Is it possible to pass the AUTH value generated from owner password to TPM tools? If so how? When I say AUTH value, I mean the encrypted password Windows stores in the registry that can be retrieved from HKLM\System\CurrentControlSet\Services\TPM\WMI\Admin.

Separately but related, on domain-joined machines, in the same registry hive some sort of AUTH value is stored (which look different from non-domain joined machines) and it appears to me the value that gets stored is decided by certain domain group policies. Anyone know how to interpret the values so I can use the values instead of bothering the user for password? For those that are spooked by this approach - as many of you know once you activate and reboot Windows (for physical presence), upon reboot Windows 8.1 takes ownership of TPM and sets a random password and claims "TPM is ready to use". However the "first" user attempt to set TPM owner password does not require you to enter the auto-generated password set by Windows when it took ownership. So I am thinking there is a way to do it.

Sorry if the second question off-topic, there is hardly anyone who know anything about TPM outside the trousers (and jTSS) user group.

Thanks
Raja