Need To Encrypt A Partition


Caxtin

Active member
Member
Local time
8:13 AM
Posts
78
Visit site
OS
Microsoft Windows 11 Pro 64-bit 22631 Multiprocessor Free
I am consciously needing to lock ( Encrypt ) a partition. I created a small partition to play encryption with.
My goal is to encrypt just that partition ( Z:\ ). I am confused in what comes up.
Explanation please !!!
Cheers
 
Windows Build/Version
Windows 11 Pro 64Bit / 24H2 (26100.2454)

Attachments

  • Encrypt01.webp
    Encrypt01.webp
    13.8 KB · Views: 1
  • Encrypt02.webp
    Encrypt02.webp
    31.8 KB · Views: 1

My Computers

System One System Two

  • OS
    Microsoft Windows 11 Pro 64-bit 22631 Multiprocessor Free
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell. Precision Tower 5810
    CPU
    Intel(R) Xeon(R) CPU E5-1607 v3 @ 3.10GHz
    Motherboard
    Dell Inc. Base Board. 0K240Y
    Memory
    Total: 16.00 GB Usable: 15.92 GB
    Graphics Card(s)
    NVIDIA Quadro K2200. Quadro K2200.
    Sound Card
    Sound Blaster Audigy Fx. NVIDIA High Definition Audio - Integrated
    Monitor(s) Displays
    Dell Monitors SE2417HG
    Screen Resolution
    1920 x 1080
    Hard Drives
    1TB ATA CT1000BX500SSD1 SCSI Disk Device
    2TB ATA ST2000DM008-2FR1 SCSI Disk Device
    2TB ATA ST31500341AS SCSI Disk Device
    Keyboard
    Dell Keyboard
    Mouse
    Vertical Wireless Mouse - 2.4GHz Optical Vertical Mice : 3 Adjustable DPI 800/1200/1600 Levels
    Internet Speed
    945 Mbs (Down) 32 Mbs (Up)
    Browser
    Google Chrome. Firefox. Opera.
    Antivirus
    Windows Defender
    Other Info
    TP-Link Gigabit PCI Express Adapter (Ethernet 802.3)
    Sophos TAP Adapter Provider (Ethernet 802.3)
  • Operating System
    Microsoft Windows 11 Home 64-bit. 22631 Multiprocessor Free
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15-3530
    CPU
    13th Gen Intel(R) Core(TM) i7-1355U
    Motherboard
    Dell Inc. 0122F5
    Memory
    Total Memory: 16.00 GB Usable Memory: 15.69 GB
    Graphics card(s)
    Intel(R) Iris(R) Xe Graphics
    Sound Card
    (1) Intel® Smart Sound Technology for Bluetooth® Audio (2) Intel® Smart Sound Technology for USB Audio (3) Realtek Audio
    Monitor(s) Displays
    Integrated
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe PC SN740 NVMe WD 512GB
    PSU
    Integrated
    Mouse
    Integrated
    Keyboard
    Integrated
    Internet Speed
    143 Mbs Down / 43 Mbs Up
    Browser
    Google Chrome . Firefox
    Antivirus
    Windows Defender
If it's an older partition that has areas where files have been deleted, encrypting the entire drive might be what you want as areas that contain information from deleted files would also be encrypted.

If it's a new partition where you haven't deleted anything yet, encrypting only the current files would be much faster.

No matter which choice you make, new data is encrypted dynamically as you add, modify, or delete it.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 9640
    CPU
    Intel Core Ultra 9 185H
    Memory
    32GB LPDDR5x 7467 MT/s
    Graphics Card(s)
    NVIDIA GeForce RTX 4070 8GB GDDR6
    Monitor(s) Displays
    16.3 inch 4K+ OLED Infinity Edge Touch
    Screen Resolution
    3840 x 2400
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    960 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft PowerToys
    Macrium Reflect X subscription
    Dell Support Assist
    Dell Command | Update
    LastPass Password Manager
    Amazon Kindle for PC
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
    BitLocker
    CoPilot
If it's an older partition that has areas where files have been deleted, encrypting the entire drive might be what you want as areas that contain information from deleted files would also be encrypted.

If it's a new partition where you haven't deleted anything yet, encrypting only the current files would be much faster.

No matter which choice you make, new data is encrypted dynamically as you add, modify, or delete it.
Ok, this is a new encryption knowledge for me.
This partition I showed is new in an older drive, created just for a test run.

1. The files I need to encrypt will not be up to 100mb and about ten or twenty of them.
Wouldn't encrypting the individual files be more cumbersome?
2. I would like to store them in one new small partition or in a folder in an existing partition.
3. Or, in a low profile USB flash drive, plug it to PC, encrypt the drive, and just leave the drive there?

Once in a while, I backup my drives to an external drive.
4. What would encryption do to a backed up Folder, Partition or Image in an external drive?
5. If I were to use a USB flash drive, would any file system be better ( Fat32 / NTFS )?
 
Last edited:

My Computers

System One System Two

  • OS
    Microsoft Windows 11 Pro 64-bit 22631 Multiprocessor Free
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell. Precision Tower 5810
    CPU
    Intel(R) Xeon(R) CPU E5-1607 v3 @ 3.10GHz
    Motherboard
    Dell Inc. Base Board. 0K240Y
    Memory
    Total: 16.00 GB Usable: 15.92 GB
    Graphics Card(s)
    NVIDIA Quadro K2200. Quadro K2200.
    Sound Card
    Sound Blaster Audigy Fx. NVIDIA High Definition Audio - Integrated
    Monitor(s) Displays
    Dell Monitors SE2417HG
    Screen Resolution
    1920 x 1080
    Hard Drives
    1TB ATA CT1000BX500SSD1 SCSI Disk Device
    2TB ATA ST2000DM008-2FR1 SCSI Disk Device
    2TB ATA ST31500341AS SCSI Disk Device
    Keyboard
    Dell Keyboard
    Mouse
    Vertical Wireless Mouse - 2.4GHz Optical Vertical Mice : 3 Adjustable DPI 800/1200/1600 Levels
    Internet Speed
    945 Mbs (Down) 32 Mbs (Up)
    Browser
    Google Chrome. Firefox. Opera.
    Antivirus
    Windows Defender
    Other Info
    TP-Link Gigabit PCI Express Adapter (Ethernet 802.3)
    Sophos TAP Adapter Provider (Ethernet 802.3)
  • Operating System
    Microsoft Windows 11 Home 64-bit. 22631 Multiprocessor Free
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15-3530
    CPU
    13th Gen Intel(R) Core(TM) i7-1355U
    Motherboard
    Dell Inc. 0122F5
    Memory
    Total Memory: 16.00 GB Usable Memory: 15.69 GB
    Graphics card(s)
    Intel(R) Iris(R) Xe Graphics
    Sound Card
    (1) Intel® Smart Sound Technology for Bluetooth® Audio (2) Intel® Smart Sound Technology for USB Audio (3) Realtek Audio
    Monitor(s) Displays
    Integrated
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe PC SN740 NVMe WD 512GB
    PSU
    Integrated
    Mouse
    Integrated
    Keyboard
    Integrated
    Internet Speed
    143 Mbs Down / 43 Mbs Up
    Browser
    Google Chrome . Firefox
    Antivirus
    Windows Defender
Ok, this is a new encryption knowledge for me.
This partition I showed is new in an older drive, created just for a test run.

1. The files I need to encrypt will not be up to 100mb and about ten or twenty of them.
Wouldn't encrypting the individual files be more cumbersome?
I would be surprised if encryption of those few files took longer than a few seconds.
2. I would like to store them in one new small partition or in a folder in an existing partition.
When you copy files from an encrypted partition, they are no longer encrypted. Unless, of course, you encrypt the destination partition.
3. Or, in a low profile USB flash drive, plug it to PC, encrypt the drive, and just leave the drive there?
I back up my encrypted C: drive to a Samsung 4TB portable SSD using Macrium Reflect. The destination SSD has been encrypted with BitLocker To Go so the backup is again encrypted.
Once in a while, I backup my drives to an external drive.
4. What would encryption do to a backed up Folder, Partition or Image in an external drive?
When files are copied from an encrypted drive, they are no longer encrypted.
5. If a USB flash drive, would any file system be better ( Fat32 / NTFS )?
Flash drives almost always use Fat32. If you copy files from a BitLocker encrypted drive to a USB Flash Drive, the files would be automatically decrypted and the files now on the USB drive would not be encrypted.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 9640
    CPU
    Intel Core Ultra 9 185H
    Memory
    32GB LPDDR5x 7467 MT/s
    Graphics Card(s)
    NVIDIA GeForce RTX 4070 8GB GDDR6
    Monitor(s) Displays
    16.3 inch 4K+ OLED Infinity Edge Touch
    Screen Resolution
    3840 x 2400
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    960 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft PowerToys
    Macrium Reflect X subscription
    Dell Support Assist
    Dell Command | Update
    LastPass Password Manager
    Amazon Kindle for PC
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
    BitLocker
    CoPilot
Windows and the applications you use to access the data stored on the encrypted partition typically will write plaintext versions of this data in various storage locations outside the encrypted partition such as the page file, cache files, temporary files, etc.. As a result, to the average user, the kind of protection that you describe almost always turns out to be really nothing more than just an illusion. Device Encryption and BitLocker Drive Encryption are features of Windows that can be used to let all of the drives be encrypted, but now we are assuming that you know your stuff about these (and how to use them). When I say "in various storage locations", what I factually mean is, even if all your internal/fixed drives are protected with BitLocker, you still have to factor all your other types of storage (e.g., external/removable storage, network storage, etc.) also properly into the equation. Among multiple other data security subtopics.
 

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming F16 (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
What @hdmi says is true. To mitigate these risks, you should enable BitLocker on the entire system drive, which would include page file, cache files, temporary files, etc..

You might also be confusing Drive Encryption with File Encryption.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 9640
    CPU
    Intel Core Ultra 9 185H
    Memory
    32GB LPDDR5x 7467 MT/s
    Graphics Card(s)
    NVIDIA GeForce RTX 4070 8GB GDDR6
    Monitor(s) Displays
    16.3 inch 4K+ OLED Infinity Edge Touch
    Screen Resolution
    3840 x 2400
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    960 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft PowerToys
    Macrium Reflect X subscription
    Dell Support Assist
    Dell Command | Update
    LastPass Password Manager
    Amazon Kindle for PC
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
    BitLocker
    CoPilot
Am glad I asked sent out the original post. I sure have learned a lot from the two of you with respect to encryption. Sometimes the English langues becomes a hindrance to me in expressing exactly what I need or want.

Currently, I have a USB flash drive I use to save my personal file. When I need something there, I would have to go get the flash drive, plug it into the PC, view a file or two, get what I need, Safely Remove the drive, go and put it back where I have it hidden ( stored ) Now I feel I have gotten older, I thought it would be nice to just have these file attached to the PC, view as I wish. Sometimes, I copy or overwrite a file or two, and that's it. I just remember I don't even have a backup of them, so as not to be in two different places.

I had previously created a small partition, moved the files in this partition, then hide it with my disk software. The only issue is, anyone can just unhide it with the app.

I don't need anything in my PC encrypted ( protected ), except the files I have in the USB I mentioned above.
Also, I would rather not encrypt individual files. I would only like to encrypt where the files are.

I really appreciate you guy's helping me on this issue.
 

My Computers

System One System Two

  • OS
    Microsoft Windows 11 Pro 64-bit 22631 Multiprocessor Free
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell. Precision Tower 5810
    CPU
    Intel(R) Xeon(R) CPU E5-1607 v3 @ 3.10GHz
    Motherboard
    Dell Inc. Base Board. 0K240Y
    Memory
    Total: 16.00 GB Usable: 15.92 GB
    Graphics Card(s)
    NVIDIA Quadro K2200. Quadro K2200.
    Sound Card
    Sound Blaster Audigy Fx. NVIDIA High Definition Audio - Integrated
    Monitor(s) Displays
    Dell Monitors SE2417HG
    Screen Resolution
    1920 x 1080
    Hard Drives
    1TB ATA CT1000BX500SSD1 SCSI Disk Device
    2TB ATA ST2000DM008-2FR1 SCSI Disk Device
    2TB ATA ST31500341AS SCSI Disk Device
    Keyboard
    Dell Keyboard
    Mouse
    Vertical Wireless Mouse - 2.4GHz Optical Vertical Mice : 3 Adjustable DPI 800/1200/1600 Levels
    Internet Speed
    945 Mbs (Down) 32 Mbs (Up)
    Browser
    Google Chrome. Firefox. Opera.
    Antivirus
    Windows Defender
    Other Info
    TP-Link Gigabit PCI Express Adapter (Ethernet 802.3)
    Sophos TAP Adapter Provider (Ethernet 802.3)
  • Operating System
    Microsoft Windows 11 Home 64-bit. 22631 Multiprocessor Free
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15-3530
    CPU
    13th Gen Intel(R) Core(TM) i7-1355U
    Motherboard
    Dell Inc. 0122F5
    Memory
    Total Memory: 16.00 GB Usable Memory: 15.69 GB
    Graphics card(s)
    Intel(R) Iris(R) Xe Graphics
    Sound Card
    (1) Intel® Smart Sound Technology for Bluetooth® Audio (2) Intel® Smart Sound Technology for USB Audio (3) Realtek Audio
    Monitor(s) Displays
    Integrated
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe PC SN740 NVMe WD 512GB
    PSU
    Integrated
    Mouse
    Integrated
    Keyboard
    Integrated
    Internet Speed
    143 Mbs Down / 43 Mbs Up
    Browser
    Google Chrome . Firefox
    Antivirus
    Windows Defender
Just noticed this from the app.
 

Attachments

  • Encryption.webp
    Encryption.webp
    44.1 KB · Views: 1

My Computers

System One System Two

  • OS
    Microsoft Windows 11 Pro 64-bit 22631 Multiprocessor Free
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell. Precision Tower 5810
    CPU
    Intel(R) Xeon(R) CPU E5-1607 v3 @ 3.10GHz
    Motherboard
    Dell Inc. Base Board. 0K240Y
    Memory
    Total: 16.00 GB Usable: 15.92 GB
    Graphics Card(s)
    NVIDIA Quadro K2200. Quadro K2200.
    Sound Card
    Sound Blaster Audigy Fx. NVIDIA High Definition Audio - Integrated
    Monitor(s) Displays
    Dell Monitors SE2417HG
    Screen Resolution
    1920 x 1080
    Hard Drives
    1TB ATA CT1000BX500SSD1 SCSI Disk Device
    2TB ATA ST2000DM008-2FR1 SCSI Disk Device
    2TB ATA ST31500341AS SCSI Disk Device
    Keyboard
    Dell Keyboard
    Mouse
    Vertical Wireless Mouse - 2.4GHz Optical Vertical Mice : 3 Adjustable DPI 800/1200/1600 Levels
    Internet Speed
    945 Mbs (Down) 32 Mbs (Up)
    Browser
    Google Chrome. Firefox. Opera.
    Antivirus
    Windows Defender
    Other Info
    TP-Link Gigabit PCI Express Adapter (Ethernet 802.3)
    Sophos TAP Adapter Provider (Ethernet 802.3)
  • Operating System
    Microsoft Windows 11 Home 64-bit. 22631 Multiprocessor Free
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15-3530
    CPU
    13th Gen Intel(R) Core(TM) i7-1355U
    Motherboard
    Dell Inc. 0122F5
    Memory
    Total Memory: 16.00 GB Usable Memory: 15.69 GB
    Graphics card(s)
    Intel(R) Iris(R) Xe Graphics
    Sound Card
    (1) Intel® Smart Sound Technology for Bluetooth® Audio (2) Intel® Smart Sound Technology for USB Audio (3) Realtek Audio
    Monitor(s) Displays
    Integrated
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe PC SN740 NVMe WD 512GB
    PSU
    Integrated
    Mouse
    Integrated
    Keyboard
    Integrated
    Internet Speed
    143 Mbs Down / 43 Mbs Up
    Browser
    Google Chrome . Firefox
    Antivirus
    Windows Defender
Others have already given you some excellent answers, all I want to do is summarize and clarify the points that were already made...

1) Let's start with the question of whether to encrypt used space only or the entire disk. If you choose to encrypt used space only then all of the data on your partition will be encrypted EXCEPT for unused areas of the disk. So, let's say that you had a partition that you had used previously and you now delete a bunch of data. Bear in mind that simply deleting data does not physically wipe if from the drive. It is possible to use recovery tools to retrieve such data. If you are concerned about this, then encrypt the entire drive. If you do not have previous data on the drive that you are concerned about, simply encrypt the used space only. No matter which option you select, all the used space will be encrypted and any new data that you add to the partition will be encrypted on the fly.

2) Once data is encrypted, decryption happens automatically and transparently. For example, suppose you want to open a Word document. You do not need to do anything special at all. Once the drive is unlocked, any attempt to access encrypted data results in that data being decrypted on the fly as you access it without you ever even needing to know whether that data was encrypted or not. In other words, you do nothing differently than you would do on any drive, encrypted or not. Just as with any operation that accesses files, if you want to copy files to another location, then the file(s) will become decrypted on the fly as they are accessed and then will be stored on the destination decrypted. The one exception is if the destination is itself encrypted. In that case the file(s) will be decrypted on the fly and then re-encrypted using the encryption appropriate for the destination.

Since it sounds like you are new to BitLocker, some suggestions:

Create a small test partition. Turn on BitLocker on that partition. Copy some unimportant data to this partition and simply experiment to get familiar with it, although there is really not much to see. But this at least gives you a risk free way to experiment. Also, make 100% sure that you save the BitLocker key! When you turn on BitLocker, it will force you to save the key. Make sure to keep it in a safe place where you can easily get to it but no one else can.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Kamrui Mini PC, Model CK10
    CPU
    Intel i5-12450H
    Memory
    32GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    1 x 4TB 2.5" SSD
    PSU
    120W "Brick"
    Keyboard
    Corsair K70 Mechanical Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
To mitigate these risks, you should enable BitLocker on the entire system drive, which would include page file, cache files, temporary files, etc..
The page file is located on the operating system drive indeed, but some of cache files and temporary files can potentially be written elsewhere, e.g., on a secondary drive like on a separate physical disk. Similarly, backup software may create backup copies of these same cache files and temporary files, etc..

Just trust me about it, you'd be terribly surprised at how many different storage locations end up containing (partial) copies of sensitive data on an average Windows PC. They're very often almost everywhere.

So, to prevent these kinds of compromisations from happening inadvertently, one could consider to restrict write access on every non-encrypted drive, but that won't be easy to achieve on volumes with the kind of filesystem that cannot be used to set up permissions like NTFS can be, such as FAT32 or exFAT, for example. Even if you unplug all your non-encrypted USB drives, various portions of your sensitive data may still be written to them after you plug them back in. The assumption that all the applications you use will always ask you for your consent is just that. An assumption.

As an alternative choice to setting up NTFS permissions to achieve this goal, Virtual Machines can be set up in such a way that restricts write access on non-encrypted drives i.e. for those specific processes that will be running on the Virtual Machines, but it's not straightforward, as security hardening and isolation are not what Virtual Machines are primarily intended for. Isolation features like Windows Sandbox and isolation software like Sandboxie-Plus might be better suited for this purpose, and, if running Windows on a Virtual Machine, then it also becomes possible to consider using some kind of combined strategy/approach like using the Virtual Machine's own featureset in conjunction with one or more of the aforementioned sandbox technology choices. Either way, it still isn't straightforward to the average user.

That's why, to the average user, choosing to let all drives be encrypted with BitLocker Drive Encryption or with Device Encryption is usually recommended. That is, in addition to utilizing, and understanding how to utilize, other data security principles that are also critically important to solidify your strategy, as opposed to relying on little more than flawed conclusions the flaws of which are typically getting ignored as a result of (also typically) shifting the focus of attention toward the only concept of data encryption technology.
 
Last edited:

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming F16 (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
Back
Top Bottom