Dave,
Do you know if a removable drive encrypted with BitLocker on Win 7
can be accessed on Win 10 and vice-versa?
Thanks.
Ken
Just a bit more Bitlocker info:
Bitlocker allows you to set up an automatic decrypt on whatever
machine(s) you want but the default value is to ask for the decrypt
key. For instance, I have my USB drive set up to automatically
decrypt but plugging it into any other machine will ask for an unlock key.
My only gripe with USB drives is that when you have a number of them
they don't always set themselves up as a permanent drive letter. For
instance I have 3 x USB drives that are rotated on a daily basis and
I use Syncback to put mirror images onto the disks. Syncback
requires a fixed drive mapping (example z:) but windows in its
infinite wisdom gives random drive mappings which have to be changed
using disk Manager at which stage the auto decrypt of bitlocker
takes over and opens the drive. I have tried man, many pieces of
software which state that they will force a drive to be mapped to a
specific letter but none of them work 100%.
However this is another gripe taking the thread off topic somewhat.
Dave
-----Original Message-----
From: ProFox [mailto:profox-boun...@leafe.com] On Behalf Of Ken Dibble
Sent: 06 February 2017 20:13
To: profox@leafe.com
Subject: [NF] Drop-Dead Simple USB Drive Encryption
Hi Folks,
This is probably one of those issues where my requirements seem
obvious and common-sensical to me but not to the people who make
hardware or software. However, in the interest of developing a
complete understanding of my options:
I am looking for recommendations for the simplest possible way to
encrypt USB thumb drives. "Simplest possible" means in reference to
the end user.
The sole purpose of the thumb drive is to provide offsite backup for
important files.
The sole purpose of encrypting the thumb drive is to prevent access
by unauthorized people to the contents of the drive if the user loses it.
Here are my requirements:
1. Must be usable by a "standard user" account: No administrative
access required.
2. Must not require software to be installed on the computer
(installed on the removable drive is okay).
3. Access should be available, ideally, simply by right-clicking the
drive in Windows Explorer and entering the password for the drive
(like with BitLocker). Less desirable would be for the user to have
to manually execute software residing on the drive before being
given an interface in which to enter the password. Anything more
complicated than that, such as requiring users to copy files to/from
the drive, or carry out multiple steps to get to the point where the
password can be entered, is not acceptable.
3. The drive should work on any Windows computer of recent vintage,
no matter where it was initially set up.
4. Users cannot permanently turn the encryption off.
5. Ideally, the entire drive should be encrypted.
I am prepared to accept that my staff will have to set up these
drives initially for the users. That's okay as long as, once that
work's been done, the drive functions as described above. And, of
course, I can only set up computers under my control, which is why I
can't use a system that requires software to be installed on every
machine where the drive will be used.
Here is what I've looked at:
BitLocker
Problems: only available on Windows 7 Ultimate, or later. Most of
our workstations are Windows 7 Ultimate, but some are Pro. Also,
there are a couple of points I'm not sure about with BitLocker:
A. When an internal drive is encrypted on a computer, the user can
check a box to essentially turn off the encryption (that is, the
drive will be automatically decrypted when the computer is booted).
I do not want the user to be able to turn off the encryption on a
thumb drive such that, if the drive is inserted into another
computer it is automatically decrypted. Does BitLocker allow that?
B. I am not sure that a drive encrypted with BitLocker on a Win 7
machine will be accessible on a Win 10 machine, or vice versa. Does
anyone have a definitive answer on that point?
LaCie Private - Public
Problems: Does not work for "standard users", period. Also, requires
the drive to be formatted NTFS in order to encrypt more than 4 GB of space.
Rohos
Problems: Requires multiple steps for standard users to access;
cannot encrypt more than 4 GB under any circumstances.
VeraCrypt
Problems: Requires software to be installed on the machine.
Hardware Encryption
I took a visual look at the Corsair Flash Padlock drive. It's got
dinky little flashing lights and tiny little buttons. I can just
imagine what will happen when a user has to get into the drive by
poking and punching tiny little buttons with their fingernails while
the drive is inserted into the typical fragile USB slot. Not a
winner... But are there other hardware encryption options that don't
suffer from this or other flaws?
Of course, I am also looking for solutions that are free as in beer.
But I am willing to pay a reasonable one-time cost. No way would I
pay a recurring cost for a license to access a thumb drive.
Any thoughts are welcome.
Thanks!
Ken Dibble
www.stic-cil.org
[excessive quoting removed by server]
_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/40.A6.16480.332E9985@cdptpa-omsmta02
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.