Community Pick: Many members of our community have endorsed this article.
Editor's Choice: This article has been selected by our editors as an exceptional contribution.

Encrypt your Thumb Drive at Work and Use it at Home -- PART ONE

USB "Thumb Drives" are convenient and cheap.  They are great for making quick backups and for transferring data from one place to another.  But if you lose a portable flash disk, anything it contains is easily read by whoever finds it.  It turns out to be pretty easy to use Windows EFS (Encrypting File System) to encrypt thumb drive data, but it's not so obvious how to make it possible to read from that drive on another computer.

This two-part article describes the steps needed to use EFS to store encrypted data on a thumb drive at work and still be able to use that data on another computer at home.  I can dump an entire project directory onto the drive on Friday and use it at home with no fear that if I were to lose the drive, say, at an airport, my client's proprietary source code would be at risk.

You need to have the thumb drive formatted using NTFS.  To do that, you need to change a setting in the Device Manager first.  Once you've reformatted the drive to NTFS and set up an encrypted directory (covered here in PART ONE), you need to export a Certificate from one computer and import it on the other computer (covered in PART TWO).  If you know how to do all of this, then you're done. If not, read on.

We will be formatting your thumb drive.  You want to be very careful to ensure that you are formatting the thumb drive and not some other drive.  I suggest that you set the volume label to, for instance, My4GThumDrv.  I also suggest that at this point you copy anything you want to save to a hard disk and delete all of the files and directories from the thumb drive.

If, while following these steps, you get to a point where you are not sure if you are working with the right drive, then stop! and find a way to be sure before proceeding.  If you have deleted the data as suggested, then one way to be sure you have the right drive is to see that it is currently empty of files.

How to Enable Encryption on the Thumb Drive

1. Change Device Settings

You can do this through Control Panel / Device Manager, but the easiest way is via the Windows Explorer.  Locate the drive under "My Computer."  Right-click it and choose Properties.  

Click the Hardware tab.  
Locate your thumb drive in the list.  
Select it and click the [Properties] button.

        First, be sure you have the right drive: Click the Volumes tab
        and click the [Populate] button.  You should see the volume label
        and the drive letter.

Now, click the Policies tab.
"Polices" properties for the thumb driveMost thumb drives are formatted with the FAT or FAT32 filesystem.  You need to change the "Write caching and Safe Removal" option in order to be able to reformat it to NTFS.  Click the Optimize for performance option as shown.  OK the change.

2. Format the Drive, DESTROYING all Data On It

If the drive contains any data you want to preserve, copy that data to a hard disk.  This step will delete everything that is on the thumb drive.

In the Windows Explorer, locate your thumb drive (under "My Computer")  Right-click it and select Format.  
Format to use NTFS filesystemHaving changed the Policy in Step 1, you will now have the option of choosing the NTFS filesystem.  Make it so.  

Verify (one last time!) that the volume label indicates that you are working with the correct drive, and click the [Start] button to begin formatting.

3. Set Up an Encrypted Folder

In the Windows Explorer, locate the newly-formatted drive.  Select it.  Right-click in the file area and choose New > Folder Set the folder name to Private Data.

Now Right-click the "Private Data" folder and select Properties
Enable encryption for a folderPut a checkmark in the Encrypt contents to secure data checkbox.
OK the change.  The Explorer will now show that folder name ("Private Data") in green to indicate that it is an encrypted folder.  All filenames in that folder (and all subfolders) will also be displayed in green letters.
Congratulations!  You now have a folder on your thumb drive that will always be encrypted.  You can drop files into that folder and only you (or whoever knows your Windows login name and password on this computer) will be able to read them.  Other users will get a "Permission denied" popup error.  File preview (i.e. image thumbnails, etc.) will show only a default/blank icon.  

File and folder names remain visible to anyone, so you might want to keep that in mind.  Also, only the files in the "Private Data" folder and its subfolders will be encrypted; e.g., files in the root directory are not encrypted in this scenario.
Many employers have strict policies about copying data from corporate sources -- with or without an encrypted transport mechanism.  I suggest that you check your company's policies before taking any data from an office computer and putting it onto a portable device.

How to Make the Drive Readable At Home
When you plug in the USB drive at work, you will be able to access the Private Data folder.  But if you take it home, or try to use it on any other computer, the contents of that folder cannot be used.  

For the step-by-step on making that data visible on anther computer, as well as the summary notes relevant to this article...

                                      See PART TWO  

If you liked this article and want to see more from this author,  please click the Yes button near the:
      Was this article helpful?
label that is just below and to the right of this text.   Thanks!

Comments (8)


I prefer Trucrypt myself.

I get this error after I try to Apply "Encrypt contents to secure data."  Clicking ignore, Retry, etc. does not turn my folder "green" as you indicate.

Why?  This would be useful otherwise. Error when applying
Author of the Year 2009


It is related to a policy setting on you computer.  This TechNet link appears to explain the problem.  See also, this link.

Thanks Dan.
I read "in general" how to fix this, but I could not find directions on exactly what to do and how to do.  I don't understand what "certificates" this message is talking about and where they are.  
I know computers just a bit, but this one escapes me...
Any further pointing in the right direction would be gladly accepted.  
Author of the Year 2009


I really can't solve that particular problem in the article comments here.  I recommend that you ask a question at :-)

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.