Encrypted USB drives which don't require installation or admin rights

Mark R

Diamond Member
Oct 9, 1999
8,513
16
81
I'm looking for some form of secure USB drive that will work on any PC and which does not require any form of installation or elevated privileges.

Basically, I'm trying to sort out a way of transferring (non-confidential) data between 2 PCs at work, and the IT department are being completely obstructive.

Essentially, part of my job description is to provide regular educational seminars and lectures for junior staff. To illustrate my talks I need images (appropriately redacted) but which are sourced from our confidential data system.

The problem is that all the PCs at work are set up not to recognise USB drives, except those models which the IT department have approved as secure. Any other USB stick is simply not detected. IT will not budge on this policy. I've already taken it to my manager, and it's gone up the chain to the CIO, who has basically said "No exceptions". I've even tried e-mailing it after redacting the images in windows paint. But, hotmail, gmail, hushmail, etc. are all blocked.

The problem is that the seminar room PCs are managed by the audio-visual tech department (not IT) who contract out the IT management. These PCs are locked down tight, with basically nothing except powerpoint, media player and quicktime. The problem is that they won't run secure USB sticks, as the software won't install and anyway, the IT manager for them has said that they will not support the PCs if any unauthorised software (including the USB stick drivers) is installed. Again, I've tried to get this sorted - but they will not budge.

So, I'm basically trying to find a stick that will work in both PCs. If I can find one, hopefully, I can get IT to change their software to allow it. As it is, I have to bring in my laptop. Save the data to a secure USB stick, load it on my laptop. Redact the data on my laptop. Then save to a normal stick, for the seminar. IT don't know about this, but seeing as they will not help, I don't know what else to do. At least my laptop has FDE, so the unredacted data should be safe.

A further part of the problem is that IT has disabled the 'screen capture' function in the software - on 'data security' grounds. The thing is, the built in screen capture, automatically redacts any confidential data *before* capturing the screen, meaning that the captured image contains no confidential data. Instead, I have to use the 'print screen' key and paste the image into windows paint. This doesn't change the USB issue though.
 

Blazer7

Golden Member
Jun 26, 2007
1,136
12
81
Have you tried TrueCrypt? You can create a traveler disk with TrueCrypt and create a secure container on that disk. You can then access the secure container by executing TrueCrypt. You can create a batch file that always assigns a specific drive letter to the encrypted container. You can also modify autorun.inf if you want the same to be performed automatically although with what you have mentioned about your IT dpt autorun is probably disabled everywhere. Anyways, none of the above requires for the program to be installed in the PC. TrueCrypt is open source and quite easy to use. I've used it extensively without any problems.
 

Mark R

Diamond Member
Oct 9, 1999
8,513
16
81
Have you tried TrueCrypt? You can create a traveler disk with TrueCrypt and create a secure container on that disk. You can then access the secure container by executing TrueCrypt. You can create a batch file that always assigns a specific drive letter to the encrypted container. You can also modify autorun.inf if you want the same to be performed automatically although with what you have mentioned about your IT dpt autorun is probably disabled everywhere. Anyways, none of the above requires for the program to be installed in the PC. TrueCrypt is open source and quite easy to use. I've used it extensively without any problems.

Tried it. Doesn't work.

Even in 'traveller mode' Truecrypt still needs admin rights to run.

And anyway, it still doesn't help. If a stick isn't on IT's list of approved USB sticks, it doesn't get detected by the PCs. Doesn't get a drive letter, files don't show up, nada.

IT have said they will not accept software encryption. They will only accept hardware encryption. However, if I can find a suitable stick they will add it to their security policy, so that it can be used on the PCs.
 

Mark R

Diamond Member
Oct 9, 1999
8,513
16
81
Why don't you just have the IT department get you one of the approved USB drives?

I already have one, but it doesn't work in the training rooms because the drivers aren't installed and the AV department won't install them.

So, I have to take the encrypted stick home (or bring in my laptop), and copy the data to a non-encrypted stick.
 

Blazer7

Golden Member
Jun 26, 2007
1,136
12
81
Is there the possibility of having the AV dpt get you an approved stick instead? Is there anything that the AV and IT dpts agree on when it comes to secure devices?
 

VirtualLarry

No Lifer
Aug 25, 2001
56,570
10,199
126
This sounds ridiculous that there are effectively two separate IT depts for the organization, and their policies don't agree.