BitLocker on kiosk

Using Windows Embedded we create kiosks with proprietary software.  Using Bitlocker, or something similar is a good way of encrypting a drive and the proprietary software.  However in the case of Bitlocker it needs a TPM or USB key inserted at startup - neither are feasible at this time.  Ideally we would like to encrypt a drive on the unit but give permission for certain software to run from it while keeping it encrypted. The goal would be to prevent unathorized access to the encrypted partition at runtime.  Possible? ideas?  Thanks.
Who is Participating?
Rob KnightConnect With a Mentor ConsultantCommented:

Bitlocker and similar encryptions systems are designed to protect data at rest - i.e. the drive is encrypted when powered down, but unencrypted fully once authenticated.

Your scenario would be better served using either NTFS file permissions (i.e. the account running the service that needs to run the software) or perhaps EFS?

You can still use alternative Encryption solutions for boot-time protection - it's whether they are supported on Windows Embedded isn't clear -

You could look at something like Spyrus SPD - effectively, you'd run your whole Windows CE environment from a fash,encrypted USB Pen-drive which enables you to lock it etc?
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.