I am working on building an encryption solution for novice Windows users who do not have administrator privileges on the machines they use. Giving the users admin access is not an option because of the environment they work in.
I have explored a couple of different technologies and I would like to hear what other people have done. Do you know of any good technologies for this problem?
The encryption solution would primarily be used for safely storing files on USB flash drives that are carried between work locations, but it might also be used for safe storage on laptop and office computers.
I am a big fan of TrueCrypt and have had a lot of success creating encrypted containers on USB drives. But TrueCrypt requires an admin account to install and run the software, so these users can’t use it. It seems that most encryption solutions also require administrator privileges.
I have tried FreeOTFE, which offers a no-install version called FreeOTFE Explorer. This software can be copied to a USB drive and then run by a non-admin user. The user can created an encrypted container, mount it, and then drag files and folders into the container using an Explorer-like interface. So far, so good.
The problem with FreeOTFE Explorer is that the users cannot work with the files within the secure container. They can’t, for example, double click on a .doc file in the Explorer-like window and launch Word to edit the file. The only thing they can do with files in the secure container is extract them to an unsecure disk.
This means that a workflow using FreeOTFE Explorer would have to be something like:
- open the container
- extract the file to an unsecure disk
- edit and save the file
- copy the file back to the encrypted container, using an overwrite option
- removing the copy on the unsecure disk
This is overly cumbersome and likely to lead to insecurities if the unsecure disk is not kept clean. I would really like these novice users to be able to work with files in the same way they are used to on unsecure disks.
The other option I have looked at is encrypted USB flash drives. Some drives, such as the ones from IronKey, have hardware encryption technology that can be used without administrator privileges. I don’t own one of these but, as far as I can tell, their operation should be transparent and users should be able to click on their files to open applications in the usual way.
IronKey drives, and other similar hardware encryption drives, are expensive, with prices being 4-5 times that of a normal USB drive. However, they may be the best solution to my problem, at least for securing files on USB drives. They would not provide a solution for secure storage on laptop hard drives or desktop computers.
Do you of any other encryption solutions for users without administrator privileges? Please post a comment below.