boot windows from usb

Most of us are concerned about the security and privacy of our data. We put login passwords, encrypt data and do various other tricks to ensure that someone cannot access our system without our authorization. Hardware manufacturers have also started exploiting our desire for data security by offering fingerprint readers, face recognition and other fancy stuff. If you are paranoid about who accesses your system, you can use a simple trick to prevent the system from booting unless you want it to boot.

This can be achieved by using a regular USB/pen/thumb drive (whatever you call it). Basically configure your system to boot windows from USB stick. The hack would be more than enough to keep even your curious geeky computer friends from booting into the system. That said, it is by no means foolproof (which security measure is? ) so you might not want to bet your life on it.

*** DISCLAIMER : the following method requires you to make some changes to your operating system. MakeUseOf cannot accept any legal liability if anything goes wrong with your PC and you should proceed at your own risk. Please read the instructions thoroughly before beginning and if you are still not sure what you are doing, you should seek help from a knowledgeable friend ***

A key requirement for the hack to work is that your system should support booting from a USB device. This can be verified from within the BIOS menu. So if you have an older system that doesn't support booting from USB devices, this one is not for you. We will cook up something else! Although, now that I think about it, theoretically (because I have not tried) the hack should work with a floppy disk as well. So you guys with older systems can also follow along and let us know if it worked.

What we are going to do is transfer some of the important files (you will see which ones) that Windows needs in order to boot, to the USB drive. Now if someone was to boot up the PC without your USB drive the system won't find these important files and will thus fail to boot.

So now that you know the concept, let's get working:

  • Format the USB drive.
  • Within Windows Explorer go to Tools > Folder Options. Within the View tab, choose "Show hidden files" and uncheck "Hide protected operating system files".
    • usb key lock computer
  • Open up the Windows Partition (usually C:), copy boot.ini, NTLDR and ntdetect.com onto your USB drive.
  • Boot up the system and change the boot order preference to check for a USB device first. You can access the BIOS menu generally by hitting F8 when the computer just starts.

Just in case you are curious, the boot.ini file is required to tell where the operating system resides. NTLDR is the NT loader which actually loads the operating system. ntdetect.com detects basic hardware that is required to boot up the system.

The changes are fully recoverable, although it would require some work for the uninitiated. If something goes wrong or you want to restore back things as they were then use the Recovery Console from your Windows CD.

Then at the command prompt issue "bootcfg /rebuild". Follow the instructions that appear on the screen.

recovery console

The solution is not foolproof. Even if someone is not able to boot your system he/she can easily get your data by using a live CD. So you might still want to keep your data encrypted.

Do you know of some other clever ways of preventing unauthorized access? Share them with us in the comments section.