Final answer:
To secure sensitive data on a computer with BitLocker and TPM, one must activate TPM in the BIOS, enable BitLocker in Windows, backup the recovery key to a secure location, encrypt the entire system drive using the new encryption mode, and perform a system check to finalize the setup.
Step-by-step explanation:
Configuring BitLocker to encrypt a system volume with a TPM involves several steps to ensure the security of sensitive information on a computer. Below is a step-by-step guide to properly setting up BitLocker on the employee’s computer:
- Restart the computer and enter the BIOS setup. This process usually involves hitting a key like F2, F10, F12, DEL, or ESC during the boot process.
- Look for the security settings in the BIOS and locate the option to enable the TPM. Activate or enable TPM Security, then save the changes and exit the BIOS.
- Boot into Windows, open the Control Panel, and find the BitLocker Drive Encryption option. Click on “Turn on BitLocker” next to the System (C:) drive.
- The BitLocker setup wizard will prompt you to save the recovery key. Choose to back up the recovery key to the CorpServer BU-Office1 folder as instructed.
- Select the option to encrypt the entire drive, and make sure to choose the “new encryption mode” if available for enhanced security.
- Initiate the BitLocker encryption process. Be aware that this process can take a considerable amount of time depending on the size of the drive.
- Once the initial steps are complete, BitLocker will prompt you to run a system check to ensure everything is working correctly before the actual encryption of the disk begins. Be sure to continue with this system check to avoid any issues later on.
After these steps, the system volume will be encrypted, enhancing the security of sensitive data against physical theft of the hard drive.