Lock removable drives to domain/network with BitLocker

Question

I have a network/domain of PCs that users use and don't have administrative privileges. Occasionally, they copy some data to USB drives to move between machines.

I need to prevent data written to those drives from being accessible outside of the domain/network.

I know I can force BitLocker encryption onto all USB drives. But this doesn't prevent the user from taking the USB drive home and unlocking it there to copy the data to an unsecure machine.

I want the drive to only be unlockable using machines that are on the network.

Is this possible? Seeing as how all user accounts are regular non-administrator users, it sounds like it should be as simple as keeping the encryption key on some domain server and using it to unlock drives without ever letting the users access the key.

score -1 · Accepted Answer · answered Oct 05 '19 at 12:19

-1

Be glad, I wrote an article for that exact scenario: A new aspect to securing USB data: SID protectors

answered Oct 05 '19 at 12:19

Bernd Schwanenmeister

482
2
5

Can you explain, why that comment was rated negatively? It addresses exactly your problem, we use it. – Bernd Schwanenmeister Oct 06 '19 at 08:00
I didn't rate it negatively, your article was helpful and answered the question I had. – Matviy Kotoniy Oct 17 '19 at 22:00
Thank you for following up. – Bernd Schwanenmeister Oct 20 '19 at 20:41

Lock removable drives to domain/network with BitLocker

1 Answers1