Main menu:


Site search:

RSS Feeds

Email Subscription
Your email address:

 

Categories

Most Viewed

Recent Comments

Archive

Encryption Without Administrator Privileges?

I am working on building an encryption solution for novice Windows users who do not have administrator privileges on the machines they use. Giving the users admin access is not an option because of the environment they work in.

I have explored a couple of different technologies and I would like to hear what other people have done. Do you know of any good technologies for this problem?

The encryption solution would primarily be used for safely storing files on USB flash drives that are carried between work locations, but it might also be used for safe storage on laptop and office computers.

I am a big fan of TrueCrypt and have had a lot of success creating encrypted containers on USB drives. But TrueCrypt requires an admin account to install and run the software, so these users can’t use it. It seems that most encryption solutions also require administrator privileges.

I have tried FreeOTFE, which offers a no-install version called FreeOTFE Explorer. This software can be copied to a USB drive and then run by a non-admin user. The user can created an encrypted container, mount it, and then drag files and folders into the container using an Explorer-like interface. So far, so good.

The problem with FreeOTFE Explorer is that the users cannot work with the files within the secure container. They can’t, for example, double click on a .doc file in the Explorer-like window and launch Word to edit the file. The only thing they can do with files in the secure container is extract them to an unsecure disk.

This means that a workflow using FreeOTFE Explorer would have to be something like:

  • open the container
  • extract the file to an unsecure disk
  • edit and save the file
  • copy the file back to the encrypted container, using an overwrite option
  • removing the copy on the unsecure disk

This is overly cumbersome and likely to lead to insecurities if the unsecure disk is not kept clean. I would really like these novice users to be able to work with files in the same way they are used to on unsecure disks.

The other option I have looked at is encrypted USB flash drives. Some drives, such as the ones from IronKey, have hardware encryption technology that can be used without administrator privileges. I don’t own one of these but, as far as I can tell, their operation should be transparent and users should be able to click on their files to open applications in the usual way.

IronKey drives, and other similar hardware encryption drives, are expensive, with prices being 4-5 times that of a normal USB drive. However, they may be the best solution to my problem, at least for securing files on USB drives. They would not provide a solution for secure storage on laptop hard drives or desktop computers.

Do you of any other encryption solutions for users without administrator privileges? Please post a comment below.

Comments

Pingback from Andrew Patrick » Encryption Without Administrator Privileges? | upxy
Time: October 23, 2009, 1:33 pm

[…] More:  Andrew Patrick » Encryption Without Administrator Privileges? […]

Comment from Ron
Time: October 26, 2009, 7:15 am

What about a secure USB flash drives with a central management, how does this effect your plan?

Comment from Andrew
Time: October 26, 2009, 7:57 am

@Ron Yes, the Sandisk Enterprise products look interesting and would be a good choice for an organization deploying a bunch of drives and seeking central management. The encryption function is only supported on Windows computers, however, so it would only be OK in a homogeneous OS environment. I am not sure how suitable the drives would be for ad-hoc usage in quantities of one or two, and they don’t seem to sell them through retail outlets.

Comment from Andrew
Time: October 26, 2009, 8:04 am

NOTE: Thanks to Alex at Rohos I was able to track down the problems I was having earlier to a bad USB flash drive. Testing on two different drives revealed that the program worked perfectly. I kept using the same drive because it has a logo on it that is meaningful for its user. I hate subtle hardware problems!

I have now successfully tried the Rohos Mini Drive software and it now runs fine on my Windows XP system.

Rohos works without admin privileges by installing a Rohos Disk Browser application on the flash drive. The user runs the program, enters their password, and then is able to browse the encrypted container.

Setup of the flash drive requires admin privileges and there were a couple of minor issues. By default, the program tries to create an NTFS container, but this does not work on FAT or FAT32 removable drives. Setting the container type to FAT32 during setup works fine.

Limited account users are able to use the encrypted container once it is created. By default, the container appears as Drive R:. It would be nice if an Explorer window automatically opened the new drive when it was mounted — now users have to navigate to Drive R: to view their protected files.

Other than those small issues, Rohos Mini Drive seems to provide the features I am looking for. I plan to adopt it and see how it does during regular use.

Comment from Andrew
Time: October 27, 2009, 12:18 pm

I picked-up an IronKey USB flash drive (the Basic model @ CAN$129.00 plus taxes and shipping for a 4GB model) and gave it a try. I did need to use an Administrator account for the initial setup otherwise it could not format the encrypted container. Otherwise, it works fine in a limited account once it is setup.

The device is easy to use. It appears as two drives to the system: a read-only CD drive containing control applications for Windows, Mac, and Linux; and a secured drive where you store your files. To unlock the drive you navigate to the appropriate CD drive letter and launch the control application. Once unlocked, the secure storage appears in Explorer as a new drive and files can be clicked on to launch the appropriate application.

Cross-platform support between Windows and OS X seems to be good, with a drive configured under Windows working fine on the Mac.

The IronKey also has some other serious security features, like a tamper-proof, waterproof case. It will also erase all the user data if a wrong password is given 10 times in a row, and it appears that this erasing can be made to be destructive or have the drive reusable after a reformat.

So, this seems to be an elegant, if somewhat expensive solution to encrypting files without administrator privileges.

Comment from CK
Time: December 25, 2009, 6:54 am

Have you looked at The Vault? http://www.freesoftwaretoolbox.com/thevault/

Comment from Patrick
Time: January 5, 2010, 5:20 pm

I am looking for that kind of software – encryption solutions for USB drive without administrator privileges

I have found these

Rohos Mini Drive (limit 2GB)
PenProtect
USB Secure
Steganos Safe
BCarchive
USB Flash Security
(Hex probe) Disk Encryption Tool

Anyone knows one of these? (I have used Rohos Mini Drive)
Who knows other good USB (password ) encryption software???

Comment from Fulllist
Time: June 8, 2010, 5:57 am

http://otfedb.sdean12.org/ has a list of all USB flash encryption software – there’s a lot of options!

Write a comment






− seven = 2