Restricting Access to Files on an External Drive. and Keeping It Safe/Backed up!

cheepo on 07/06/2018 - 18:18
Last edited 08/06/2018 - 12:51 by 1 other user

I am contemplating building a small factor gaming machine (with a Ryzen 220G and no additional graphic card). The intention is for it to be used for Plex streaming, gaming and to store our personal files. Personal files to be stored on an external USB3 drive. Operating system and anything easily replaceable on a single internal drive. Space is an issue and therefore a full PC case with multiple internal drives is unfortunately out of the question. This machine won't be required to be on all time and every now and then, I want to do be able to do a full backup of all files to keep safe elsewhere using a separate external drive. So, TWO external drives. One always at home and the other at a separate location.

The dilemma is around privacy and security. I don't care too much about files associated with Plex or Steam but I don't want anybody else accessing our personal files should the drive be stolen or if we have family staying over and wanting to use the computer without our supervision. More importantly then all this, risk losing or compromise our data should it fall in the wrong hands. I thought about password protecting certain folders but am convinced that it's not foolproof or convenient (for my partner). Especially, if we need to regularly access these folders/files ourselves and do backups.

Without building a completely separate PC or investing in a NAS drive (like a Synology or QNAP), is there any other solution? Is it possible to use a small PC that can serve all 3 purposes whilst I still have control over files/folders and have the peace of mind knowing my data is backed should the drive fail or be stolen?

Please help me with your suggestions.

Computing

Comments

  • No Username on 07/06/2018 - 18:31

    You can try setting up group policy settings to create special permissions and access to folders, via each login account. For privacy and security use BitLocker.
    You will need windows 10 pro to access these features.

    • cheepo on 07/06/2018 - 19:22

      I've come across group policies before but had no clue what they were for. Handy that Bitlocker is built it so will track down a copy of Pro to test out to see how friendly and quick it is.

      • D C on 07/06/2018 - 20:42

        group policies

        Allows you better control over the machine, generally useful in company networks where you want to control if people can install apps, add hardware, disable updates etc.

        This is only available in Win10 Pro, not the Home version.

        Same goes for BitLocker, you need Win10 Pro to set it up. For external drives it's called 'BitLocker To Go'.

      • airzone on 07/06/2018 - 20:49

        Group policies are a way to configure and control PC's across an organisation. Want to change the web browser home page got 50,000 employees - do it with a group policy. Want to set up the company wifi profiles on all laptops? Yep, group policy. Want to make everyone change their passwords every couple of days and lock PC's after 60 seconds of inactivity, group policy. Want to install the latest MS Office on every PC in your network from a single network share? Group policy can do that too.

        However just because you can doesn't mean you should.

        • cheepo on 08/06/2018 - 08:34

          Aha, got it. If only my work would relax with the group policies. I really don't want the same backdrop/wallpaper as everybody else in the office! 😁

    • airzone on 07/06/2018 - 20:41
      +1

      Configuring group policies for a single PC is like trying to light a candle with a flamethrower.

      You can just set NTFS permissions on the drive to lock it down to users, and bitlocker will help protect against it being connected to another PC.

      • cheepo on 08/06/2018 - 08:41

        So if I've understood correctly, this should mean that I wouldn't have to consistently lock and unlock the drive. Providing it's connected to a specific login/user and computer, it should be fully accessible? Only restricting access if it's connected to a different login/user or computer?

  • Diji1 on 07/06/2018 - 19:12

    Veracrypt.

    • cheepo on 07/06/2018 - 19:14

      Fist time I've heard about it. Thanks - will look into it.

    • dufflover on 07/06/2018 - 19:52

      I still use an old copy of TrueCrypt.

  • Marty-69 on 07/06/2018 - 19:20

    Make a "guest" account for family and +1 for Bitlocker. Use it on the external drive and make sure not to set the option "Automatically unlock on this PC" so every time you access the disk, you need a password. When lost or stolen, it's pretty hard to access it.

    • cheepo on 07/06/2018 - 19:31

      Bitlocker seems like a popular choice. Curious to know how quickly it would lock/unlock a drive and if its capacity plays a factor. I assume you have to lock the entire drive and not just certain folders? Thanks for the tip.

      • D C on 07/06/2018 - 20:43

        BItLocker encrypts the entire drive.

      • Marty-69 on 08/06/2018 - 12:15

        When you enable Bitlocker on a drive it can take a few hours to encrypt it. Once set, unlock is just a matter of typing the password. No noticeable speed difference with or without Bitlocker. You can automatically unlock the drive on your computer as well.

        • cheepo on 08/06/2018 - 12:48

          Perfect. Don't mind it taking a few hours initially but definitely don't want to spend hours unlocking and then re-locking the drive once done. Might have to test this out to fully understand it. Now to figure out if setting a different user under the same Windows license is the best option or partitioning the drive and creating a separate Windows install might be better.

  • Fiximol on 07/06/2018 - 20:24

    Software encryption and decryption is not an instant process particularly for large capacity. If you are just wanting some level of security (i.e. won't be accidently accessed by someone without a lot of work) you can consider a keypad secured external drive like this or a keypad enclosure for your own drive (these are about half the price on aliexpress). Alternatively there are also biometric secured hdd but they seem really pricey.

    • Diji1 on 07/06/2018 - 21:56

      Or you could just click on a file and enter a Veracrypt password.

    • cheepo on 08/06/2018 - 08:28

      Thanks for the effort and for the links Fiximol.

      My budget to set this all up is somewhat limited and should have mentioned that I'm working with 3.5 HDDs for the external drives which I already own. I do need enclosures for them and those you listed are super impressive. Something I will definitely consider for future storage options.

Login or Join to leave a comment
Login Join