For a relatively painless solution, I'll join the IronKey chorus. It has the added bonus of being able to survive much more physical abuse than other USB drives. I, er, I mean Bob, says they might even survive a trip through the washing machine if the cap is on tight.
As far as Bitlocker-to-go, this is a classic MS "innovation"- they get parts of it right and then drop the ball hard. Bitlocker-to-go is a great solution, one checkbox in GP and no more writing to unencrypted USB drives on your domain (several more places to control passphrase complexity, X.509 certs, backwards compat, etc). If you use a password/phrase you can open it (read-only) with XP/Vista machines, but they cannot write to it (that's default, can be set in GP). Note- if you use SmartCard or other X.509 cert. based auth, no backwards compatibility. Now the thud- it will only be available on Enterprise and Ultimate SKUs, not on Pro or any Home version. Enterprise is Volume licensing only, Ultimate will mostly be a retail software purchase. In other words, you are not likely to ever purchase a PC with Bitlocker-to-go enabled- if you want it you will pay again. And no, I have not tried to carve up the registry looking for a way to open Bitlocker, the pre-beta, beta and RCs I have used were all Ultimate. Jack -- ______________________________________ Jack Daniel, Reluctant CISSP http://twitter.com/jack_daniel http://blog.uncommonsensesecurity.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
