3
I have a few dozen employee thumbdrives that carry sensitive information. We'll be using TrueCrypt to lock down these drives.
Each thumbdrive will typically be in a single employee's possession, and I would like for them to be able to change their own password at will. However, I would also like to make the encryption process as transparent as possible, by having a sort of 'master' keyfile for each drive placed on trusted machines. These trusted machines are secured with BitLocker, so I'm not worried about a third party getting their hands on them.
In essence, I'd like to be able to open the volume using EITHER:
- A password-protected keyfile that travels with the volume,
OR:
- A keyfile located in a known directory on a trusted machine, which will not require a password.
Is this doable without purchasing fobs for each employee?
I've come across that in the documentation, but it doesn't quite do everything I'd like. I want to keep the process as transparent as possible, so that the users aren't prompted to enter their password when plugging their stick into a trusted machine. Modifying the header on the container is a possible solution, but I'd like to avoid modifying the volume every time the stick is used on a trusted box. – Ed Penwell – 2013-02-12T14:16:27.057