?
Solved

BitLocker on kiosk

Posted on 2011-03-14
3
Medium Priority
?
805 Views
Last Modified: 2012-05-11
Using Windows Embedded we create kiosks with proprietary software.  Using Bitlocker, or something similar is a good way of encrypting a drive and the proprietary software.  However in the case of Bitlocker it needs a TPM or USB key inserted at startup - neither are feasible at this time.  Ideally we would like to encrypt a drive on the unit but give permission for certain software to run from it while keeping it encrypted. The goal would be to prevent unathorized access to the encrypted partition at runtime.  Possible? ideas?  Thanks.
0
Comment
Question by:suprdupr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 25

Accepted Solution

by:
RobMobility earned 1000 total points
ID: 35127754
Hi,

Bitlocker and similar encryptions systems are designed to protect data at rest - i.e. the drive is encrypted when powered down, but unencrypted fully once authenticated.

Your scenario would be better served using either NTFS file permissions (i.e. the account running the service that needs to run the software) or perhaps EFS?

You can still use alternative Encryption solutions for boot-time protection - it's whether they are supported on Windows Embedded isn't clear -

You could look at something like Spyrus SPD - effectively, you'd run your whole Windows CE environment from a fash,encrypted USB Pen-drive which enables you to lock it etc?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 35381956
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question