2

I have encrypted a removable drive with Bitlocker to go. I will be giving this drive to another party and want to effectively prohibit this person's ability to write to this drive. This person should only be able to read the data after entering a password.

I believe that by use of group policies I can do this, however I'm confused about policies.

Is what I want to do possible?

If so I would appreciate a bit of guidance.

Thank you!

bob123
  • 21
  • 2
  • I doubt group policies are going to do anything useful for you. Group Policies apply to users/computers with a domain. It doesn't do anything to protect a USB device if it is connected to a computer not within the domain. – Zoredache Jan 22 '13 at 21:01

1 Answers1

1

Group Policy Objects won't help here. GPO's are applied to computers, not individual devices. To be able to trust that a GPO is applied and being enforced, you have to have control of the domain the computer belongs to. I doubt this is the case here.

There is nothing you can do to prevent someone from editing the contents of a flash drive connected to a PC you don't control.

Some flash drives have a write-protect switch that you could physically break off, but that doesn't prevent someone from digging in there with a paperclip.

And let's not forget that once the file is opened, there is nothing to prevent them from copying the file to their PC and editing the file there. A read-only flash drive won't help you there.

longneck
  • 23,082
  • 4
  • 52
  • 86
  • Many thanks for your reply longneck. I'll just use a hash key based method to confirm no changes to files then -- two equivalent drives with hash keys of all files. – bob123 Jan 22 '13 at 21:51