How to create an encrypted rewriteable diskimage that doesn't require admin to mount on Windows 10?

Question

I want to run some portable programs on a computer where I am not admin. I need the program data to be encrypted. How can this be achieved?

I have looked at the builtin diskmgmt.msc that can create VHD-images that are rewritable which I can then run with Bitlocker but it requires admin. I have also looked at ISOs because they can be mounted as a regular user but my research come up inconclusive whether they support my requirement that they should be rewritable and/or support some kind of encryption.

How can I create a safe environment that doesn't require admin rights under these circumstances?

On my Mac I would just create a dmg and double click to mount it. A solution like that would be ideal.

Notes: It might be possible to get permissions to SETUID (or what Windows 10's corresponding function is called). I can also ask the admin to open a command prompt with admin rights but after that I am on my own (even though they can open a command prompt with admin rights they won't give me the admin password).

Answer 1

File Explorer on Windows 10 can mount VHDX files without requiring administrative privileges. It is as easy as double-clicking the VHDX file. VHDX files that are encrypted with BitLocker may trigger an error message that, per my experience, is safe to ignore. You also no longer have the ability to choose the VHDX's drive letter.

Creating the encrypted VHDX file, however, is another matter. This task requires access to file system services such as partitioning, formatting, and encryption. They are only available to admins.

If you can create the VHDX file on a system on which you have administrative privileges, you'll be able to roam it around and use it everywhere, without admin privileges.