NTFS encryption on portable storage

[mubs]

Is this possible? Or is the encrypted data tied to the system (GUID) that created the encryption? I'm traveling a bit these days for my consulting gigs, and miss my data. Clients provide laptops for use. I'd like to put my data on a high-capacity flash drive or a 2.5" HDD and encrypt it on my home desktop. Will I be able to retrieve this data in the field by just plugging it into the USB port of another XP machine?

Thanks.

 

[Adcadet]

Why not encrypt the USB drive? Check out TrueCrypt.

 

[Chewy509]

EFS encryption keys are tied to the user account, or more correctly the SID associated with the account.

In a domain setup, this generally isn't an issue as the keys will follow you around the domain... You'll be able to access your files freely, irrespective of the PC/Terminal you log in from.

In a workgroup setup, the keys are localised to the PC which creates them. So you'll only be able to access those files from the single PC...

A possible workaround in a workgroup environment, would be to export the keys from one PC, and import them into another. (See MS help for assistance, as I've only ever used EFS in domain environments).

 

[ddrueding]

I'll second TrueCrypt. Easy, fast, overkill, and free in all the good ways.

 

[mubs]

Thanks Chewy. MS would be my first choice, but I've heard NTFS encryption is very fussy about moving between systems.

Truecrypt looks good, gentlemen.

Thanks very much.

 

[Adcadet]

TrueCrypt requires that you run their application, with administrator privileges, to decrypt the volume. So if you don't have admin privileges, it won't work. I've been thinking about just using 7-zip's encryption to just created a compressed folder with all my personal stuff in it. And with 7-zip I can just create self extracting files and run 7-zip from the USB drive to re-compress/encrypt stuff.

I've been playing with a new 4GB USB drive, and really like http://portableapps.com

 

[ddrueding]

...and really like http://portableapps.com

That looks very cool. Thanks for the link

 

[mubs]

Adcadet, not true from my understanding. If Truecrypt is installed by an admin with execute rights for all, a non-Admin can execute Truecrypt and work with Truecrypt encrypted stuff.

Alternatively, if one has Admin rights, one can run Truecrypt directly without installing it and access encrypted data that way.

In my case, I'll have enough clout to demand one or the other (their choice), so it shouldn't be a problem.:-D

 

[Adcadet]

Adcadet, not true from my understanding. If Truecrypt is installed by an admin with execute rights for all, a non-Admin can execute Truecrypt and work with Truecrypt encrypted stuff.

And what if your admin doesn't want to install TrueCrypt? The problem with TrueCrypt from a USB drive is that you need to find computers that aren't too restricted by the admin. If you're using TrueCrypt on PCs you run, no problem; but if you're trying to use TrueCrypt on rather public computers that you don't control, it won't necessarily run.

I think.

 

[mubs]

I'm traveling a bit these days for my consulting gigs, and miss my data. Clients provide laptops for use.

In my case, I'll have enough clout to demand one or the other (their choice), so it shouldn't be a problem.:grin:

I won't be going anywhere near public computers! These'll be corporate desktops or laptops (most likely) running whatever the corporate standard is for firewall, av, etc.