<

Encrypt your Thumb Drive at Work and Use it at Home -- PART ONE

Published on
23,864 Points
10,864 Views
35 Endorsements
Last Modified:
Awarded
DanRollins
USB "Thumb Drives" are convenient and cheap.  They are great for making quick backups and for transferring data from one place to another.  But if you lose a portable flash disk, anything it contains is easily read by whoever finds it.  It turns out to be pretty easy to use Windows EFS (Encrypting File System) to encrypt thumb drive data, but it's not so obvious how to make it possible to read from that drive on another computer.

This two-part article describes the steps needed to use EFS to store encrypted data on a thumb drive at work and still be able to use that data on another computer at home.  I can dump an entire project directory onto the drive on Friday and use it at home with no fear that if I were to lose the drive, say, at an airport, my client's proprietary source code would be at risk.

Overview
You need to have the thumb drive formatted using NTFS.  To do that, you need to change a setting in the Device Manager first.  Once you've reformatted the drive to NTFS and set up an encrypted directory (covered here in PART ONE), you need to export a Certificate from one computer and import it on the other computer (covered in PART TWO).  If you know how to do all of this, then you're done. If not, read on.

Precautions:
We will be formatting your thumb drive.  You want to be very careful to ensure that you are formatting the thumb drive and not some other drive.  I suggest that you set the volume label to, for instance, My4GThumDrv.  I also suggest that at this point you copy anything you want to save to a hard disk and delete all of the files and directories from the thumb drive.

If, while following these steps, you get to a point where you are not sure if you are working with the right drive, then stop! and find a way to be sure before proceeding.  If you have deleted the data as suggested, then one way to be sure you have the right drive is to see that it is currently empty of files.

How to Enable Encryption on the Thumb Drive

1. Change Device Settings

You can do this through Control Panel / Device Manager, but the easiest way is via the Windows Explorer.  Locate the drive under "My Computer."  Right-click it and choose Properties.  

Click the Hardware tab.  
Locate your thumb drive in the list.  
Select it and click the [Properties] button.

        First, be sure you have the right drive: Click the Volumes tab
        and click the [Populate] button.  You should see the volume label
        and the drive letter.

Now, click the Policies tab.
"Polices" properties for the thumb driveMost thumb drives are formatted with the FAT or FAT32 filesystem.  You need to change the "Write caching and Safe Removal" option in order to be able to reformat it to NTFS.  Click the Optimize for performance option as shown.  OK the change.

2. Format the Drive, DESTROYING all Data On It

If the drive contains any data you want to preserve, copy that data to a hard disk.  This step will delete everything that is on the thumb drive.

In the Windows Explorer, locate your thumb drive (under "My Computer")  Right-click it and select Format.  
Format to use NTFS filesystemHaving changed the Policy in Step 1, you will now have the option of choosing the NTFS filesystem.  Make it so.  

Verify (one last time!) that the volume label indicates that you are working with the correct drive, and click the [Start] button to begin formatting.

3. Set Up an Encrypted Folder

In the Windows Explorer, locate the newly-formatted drive.  Select it.  Right-click in the file area and choose New > Folder Set the folder name to Private Data.

Now Right-click the "Private Data" folder and select Properties
Enable encryption for a folderPut a checkmark in the Encrypt contents to secure data checkbox.
OK the change.  The Explorer will now show that folder name ("Private Data") in green to indicate that it is an encrypted folder.  All filenames in that folder (and all subfolders) will also be displayed in green letters.
Congratulations!  You now have a folder on your thumb drive that will always be encrypted.  You can drop files into that folder and only you (or whoever knows your Windows login name and password on this computer) will be able to read them.  Other users will get a "Permission denied" popup error.  File preview (i.e. image thumbnails, etc.) will show only a default/blank icon.  

Notes:
File and folder names remain visible to anyone, so you might want to keep that in mind.  Also, only the files in the "Private Data" folder and its subfolders will be encrypted; e.g., files in the root directory are not encrypted in this scenario.
Many employers have strict policies about copying data from corporate sources -- with or without an encrypted transport mechanism.  I suggest that you check your company's policies before taking any data from an office computer and putting it onto a portable device.

How to Make the Drive Readable At Home
When you plug in the USB drive at work, you will be able to access the Private Data folder.  But if you take it home, or try to use it on any other computer, the contents of that folder cannot be used.  

For the step-by-step on making that data visible on anther computer, as well as the summary notes relevant to this article...

                                      See PART TWO  

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
If you liked this article and want to see more from this author,  please click the Yes button near the:
      Was this article helpful?
label that is just below and to the right of this text.   Thanks!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
35
Comment
Author:DanRollins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 45

Expert Comment

by:aikimark
@WS

This article is about encrypting thumb drive content.  It doesn't address any company policy about thumb drive use.  In fact, an unlocked USB port allows for ANY content to be copied, whether that content was encrypted or not.  If you want to write an article about creating employer policies about USB port or thumb drive use then go for it.  Otherwise, I disagree with your concerns about this article's possible content missuse.

If the article addressed ways of circumventing a locked USB port, then I would have a problem with that, since it falls into the cracker/hacker realm.

If Dan, or anyone, wants to write an article on how to lock down USB ports, then I would encourage such an article.
0
 
LVL 18

Expert Comment

by:WaterStreet
I think this pair of articles addresses something important to know and does it in a way that clearly and concisely addresses the questions a user would have in mind.  In short, it takes the mystery out of something that is important to know and makes it available for general use.  And, it gives a little, but needed, extra education about certificates.  Even I understand it now.  It got my vote above.
0
 
LVL 60

Expert Comment

by:Kevin Cross
Very nice, Dan!

Voted yes above.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:LarcenIII
I prefer Trucrypt myself.
0
 

Expert Comment

by:HaimD
I get this error after I try to Apply "Encrypt contents to secure data."  Clicking ignore, Retry, etc. does not turn my folder "green" as you indicate.

Why?  This would be useful otherwise. Error when applying
0
 
LVL 49

Author Comment

by:DanRollins
It is related to a policy setting on you computer.  This TechNet link appears to explain the problem.  See also, this link.
0
 

Expert Comment

by:HaimD
Thanks Dan.
I read "in general" how to fix this, but I could not find directions on exactly what to do and how to do.  I don't understand what "certificates" this message is talking about and where they are.  
I know computers just a bit, but this one escapes me...
Any further pointing in the right direction would be gladly accepted.  
0
 
LVL 49

Author Comment

by:DanRollins
I really can't solve that particular problem in the article comments here.  I recommend that you ask a question at Experts-Exchange.com :-)
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Join & Write a Comment

In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month