Use Your USB Stick As a Key to Boot Your Windows PC

Varun Kashyap 13-12-2008

boot windows from usbMost of us are concerned about the security and privacy of our data. We put login passwords, encrypt data and do various other tricks to ensure that someone cannot access our system without our authorization. Hardware manufacturers have also started exploiting our desire for data security by offering fingerprint readers, face recognition and other fancy stuff. If you are paranoid about who accesses your system, you can use a simple trick to prevent the system from booting unless you want it to boot.


This can be achieved by using a regular USB/pen/thumb drive (whatever you call it). Basically configure your system to boot windows from USB stick. The hack would be more than enough to keep even your curious geeky computer friends from booting into the system. That said, it is by no means foolproof (which security measure is? ) so you might not want to bet your life on it.

*** DISCLAIMER : the following method requires you to make some changes to your operating system. MakeUseOf cannot accept any legal liability if anything goes wrong with your PC and you should proceed at your own risk. Please read the instructions thoroughly before beginning and if you are still not sure what you are doing, you should seek help from a knowledgeable friend ***

A key requirement for the hack to work is that your system should support booting from a USB device. This can be verified from within the BIOS menu. So if you have an older system that doesn’t support booting from USB devices, this one is not for you. We will cook up something else! Although, now that I think about it, theoretically (because I have not tried) the hack should work with a floppy disk as well. So you guys with older systems can also follow along and let us know if it worked.

What we are going to do is transfer some of the important files (you will see which ones) that Windows needs in order to boot, to the USB drive. Now if someone was to boot up the PC without your USB drive the system won’t find these important files and will thus fail to boot.

So now that you know the concept, let’s get working:

  • Format the USB drive.
  • Within Windows Explorer go to Tools > Folder Options. Within the View tab, choose “Show hidden files” and uncheck “Hide protected operating system files”.
  • usb key lock computer

  • Open up the Windows Partition (usually C:), copy boot.ini, NTLDR and onto your USB drive.
  • Boot up the system and change the boot order preference to check for a USB device first. You can access the BIOS menu generally by hitting F8 when the computer just starts.

Just in case you are curious, the boot.ini file is required to tell where the operating system resides. NTLDR is the NT loader which actually loads the operating system. detects basic hardware that is required to boot up the system.

The changes are fully recoverable, although it would require some work for the uninitiated. If something goes wrong or you want to restore back things as they were then use the Recovery Console from your Windows CD.

Then at the command prompt issue “bootcfg /rebuild”. Follow the instructions that appear on the screen.

recovery console


The solution is not foolproof. Even if someone is not able to boot your system he/she can easily get your data by using a live CD. So you might still want to keep your data encrypted.

Do you know of some other clever ways of preventing unauthorized access? Share them with us in the comments section.

Explore more about: USB, USB Drive.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Encryption Software
    October 13, 2009 at 10:07 am

    Since all computers share basically the same necessary startup programs, what is stopping a hacker from having several discs with different combinations of the basic types of programs on them and trying each of them on your computer until one of them is enough to boot it?

  2. Fredrik
    April 1, 2009 at 3:29 pm

    Farooq: Boot.ini is not used in vista, the whole boot manager has been changed. So it is not entirely easy to do these modifications if you don't know your way around computers.

    You should search for a specific vista guide, or hope that Varun makes a vista version.

  3. Farooq
    April 1, 2009 at 2:37 pm

    How to do all this in VISTA. I cannot find "boot.ini, NTLDR and" in VISTA. Can u plz help me how to do this process on vista???

  4. Erik
    December 20, 2008 at 12:46 pm

    My computer uses F8 to boot into the bios. Don’t assume things if you don’t know!!

  5. sayOZ
    December 19, 2008 at 2:38 am

    i think is funny not a safe secure mode :)

  6. Teddy
    December 17, 2008 at 11:07 am

    Why not just use TrueCrypt to keep everything you want private away from prying eyes? At least you wouldn’t be under a false sense of security, which is what this hack creates...

  7. Abdh
    December 17, 2008 at 8:34 am

    Amateurish and utterly useless solution, indeed…....

  8. Tom
    December 15, 2008 at 10:15 am

    It's worth noting that the caveat at the bottom is VERY true! Not only can they boot from a Linux LiveCD but people can also boot Windows up without the files on your USB drive:

    Using the Windows recovery console you can: (i) recreate boot.ini file (bootcfg /Rebuild) and (ii) aquire the ntldr files.

    This is still a very creative way to start your machine up though! :)

  9. kenny
    December 15, 2008 at 5:37 am

    This post is not recommendable for beginners,as they try themselves out of ordinary and gets into trouble...

  10. pessimist
    December 15, 2008 at 4:36 am

    The feeling of insecurity even after securing with the highest achievable encryption is the worst security threat ever.

    "For every Encryption, there is an equal and opposite Decryption"

  11. Nolan
    December 15, 2008 at 12:24 am

    Throw Back Track 3 USB build onto a thumb drive pop it in boot from that. From there you can root pretty much any box. Funny thing is the only way to counter act that (to my knowledge) is to disable the USB ports via device manager or registry, heh kind of renders this method useless for defending against any real hacker.

  12. Fredrik
    December 14, 2008 at 7:39 pm

    I thought about this again. And come to the conclution
    that this whole idéa is stupid. It is no more secure than a password. I a person can get around the password they can get around this.

  13. Paul
    December 14, 2008 at 7:21 pm

    @Fredrik: Yeah I've read that blog post somewhere as well.. You forget about the bit whereby you have to chill the memory to absolute zero or something first.. I reckon it would probably be easier to kidnap you and stick a gun to your head...

    The fact is you can crack any encryption with the correct tools, I think it's all about making it as difficult as possible, and Truecrypt does that better than anything else.

  14. Fredrik
    December 14, 2008 at 3:00 pm

    Paul: Truecrypt is not that secure, it has flaws. One big one is that if the computer is on, encrupte volyme open and in "ctrl + alt +delite" mode (a farly common senario) you can "easy" get the key by taking the momory out and puting them into anoter computer and dumt the cntens to the hardrive and then read the key.

    You need a encryption tool that encrypts the key when leaving the computer unatended.

  15. Michael
    December 14, 2008 at 2:08 pm

    It makes so much more sense to encrypt your hard drive with TrueCrypt and set it up with a password and keyfile on the flash drive.

  16. Alfonso
    December 14, 2008 at 1:43 pm

    Amateurish and utterly useless solution, indeed.....

  17. Userdenied
    December 14, 2008 at 1:33 pm

    I believe the point of this guide was to stop your non tech savvy folk from getting on your computer. Though as said several times above a password would do the exact same thing...maybe it's a 'feel good' guide that is put out there so not terribly tech knowledgeable people can do something that seems important?

  18. Carl
    December 14, 2008 at 12:43 pm

    This might stop your grandmother booting your PC, but your tech-savvy 14 year old? I don't think so.... your article even describes how to reverse these changes! Using the BIOS to setup a boot password would be far more effective and less likely to cause trouble when you lose your USB key. Jeez, freakin' amateurs...

  19. mark
    December 14, 2008 at 10:46 am


    very helPuL....

  20. DB
    December 14, 2008 at 8:59 am

    The best way to secure a box is don't use Windows. WinXP does not have permissions built into the file system, so there will always be a way to get at your data. If you're really stuck with Microsoft, then TrueCrypt is the way to go. Don't waste time encrypting the operating system though. Seperate your personal files from system files and just encrypt the stuff you want private.

    On Linux, you could do something like this by reconfiguring PAM to require an SSH key for login. You'd have to play with the settings to get it to look on a USB key automatically, but that shouldn't be too much work. Linux is inherently more secure to begin with.

  21. rick riggs
    December 14, 2008 at 8:01 am

    This is cool, I think will try this on a couple of our shop P.C's, thanks.

  22. Ingmar Greil
    December 14, 2008 at 8:00 am

    I agree, this is "kids in treehouses" stuff. If you're really concerned, full disc encryption is really the only option. You might want to check out Truecrypt -- free, and gets the job done rather nicely.

  23. Paul
    December 14, 2008 at 5:02 am

    Why not just use TrueCrypt to keep everything you want private away from prying eyes? At least you wouldn't be under a false sense of security, which is what this hack creates.

  24. carval
    December 14, 2008 at 4:16 am

    just load the whole OS to the flash drive, and set the
    swap file and data files to the internal drive?

    I was thinking of doing this with Linux to learn
    the OS, without installing On the HD

  25. L
    December 14, 2008 at 3:27 am

    Welcome to amateur hour...

    At least make the stick hold the encryption key of a fully encrypted disk containing your OS -- which has to be Linux I guess... that'd be worthy of a blog entry.

  26. daniel
    December 14, 2008 at 2:58 am

    Best method of protecting your data is a Hard Disk Password. Doesn't matter what system or what access method, the Hard Drive itself requires the password before someone can get at the data. There are of course ways around it but they are difficult and generally a pain in the ass.

    • Pierre Madden
      May 9, 2009 at 11:57 am

      Booting from a USB or encription are both rather complicated. My simple solution is to keep all my files on my USB and carry them with me in my pocket. My computer could be hacked, stolen or destroyed and it would not make a difference for the integrity of my data, including all website passwords. A "stupid" machine is a secure machine.

  27. kostka
    December 14, 2008 at 1:58 am

    So this is supposed to prevent hackers who want to turn on your PC, but too lazy to use another method to boot the system? I don't see a point.

    This doesn't add any additional security that a Windows password doesn't already provide.

  28. Windows Guy
    December 14, 2008 at 1:00 am

    Yes, F8 is used only to enter safe mode.You can use F1 or F2 or Delete key to enter BIOS setup(depends on brands).Btw,new guide Varun.

  29. venkat
    December 14, 2008 at 12:39 am

    This post is not recommendable for beginners,as they try themselves out of ordinary and gets into trouble.

  30. blusydays
    December 13, 2008 at 5:46 pm

    The 3 files doesn't show on Vista even when I uncheck "hide files..." , is it only for XP ?

    • Anonymous Coward
      December 13, 2008 at 8:39 pm

      It should. Are you checking in the root of the partition in which your Windows system files are located?

      • Anonymous Coward
        December 13, 2008 at 8:44 pm

        My mistake! It's not there in Vista. The files are still there - they just have different names. I can't say for sure which ones you need to move though. & Sorry about my other comment. It won't let me edit for some reason.

        • CoryK
          December 14, 2008 at 2:27 am

          Vista doesn't use the boot.ini file. it uses a Boot Configuration Database (BCD) i don't know about putting it onto a usb key. but if you have Ultimate, it supports BitLocker which can encrypt the system drive requiring a USB key to boot.

        • Dan
          December 14, 2008 at 7:33 pm

          On my Vista machine there are the XP files listed here (boot.ini is there for compatibility, it doesn't have to be moved) and in addition there is a C:\Boot directory as well you should move, as it also contains boot data (it is the replacement for boot.ini... it contains a REGISTRY HIVE (which is just ridiculous) as well as the memory tester and localization files.

          In addition you may need to actually copy the bootsector... I'm not sure.

        • Dan
          December 14, 2008 at 7:35 pm

          Hmm can't edit my comment, stupid website.

          I forgot to add C:\bootmgr is also a required file to boot.

  31. Anonymous Coward
    December 13, 2008 at 11:54 am

    Cool. Any ideas about doing this with Linux? I was just thinking of moving /boot to a USB drive. Pretty unconventional though. And then you have to leave the USB drive plugged in as long as you're running. Interesting idea.

    • steve
      December 14, 2008 at 3:00 am

      you can set /boot to unmount after boot (common in gentoo)... this would allow you to use the idea you suggested

  32. temp
    December 13, 2008 at 11:51 am

    Not a single PC gets into the BIOS screen by pressing F8. This is to get the PC to the Safe Mode boot menu. Usually the BIOS is F2 or Delete.

    • Varun Kashyap
      December 13, 2008 at 12:36 pm

      Yeah, that was supposed to be F2. In general though, if you don't know you should try F2, DEL or ESC

      • Adam
        December 13, 2008 at 1:44 pm

        or F10. I have one computer that uses that.


    • Devin
      December 14, 2008 at 1:15 pm

      My computer uses F8 to boot into the bios. Don't assume things if you don't know!