Will Bitlocker stop other users from accessing my external drive? And will Synctoy still work?

[Halo Diehards]

I'm frustrated to learn that other users can access my external drive when they're logged into my pc. That external drive backs up all of the stuff that is kept private in my own user account. Does anyone know if I can use Bitlocker to protect my external drive so only my user account can access it?

If Bitlocker will do this, the next question is if Synctoy could still perform backups?

I've spent hours trying to find a solution for this, so any infos appreciated!

 

[Snipergod87]

The drive will need to be decrypted for the backup's to take place. Try encrypting the backups with your backup software instead. Also if anyone else is an administrator of your computer they can see inside your user profile no problem.

 

[Halo Diehards]

The drive will need to be decrypted for the backup's to take place. Try encrypting the backups with your backup software instead. Also if anyone else is an administrator of your computer they can see inside your user profile no problem.

Yeah, nobody will be administrator except me. My scenario would mostly be for guests; it's my home setup.

I read somewhere that Synctoy would work with Bitlocker, but no instructions. The inference was that once Bitlocker's password was put in, that Synctoy would work, but I really need to know upfront if it works before messing about with any of that. If this is the case, I also need to know if Bitlocker stops other user accounts from accessing it, because if it doesn't this isn't my solution anyways.

 

[Snipergod87]

I am not 100% sure if it does, however if I remember correctly you can encrypt folders to a specific user account. So you could do that for the external HDD.

https/www.windowscentral.com/how-use-efs-encryption-windows-10

 

[TJ Hooker]

After a bit of reading, it sounds like Bitlocker would prompt you for a password to unlock the drive once it is connected to the PC, and then remain unlocked once the password is entered. I'm not 100% sure on this, but that's the impression I get. That would mean that the drive would remain unlocked after you use it for anyone else to access. Unless you're open to disconnecting/relocking the drive everytime someone comes over and wants to use your PC.

 

[USAFRet]

If the drive is decrypted, then any backup application, or anything else, can read it.

However...if you are logged in, and you just "Switch User" to your Guest account...the drive would still be decrypted and probably accessible from Guest.

A better solution is an airgap. Have that external physically disconnected, unless you are actually doing a backup.

 

[Halo Diehards]

I am not 100% sure if it does, however if I remember correctly you can encrypt folders to a specific user account. So you could do that for the external HDD

That's good, but it still doesn't help my backup problem. Synctoy works perfectly for my needs. I researched and it looks like it does not have the ability to encrypt.

 

[USAFRet]

I am not 100% sure if it does, however if I remember correctly you can encrypt folders to a specific user account. So you could do that for the external HDD

That's good, but it still doesn't help my backup problem. Synctoy works perfectly for my needs. I researched and it looks like it does not have the ability to encrypt.

No, SyncToy won't automatically decrypt.
That would defeat the purpose of the whole decryption thing, if some random application can undo it.

 

[Snipergod87]

What im saying is you can encrypt the folder on your external HDD
https/www.windowscentral.com/how-use-efs-encryption-windows-10

 

[Halo Diehards]

What im saying is you can encrypt the folder on your external HDD
https/www.windowscentral.com/how-use-efs-encryption-windows-10

I understand. Thanks for trying to help, but as I've explained that completely defeats the purpose, because it doesn't allow my Synctoy auto backup to function. The only reason that the external hard drive is plugged in, thus accessible to any guest account, is for auto backup. If I didn't want to use auto backup, I wouldn't keep the external hard drive plugged in, and so would not need any encryption on any folders. The auto backup is the entire purpose of my thread, not simply blocking access to folders on my external hard drive.

 

[davetvs1]

I'm looking for a solution to this too. I'm thinking I could possibly create a log off script that would automatically eject the USB drive, that way it's still connected to the PC, but will require a password to be accessible, when I next login. The only issue you may have with this type of solution is, when the disk refuses to eject as it is in use. Maybe scripting something to check when synctoy is inactive, then close sync toy, then eject USB. Then something in a start up script to enable synctoy, when you sign back in?

Try this article

https/technet.microsoft.com/en-us/library/dd630947.aspx

Just realised this is for a domain environment, doing too many things at once, I should have read it.

Something can likely be setup with the scheduler for a workgroup PC