If you don't want to install any software, other than the OS, and you don't want to spend any money, and dinky (and flimsy, btw) usb devices with built-on encryption aren't reliable, I can't see that you have another choice other than bitlocker.
Upgrade your last Win7Pro systems to something made in this decade and you're all set. Now, if you want to loosen the requirements, you could install something like TrueCrypt (yeah, reports of its demise are overblown): http://www.howtogeek.com/203708/3-alternatives-to-the-now-defunct-truecrypt-for-your-encryption-needs/ On Mon, Feb 6, 2017 at 3:12 PM, Ken Dibble <[email protected]> wrote: > Hi Folks, > > This is probably one of those issues where my requirements seem obvious and > common-sensical to me but not to the people who make hardware or software. > However, in the interest of developing a complete understanding of my > options: > > I am looking for recommendations for the simplest possible way to encrypt > USB thumb drives. "Simplest possible" means in reference to the end user. > > The sole purpose of the thumb drive is to provide offsite backup for > important files. > > The sole purpose of encrypting the thumb drive is to prevent access by > unauthorized people to the contents of the drive if the user loses it. > > Here are my requirements: > > 1. Must be usable by a "standard user" account: No administrative access > required. > > 2. Must not require software to be installed on the computer (installed on > the removable drive is okay). > > 3. Access should be available, ideally, simply by right-clicking the drive > in Windows Explorer and entering the password for the drive (like with > BitLocker). Less desirable would be for the user to have to manually execute > software residing on the drive before being given an interface in which to > enter the password. Anything more complicated than that, such as requiring > users to copy files to/from the drive, or carry out multiple steps to get to > the point where the password can be entered, is not acceptable. > > 3. The drive should work on any Windows computer of recent vintage, no > matter where it was initially set up. > > 4. Users cannot permanently turn the encryption off. > > 5. Ideally, the entire drive should be encrypted. > > I am prepared to accept that my staff will have to set up these drives > initially for the users. That's okay as long as, once that work's been done, > the drive functions as described above. And, of course, I can only set up > computers under my control, which is why I can't use a system that requires > software to be installed on every machine where the drive will be used. > > Here is what I've looked at: > > BitLocker > > Problems: only available on Windows 7 Ultimate, or later. Most of our > workstations are Windows 7 Ultimate, but some are Pro. Also, there are a > couple of points I'm not sure about with BitLocker: > > A. When an internal drive is encrypted on a computer, the user can check a > box to essentially turn off the encryption (that is, the drive will be > automatically decrypted when the computer is booted). I do not want the user > to be able to turn off the encryption on a thumb drive such that, if the > drive is inserted into another computer it is automatically decrypted. Does > BitLocker allow that? > > B. I am not sure that a drive encrypted with BitLocker on a Win 7 machine > will be accessible on a Win 10 machine, or vice versa. Does anyone have a > definitive answer on that point? > > LaCie Private - Public > > Problems: Does not work for "standard users", period. Also, requires the > drive to be formatted NTFS in order to encrypt more than 4 GB of space. > > Rohos > > Problems: Requires multiple steps for standard users to access; cannot > encrypt more than 4 GB under any circumstances. > > VeraCrypt > > Problems: Requires software to be installed on the machine. > > Hardware Encryption > > I took a visual look at the Corsair Flash Padlock drive. It's got dinky > little flashing lights and tiny little buttons. I can just imagine what will > happen when a user has to get into the drive by poking and punching tiny > little buttons with their fingernails while the drive is inserted into the > typical fragile USB slot. Not a winner... But are there other hardware > encryption options that don't suffer from this or other flaws? > > Of course, I am also looking for solutions that are free as in beer. But I > am willing to pay a reasonable one-time cost. No way would I pay a recurring > cost for a license to access a thumb drive. > > Any thoughts are welcome. > > Thanks! > > Ken Dibble > www.stic-cil.org > > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/cacw6n4s-fxhn4ichyzhstabrfqnfb21hsrhl71d5ob+7jrb...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
