You are here

Disk Encryption without Admin rights - Does it exist?

10 posts / 0 new
Last post
derekthegeek
Offline
Last seen: 16 years 6 months ago
Joined: 2006-03-02 13:07
Disk Encryption without Admin rights - Does it exist?

Has anyone found a program that will encrypt/decrypt a USB disk that does not require admin privileges? TrueCrypt looks like a great program but I really need to be able to use my USB flash drive from public machines where I can be guaranteed of NOT having admin permissions. I don't want to carry around my drive without it being encrypted as I am sure I will lose it at some point. Has anyone come up with any workarounds, whether they be for TrueCrypt or another encryption program? Thanks.

- Derek

lazyart
Offline
Last seen: 18 years 2 months ago
Joined: 2006-08-13 11:53
http://portableapps.com/node/
derekthegeek
Offline
Last seen: 16 years 6 months ago
Joined: 2006-03-02 13:07
Thanks!

Thanks for the link lazyart. I am going to try and setup my drive as you describe. Part of what I will have to figure out is which files and folders contains the "private" data such as passwords and logins. Any tips on your setup and how it is working for you would be most appreciated.

lazyart
Offline
Last seen: 18 years 2 months ago
Joined: 2006-08-13 11:53
Well, for now I only have

Well, for now I only have the Tbird profiles folder encrypted. John has talked about revamping the directory structure of the apps here, letting them store their settings in a common area, which would be great.

Everytime you call EOC it will ask for a password, so encrypting folders in different places is no fun (enter it twice for each set of folders).

For the short term, I would suggest emailing yourself the stuff you want to save, or at least putting it in TBird's profile folder.

derekthegeek
Offline
Last seen: 16 years 6 months ago
Joined: 2006-03-02 13:07
Solution Found => DataTraveler Elite - Privacy Edition Review

Hi All,

For a little while now I have been looking for a solution to carry all my files and applications on a USB drive that was encrypted yet still allow me access on a machine that does not have administrative permisions. I think I have found a USB drive that may fit the bill.

I had two requirements ...

1) Security :: The USB drive had to have the ability to encrypt all of it's contents. If I lost the drive, I wanted to be assured that my information was going to be safe and unintelligable to anyone else. I was hoping for AES-128, or better yet, AES-256 encryption.

2) No Admin rights required :: I wanted the flexibility to use the drive both at home and work where I do have admin permissions, but also at places where I would not have, or any chance of, admin permissions. This would include libraries, Internet cafes, etc...

Though a lot of solutions exist for great encryption (e.g. TrueCrypt), they all had the same requirement in that they needed to have admin permissions on the computer where the USB drive was going to be used.

The Kingston DataTraveler Elite - Privacy Edition (DTE-PE) was the only USB drive I could find that claimed that admin rights were not required to encrpt/decrypt files. After some more reading (Amazon reviews, everythingUSB.com, and lot's of Google searches) it seemed like the DTE-PE was well received by most who reviewed it. What I was surprised to hear is that in the tests run to determine read/write performance of the drive, there was no noticable slow-down due to the encryption/decryption. The DTE-PE was actually a very fast drive as it turned out. According to Kingston's documentation the drive has a "built-in" encryption/decryption co-processor. The heavy lifting of the encryption /decryption process is evidently off loaded to this processor allowing the USB drive to reach the performance levels that people were seeing.

After reading the reviews I ordered the DTE-PE for ~$130 for 2 GB stick. This afternoon I setup my drive using Kingston's software (on the USB drive) using my home computer where I DO have admin access. After setting my username and password I then logged off the computer and logged in as a "general user" account. I specifically created this account to be part of the built in "Users" group and made sure it did not have admin level privileges. I inserted the DTE-PE drive and after it was recognized it prompted me for my password. After entering my password the Kingston icon showed up in the system tray and I was able to access the contents of my drive.

** One thing to keep in mind. Before ordering the DataTraveler Elite - Privacy Edition, I first ordered the DataTravler Elite USB drive. Notice no "Privacy Edition". The DataTraveler Elite (I will refer to it as "DTE"), had some extra features in that you could setup an encrypted partition and a non-encrypted partition. It also had the same "encryption/decryption" processor as the DTE-PE. All seemed fine, until I tried to access the encrypted partition of the DTE when logged in as my limited permissions "Test User" account. The Kingston software popped up a message box telling me that in order to access the encrypted partition of the DTE, I would need an account with admin rights. Not what I wanted.

In closing I want to mention that I am not in any way associated with Kingston nor do I stand gain anything financially from their success. I am just another user who has been looking for this functionality like many others in this forum. I just wanted to pass on my experiences.

If anyone can think of any other tests that I should run with the DTE-PE then give me a shout in the forums. I will be glad to perform whatever test I can time permitting. Also, I would be even happier if open source programs such as "TrueCrypt" would be able to function on machines without admin rights, but until they do I think this is the next best thing. Please feel free to follow up with any thoughts or suggestions!

- DerekTheGeek

P.S. Here are some of the review links I came across for the DataTraveler Elite - Privacy Edition

http://www.legitreviews.com/article/342/1/
http://www.everythingusb.com/kingston_data_traveler_elite_privacy_editio...
http://www.informationweek.com/hardware/desktop/183701795

lazyart
Offline
Last seen: 18 years 2 months ago
Joined: 2006-08-13 11:53
I was hoping you had seen my

I was hoping you had seen my post https://portableapps.com/node/2261#comment-13484 in time to cancel your purchase. Sad

derekthegeek
Offline
Last seen: 16 years 6 months ago
Joined: 2006-03-02 13:07
Thanks anyway

Not really a big deal. My wife is using the DataTraveler Elite as she doesn't need to access the non-admin systems I do. I can say that Kingston tech support didn't know what they were talking about. I asked specifically if the DataTraveler Elite required admin rights and they said no. My own tests proved otherwise.

PilotBill
Offline
Last seen: 16 years 1 week ago
Joined: 2005-12-09 20:53
Thanks,

Thanks for the review. Have you tried formatting the secure partition NTFS? I like NTFS for a number of reasons but two calls to Kingston yielded two different answeres. I have a Data Traveller II and it works well.
Bill

derekthegeek
Offline
Last seen: 16 years 6 months ago
Joined: 2006-03-02 13:07
Have not tried NTFS

I did not format the secure partition as NTFS. I did use the built in formatting applet that came installed with the drive but it did not give me an option for filesystem type. It formatted as FAT by default.

It sounds like you got the same high quality tech support that I got from Kingston.

derekthegeek
Offline
Last seen: 16 years 6 months ago
Joined: 2006-03-02 13:07
Followup - Windows Server 2003 R2 problem & solution

Just wanted to post that I have been using the drive for a week now and I am very pleased with it. I also wanted to post the solution for one problem I was having with the DataTraveler Elite - Privacy Edition and Windows 2003 Server R2.

I use Windows 2003 server R2 as my main workstation at work. Since we deploy most of our applications on Server 2003 we think it best to use the same platform to develop on. In any case I was unable to get the DTE-PE to work on my Server 2003 workstation. The CDFS portion of the drive would show up but I would be unable to launch the program "DTE_Privacy_Launcher.exe" that resided on it. This program provides the interface to enter the password for the drive. Without it you cannot access anything on the drive. I emailed Kingston support and asked if they had any ideas. They replied with the standard "we do not support Windows 2003 Server" mantra. After some experimentation of my own I tried launching the program "DTE_Privacy_Launcher.exe" in WinXP compatability mode (right click on executable and select compatability tab, select WinXP from drop down list) and it worked fine. I only had to do this once and from now on my DTE-PE launches right away once plugged in. All this and I had admin permissions on the machine. Go figure..

Topic locked