3. Next to Add an optional feature, click View features.
  4. Type TPM in the search box.
  5. Check the box next to TPM Diagnostics.
  6. Click Next Add.
  7. This will install TPM diagnostics.

To uninstall:

  1. Open the Start Menu Settings.
  2. Click Apps Optional features.
    • If that’s not available, you can also go to System Optional features.
  3. Scroll down to the Installed features section.
  4. Click TPM Diagnostics to open the drop-down.
  5. Select Uninstall.
  6. Once finished uninstalling, you may need to restart your computer to apply the changes.

Method 2: Install or uninstall via Command Prompt

📌 Use Case: This method is ideal for administrators using deployment scripts or for command-line driven environments.

  1. Open the Start Menu and search for Command Prompt.
  2. Right-click Command Prompt and select Run as administrator.
    • To install, type this command:
      DISM /Online /Add-Capability /CapabilityName:Tpm.TpmDiagnostics~~~~0.0.1.0
    • To uninstall, type this command:
      DISM /Online /Remove-Capability /CapabilityName:Tpm.TpmDiagnostics~~~~0.0.1.0
  3. Type when the prompt appears. The computer will restart to apply the changes.

Method 3: Install or uninstall via PowerShell

📌 Use Case: This method is ideal for system automation. You can deploy the script to your managed devices using a remote PowerShell tool.

  1. Open the Start Menu and search for Windows PowerShell.
  2. Right-click Windows PowerShell and select Run as administrator.
    • To install, type this command:
      Add-WindowsCapability -Online -Name “Tpm.TpmDiagnostics~~~~0.0.1.0”
    • To uninstall, type this command:
      Remove-WindowsCapability -Online -Name “Tpm.TpmDiagnostics~~~~0.0.1.0”
  3. You may need to restart the computer to apply the changes.

⚠️ Things to look out for

Risks

Potential Consequences

Reversals

Users may access important system information through the TPM Diagnostics tool.Incorrect use of this information may lead to system problems and instability.Restrict the TPM commands available in a system to prevent users from using them incorrectly.

Additional considerations when installing or uninstalling the TPM Diagnostics Tool

  • The TPM Diagnostics tool is only intended for administrative use. Individual users typically don’t need it.
  • Once installed, you can run the TPM Diagnostics tool through the following steps:
    1. Open the Start Menu and search for Command Prompt.
    2. Right-click Command Prompt and select Run as administrator.
    3. Type tpmdiagnostics.exe /? and press Enter.
    4. This will display all the commands you can run using the TPM Diagnostics tool.

How to use the TPM Diagnostics tool

  1. Open the Start Menu and search for Command Prompt.
  2. Right-click Command Prompt Run as administrator.
  3. Type TPMdiagnostic.exe and press Enter.
  4. This will show you the list of queries you can make in TPM. Use the commands according to your needs.

How to restrict TPM commands using the Local Group Policy Editor

  1. Open the Start Menu and search for the Local Group Policy Editor to open the program.
  2. Navigate to Computer Configuration Administrative Templates System Trusted Platform Module Services.
  3. Find the Configure the list of blocked TPM commands policy and double-click it.
  4. Set it to Enabled.
  5. In the Options box, click Show.
  6. Add the commands you wish to block and click OK.
  7. Click Apply OK.

Troubleshooting

  • If the installation fails, check if the system has a stable Internet connection and that the Windows Update Service is running. If there’s a problem with the latter, go to Start Menu Settings System Troubleshoot Other troubleshooters. From there, run the Windows Update troubleshooter.
  • If you can’t find the tool after installation, open Windows PowerShell as an administrator to confirm that it has been installed.
    1. Type the following command and press Enter:
      Get-WindowsCapability -Online | findstr Tpm.TpmDiagnostics
    2. If Windows PowerShell cannot locate it, try installing it again.
  • If you encounter the “Access Denied” warning, you may not have the necessary permissions. Make sure you are running Command Prompt or Windows PowerShell as an administrator.

Get in-depth TPM information using Windows 11’s TPM Diagnostics Tool

The TPM Diagnostics Tool is a useful administrative tool that allows IT personnel to view TPM usage for key system features, such as BitLocker, Windows Hello, and other secure boot configurations. It’s not enabled by default, and it has to be installed through optional feature management before you can take advantage of its features.

This can be done through Settings, Windows PowerShell, or Command Prompt. If you want to further manage the use of the TPM Diagnostics tool, you can also restrict the TPM commands people can utilize by using the Local Group Policy Editor.

Related Links:

Start your Free Trial

You might also like

Installing or Uninstalling the Wireless Display App in Windows 11 blog banner image

How to Install or Uninstall the Wireless Display App in Windows 11

The Quiet Engine Behind Modern Endpoint Management

Guide- What Is Security Awareness Training? blog banner image

Guide: What Is Security Awareness Training?

How to Revert to a Previous Version of Windows in Windows 11 blog banner image

How to Revert to a Previous Version of Windows in Windows 11

Architecting Secure, Compliant AWS Backup and Recovery Solutions with AWS GovCloud blog banner image

Architecting Secure, Compliant AWS Backup and Recovery Solutions with AWS GovCloud

Comparison and Legal Overview of CCPA vs GDPR blog banner image

Comparison and Legal Overview of CCPA vs GDPR

Back to Blog Home
Ready to simplify the hardest parts of IT?
Start a Free Trial
Get a demo