locked
Wndows 8 To Go: Encrypt the USB

    Question

  • Under Win8 to go will the document store on the USB be encrypted?

    If not what mechanisims will be avilable to ensure local data is secured? No good having a 'To Go' OS if the data on the stick is 'open' when I lose the stick - an assume that at some point you WILL lose it, its a statistical certainty.

    cheers,

    Richard

    Wednesday, September 21, 2011 11:20 AM

Answers

  • On Thu, 22 Sep 2011 15:12:21 +0000, FearofWeapons wrote:

    And if you are booting from the WTG USB how would you get the password entered? The key would be encrypted, so could not boot to enter the pwd so that it could boot so that you could enter the pwd!!!!!!

    I think you would at least need two partitions and point your document store to a second partition that is bitlockered.

    Exactly the same way one does this when booting from a normal hard drive.
    The System Reserved partition is created during a default install
    specifically to support Bitlocker.

    http://blogs.technet.com/b/uspartner_ts2team/archive/2010/03/13/what-is-the-windows-server-2008-r2-windows-7-system-reserved-partition.aspx


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca
    Maybe Computer Science should be in the College of Theology.  -- R. S.
    Barton

    • Marked as answer by FearofWeapons Tuesday, September 27, 2011 11:47 AM
    Friday, September 23, 2011 12:47 PM

All replies

  • On Wed, 21 Sep 2011 11:20:53 +0000, FearofWeapons wrote:

    Under Win8 to go will the document store on the USB be encrypted?

    It is really a full copy of the OS so there's no reason the EFS shouldn't
    be supported.


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca
    The Geeks shall inherit the earth!

    Wednesday, September 21, 2011 11:23 AM
  • A windows to go drive can be encypted by running Bitlocker - can be found in control panel. This will encrypt the drive and assign a user created password. This works the same way on WTG as it does on regular windows.

    Wednesday, September 21, 2011 7:55 PM
  • A windows to go drive can be encypted by running Bitlocker - can be found in control panel. This will encrypt the drive and assign a user created password. This works the same way on WTG as it does on regular windows.

    Wouldn't trying to load from a Bitlocker-encrypted drive cause problems when it wasn't used with the same TPM chip?
    Wednesday, September 21, 2011 8:04 PM
  • On Wed, 21 Sep 2011 20:04:45 +0000, JHoff80 wrote:

    Wouldn't trying to load from a Bitlocker-encrypted drive cause problems when it wasn't used with the same TPM chip?

    Keep in mind that Bitlocker does not have to use a TPM.


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca
    In computer science, we stand on each other's feet.  -- Brian Reid

    Wednesday, September 21, 2011 8:53 PM
  • And if you are booting from the WTG USB how would you get the password entered? The key would be encrypted, so could not boot to enter the pwd so that it could boot so that you could enter the pwd!!!!!!

    I think you would at least need two partitions and point your document store to a second partition that is bitlockered.

    However the user should not have to know any of this - the USB stick should be secure by design, deployment and default. Any data I write to that stick should be encrypted; IE cookies, my word docs or my mail store.

    I do hope this issue is being given serious thought and being addressed. If it is not addressed in this release please release a time table when it will be.

    Thursday, September 22, 2011 3:12 PM
  • On Thu, 22 Sep 2011 15:12:21 +0000, FearofWeapons wrote:

    And if you are booting from the WTG USB how would you get the password entered? The key would be encrypted, so could not boot to enter the pwd so that it could boot so that you could enter the pwd!!!!!!

    I think you would at least need two partitions and point your document store to a second partition that is bitlockered.

    Exactly the same way one does this when booting from a normal hard drive.
    The System Reserved partition is created during a default install
    specifically to support Bitlocker.

    http://blogs.technet.com/b/uspartner_ts2team/archive/2010/03/13/what-is-the-windows-server-2008-r2-windows-7-system-reserved-partition.aspx


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca
    Maybe Computer Science should be in the College of Theology.  -- R. S.
    Barton

    • Marked as answer by FearofWeapons Tuesday, September 27, 2011 11:47 AM
    Friday, September 23, 2011 12:47 PM
  • Paul,

    many thanks for that.

    Tuesday, September 27, 2011 11:47 AM