- Community Pick
- Experts Exchange Approved
- Editor's Choice
USB "Thumb Drives" are convenient and cheap. They are great for making quick backups and for transferring data from one place to another. But if you lose a portable flash disk, anything it contains is easily read by whoever finds it. It turns out to be pretty easy to use Windows EFS (Encrypting File System) to encrypt thumb drive data, but it's not so obvious how to make it possible to read from that drive on another computer.
This two-part article describes the steps needed to use EFS to store encrypted data on a thumb drive at work and still be able to use that data on another computer at home. I can dump an entire project directory onto the drive on Friday and use it at home with no fear that if I were to lose the drive, say, at an airport, my client's proprietary source code would be at risk.
Overview
You need to have the thumb drive formatted using NTFS. To do that, you need to change a setting in the Device Manager first. Once you've reformatted the drive to NTFS and set up an encrypted directory (covered here in PART ONE), you need to export a Certificate from one computer and import it on the other computer (covered in PART TWO). If you know how to do all of this, then you're done. If not, read on.
Precautions:
We will be formatting your thumb drive. You want to be very careful to ensure that you are formatting the thumb drive and not some other drive. I suggest that you set the volume label to, for instance, My4GThumDrv. I also suggest that at this point you copy anything you want to save to a hard disk and delete all of the files and directories from the thumb drive.
If, while following these steps, you get to a point where you are not sure if you are working with the right drive, then stop! and find a way to be sure before proceeding. If you have deleted the data as suggested, then one way to be sure you have the right drive is to see that it is currently empty of files.
How to Enable Encryption on the Thumb Drive
- 1
Change Device Settings
You can do this through Control Panel / Device Manager, but the easiest way is via the Windows Explorer. Locate the drive under "My Computer." Right-click it and choose Properties.
Click the Hardware tab.
Locate your thumb drive in the list.
Select it and click the [Properties] button.
First, be sure you have the right drive: Click the Volumes tab
and click the [Populate] button. You should see the volume label
and the drive letter.
Now, click the Policies tab.Most thumb drives are formatted with the FAT or FAT32 filesystem. You need to change the "Write caching and Safe Removal" option in order to be able to reformat it to NTFS. Click the Optimize for performance option as shown. OK the change.
- 2
Format the Drive, DESTROYING all Data On It
If the drive contains any data you want to preserve, copy that data to a hard disk. This step will delete everything that is on the thumb drive.
In the Windows Explorer, locate your thumb drive (under "My Computer") Right-click it and select Format.
Having changed the Policy in Step 1, you will now have the option of choosing the NTFS filesystem. Make it so.
Verify (one last time!) that the volume label indicates that you are working with the correct drive, and click the [Start] button to begin formatting.
- 3
Set Up an Encrypted Folder
In the Windows Explorer, locate the newly-formatted drive. Select it. Right-click in the file area and choose New > Folder Set the folder name to Private Data.
Now Right-click the "Private Data" folder and select Properties
Put a checkmark in the Encrypt contents to secure data checkbox.
OK the change. The Explorer will now show that folder name ("Private Data") in green to indicate that it is an encrypted folder. All filenames in that folder (and all subfolders) will also be displayed in green letters.
Congratulations! You now have a folder on your thumb drive that will always be encrypted. You can drop files into that folder and only you (or whoever knows your Windows login name and password on this computer) will be able to read them. Other users will get a "Permission denied" popup error. File preview (i.e. image thumbnails, etc.) will show only a default/blank icon.
Notes:
- File and folder names remain visible to anyone, so you might want to keep that in mind. Also, only the files in the "Private Data" folder and its subfolders will be encrypted; e.g., files in the root directory are not encrypted in this scenario.
- Many employers have strict policies about copying data from corporate sources -- with or without an encrypted transport mechanism. I suggest that you check your company's policies before taking any data from an office computer and putting it onto a portable device.
How to Make the Drive Readable At Home
When you plug in the USB drive at work, you will be able to access the Private Data folder. But if you take it home, or try to use it on any other computer, the contents of that folder cannot be used.
For the step-by-step on making that data visible on anther computer, as well as the summary notes relevant to this article...
See PART TWO
=-=-=-=-=-=-=-=-=-=-=-=-=-
If you liked this article and want to see more from this author, please click the Yes button near the:
Was this article helpful?
label that is just below and to the right of this text. Thanks!
=-=-=-=-=-=-=-=-=-=-=-=-=-
by: aikimark on 2009-08-10 at 10:18:43ID: 2636
@WS
This article is about encrypting thumb drive content. It doesn't address any company policy about thumb drive use. In fact, an unlocked USB port allows for ANY content to be copied, whether that content was encrypted or not. If you want to write an article about creating employer policies about USB port or thumb drive use then go for it. Otherwise, I disagree with your concerns about this article's possible content missuse.
If the article addressed ways of circumventing a locked USB port, then I would have a problem with that, since it falls into the cracker/hacker realm.
If Dan, or anyone, wants to write an article on how to lock down USB ports, then I would encourage such an article.