[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Encrypt your Thumb Drive at Work and Use it at Home -- PART ONE

Published on
24,584 Points
35 Endorsements
Last Modified:
Editor's Choice
Community Pick
USB "Thumb Drives" are convenient and cheap.  They are great for making quick backups and for transferring data from one place to another.  But if you lose a portable flash disk, anything it contains is easily read by whoever finds it.  It turns out to be pretty easy to use Windows EFS (Encrypting File System) to encrypt thumb drive data, but it's not so obvious how to make it possible to read from that drive on another computer.

This two-part article describes the steps needed to use EFS to store encrypted data on a thumb drive at work and still be able to use that data on another computer at home.  I can dump an entire project directory onto the drive on Friday and use it at home with no fear that if I were to lose the drive, say, at an airport, my client's proprietary source code would be at risk.

You need to have the thumb drive formatted using NTFS.  To do that, you need to change a setting in the Device Manager first.  Once you've reformatted the drive to NTFS and set up an encrypted directory (covered here in PART ONE), you need to export a Certificate from one computer and import it on the other computer (covered in PART TWO).  If you know how to do all of this, then you're done. If not, read on.

We will be formatting your thumb drive.  You want to be very careful to ensure that you are formatting the thumb drive and not some other drive.  I suggest that you set the volume label to, for instance, My4GThumDrv.  I also suggest that at this point you copy anything you want to save to a hard disk and delete all of the files and directories from the thumb drive.

If, while following these steps, you get to a point where you are not sure if you are working with the right drive, then stop! and find a way to be sure before proceeding.  If you have deleted the data as suggested, then one way to be sure you have the right drive is to see that it is currently empty of files.

How to Enable Encryption on the Thumb Drive

1. Change Device Settings

You can do this through Control Panel / Device Manager, but the easiest way is via the Windows Explorer.  Locate the drive under "My Computer."  Right-click it and choose Properties.  

Click the Hardware tab.  
Locate your thumb drive in the list.  
Select it and click the [Properties] button.

        First, be sure you have the right drive: Click the Volumes tab
        and click the [Populate] button.  You should see the volume label
        and the drive letter.

Now, click the Policies tab.
"Polices" properties for the thumb driveMost thumb drives are formatted with the FAT or FAT32 filesystem.  You need to change the "Write caching and Safe Removal" option in order to be able to reformat it to NTFS.  Click the Optimize for performance option as shown.  OK the change.

2. Format the Drive, DESTROYING all Data On It

If the drive contains any data you want to preserve, copy that data to a hard disk.  This step will delete everything that is on the thumb drive.

In the Windows Explorer, locate your thumb drive (under "My Computer")  Right-click it and select Format.  
Format to use NTFS filesystemHaving changed the Policy in Step 1, you will now have the option of choosing the NTFS filesystem.  Make it so.  

Verify (one last time!) that the volume label indicates that you are working with the correct drive, and click the [Start] button to begin formatting.

3. Set Up an Encrypted Folder

In the Windows Explorer, locate the newly-formatted drive.  Select it.  Right-click in the file area and choose New > Folder Set the folder name to Private Data.

Now Right-click the "Private Data" folder and select Properties
Enable encryption for a folderPut a checkmark in the Encrypt contents to secure data checkbox.
OK the change.  The Explorer will now show that folder name ("Private Data") in green to indicate that it is an encrypted folder.  All filenames in that folder (and all subfolders) will also be displayed in green letters.
Congratulations!  You now have a folder on your thumb drive that will always be encrypted.  You can drop files into that folder and only you (or whoever knows your Windows login name and password on this computer) will be able to read them.  Other users will get a "Permission denied" popup error.  File preview (i.e. image thumbnails, etc.) will show only a default/blank icon.  

File and folder names remain visible to anyone, so you might want to keep that in mind.  Also, only the files in the "Private Data" folder and its subfolders will be encrypted; e.g., files in the root directory are not encrypted in this scenario.
Many employers have strict policies about copying data from corporate sources -- with or without an encrypted transport mechanism.  I suggest that you check your company's policies before taking any data from an office computer and putting it onto a portable device.

How to Make the Drive Readable At Home
When you plug in the USB drive at work, you will be able to access the Private Data folder.  But if you take it home, or try to use it on any other computer, the contents of that folder cannot be used.  

For the step-by-step on making that data visible on anther computer, as well as the summary notes relevant to this article...

                                      See PART TWO  

If you liked this article and want to see more from this author,  please click the Yes button near the:
      Was this article helpful?
label that is just below and to the right of this text.   Thanks!
LVL 48

Expert Comment


This article is about encrypting thumb drive content.  It doesn't address any company policy about thumb drive use.  In fact, an unlocked USB port allows for ANY content to be copied, whether that content was encrypted or not.  If you want to write an article about creating employer policies about USB port or thumb drive use then go for it.  Otherwise, I disagree with your concerns about this article's possible content missuse.

If the article addressed ways of circumventing a locked USB port, then I would have a problem with that, since it falls into the cracker/hacker realm.

If Dan, or anyone, wants to write an article on how to lock down USB ports, then I would encourage such an article.
LVL 18

Expert Comment

I think this pair of articles addresses something important to know and does it in a way that clearly and concisely addresses the questions a user would have in mind.  In short, it takes the mystery out of something that is important to know and makes it available for general use.  And, it gives a little, but needed, extra education about certificates.  Even I understand it now.  It got my vote above.
LVL 61

Expert Comment

by:Kevin Cross
Very nice, Dan!

Voted yes above.
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.


Expert Comment

I prefer Trucrypt myself.

Expert Comment

I get this error after I try to Apply "Encrypt contents to secure data."  Clicking ignore, Retry, etc. does not turn my folder "green" as you indicate.

Why?  This would be useful otherwise. Error when applying
LVL 50

Author Comment

It is related to a policy setting on you computer.  This TechNet link appears to explain the problem.  See also, this link.

Expert Comment

Thanks Dan.
I read "in general" how to fix this, but I could not find directions on exactly what to do and how to do.  I don't understand what "certificates" this message is talking about and where they are.  
I know computers just a bit, but this one escapes me...
Any further pointing in the right direction would be gladly accepted.  
LVL 50

Author Comment

I really can't solve that particular problem in the article comments here.  I recommend that you ask a question at Experts-Exchange.com :-)

Featured Post

Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Join & Write a Comment

Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month