Solved

BitLocker on kiosk

Posted on 2011-03-14
3
770 Views
Last Modified: 2012-05-11
Using Windows Embedded we create kiosks with proprietary software.  Using Bitlocker, or something similar is a good way of encrypting a drive and the proprietary software.  However in the case of Bitlocker it needs a TPM or USB key inserted at startup - neither are feasible at this time.  Ideally we would like to encrypt a drive on the unit but give permission for certain software to run from it while keeping it encrypted. The goal would be to prevent unathorized access to the encrypted partition at runtime.  Possible? ideas?  Thanks.
0
Comment
Question by:suprdupr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 25

Accepted Solution

by:
RobMobility earned 250 total points
ID: 35127754
Hi,

Bitlocker and similar encryptions systems are designed to protect data at rest - i.e. the drive is encrypted when powered down, but unencrypted fully once authenticated.

Your scenario would be better served using either NTFS file permissions (i.e. the account running the service that needs to run the software) or perhaps EFS?

You can still use alternative Encryption solutions for boot-time protection - it's whether they are supported on Windows Embedded isn't clear -

You could look at something like Spyrus SPD - effectively, you'd run your whole Windows CE environment from a fash,encrypted USB Pen-drive which enables you to lock it etc?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 35381956
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question