0

I have a network/domain of PCs that users use and don't have administrative privileges. Occasionally, they copy some data to USB drives to move between machines.

I need to prevent data written to those drives from being accessible outside of the domain/network.

I know I can force BitLocker encryption onto all USB drives. But this doesn't prevent the user from taking the USB drive home and unlocking it there to copy the data to an unsecure machine.

I want the drive to only be unlockable using machines that are on the network.

Is this possible? Seeing as how all user accounts are regular non-administrator users, it sounds like it should be as simple as keeping the encryption key on some domain server and using it to unlock drives without ever letting the users access the key.

Improve this question

1 Answer 1

Reset to default
-1

Be glad, I wrote an article for that exact scenario: A new aspect to securing USB data: SID protectors

Improve this answer
3
  • Can you explain, why that comment was rated negatively? It addresses exactly your problem, we use it. Commented Oct 6, 2019 at 8:00
  • I didn't rate it negatively, your article was helpful and answered the question I had. Commented Oct 17, 2019 at 22:00
  • Thank you for following up. Commented Oct 20, 2019 at 20:41

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.