Bug: VC does not dismount volume on logoff; volume available to other user...

Open source disk encryption with strong security for the Paranoid

Brought to you by: idrassi

Bug: VC does not dismount volume on logoff; volume available to other user signing in later

Forum: Technical Topics

Created: 2019-10-21

Updated: 2019-10-21

TPT - 2019-10-21

Windows 10 (1903)

VC: 1.23 hotfix (2018-10-18)

Settings /Preferences:
Dismount All When: user logs off; user session locked; entering pwr svg mode
Fodrce Auto Dismount when volume ...
Wipe cached passwords - on exit; on dismount

What happens, repeatable:
1) login to normal user
2) bat file mounts volume with blank password and keyfile
3) logoff user
4) login to same normal user
5) bat file complains that volume is already mounted

What else happens, repeatable:
1) 1,2,3 above
2) Login as administartor; no bat file present, no autorun of veracrypt,
3) Open Explorer and find full access to encrypted volume.

If I have time I will createl another normal user and see if they have access, also. I would expect they do.

The keyfile usb remains inserted. HOWEVER. The bat file complains the vol is already mounted when the normal user signs in a second (and 3rd, etc) time. No need for credentials. The Administrator acct does not run VC at all, yet has full access to that vol.

WTF?

Rufus

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

TPT - 2019-10-21

OK. After lunch I cannot repeat this problem. I did check to verify that the VC background process was "on" at all times. It seems to have been acting like something killed this process. But the Preferences had it checked to run. Since I'm just starting w/VC, I don't know what else may be involved.

It kinda worries me that, if that is the problem, that it happened so easily and invisibly. I'm considering a logoff script to force dismounting of everything, regardless.

Regards,
Rufus

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

TPT - 2019-10-21

Problem not gone. Same. Nothing fancy, just login/logoff and the volume remains mounted, is seen from the other user, and the bat file c omplaiins when loggin back into the first user.

Not, not nice.

Rufus

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Adrian Kentleton - 2019-10-21

Might be helpful to post details of the batch file that mounts volume on logon?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

TPT - 2019-10-21

Possible explantion. I run a bat file to mount a volume. There is a "/quit" parameter that may need certain sub-parms in order for VC to utilize its Preferences. I didn't catch on to the sub-parameters and /quit ran naked. I had assumed that Preferences set in the gui would be available, and in the absence of command line specificatioin, would control when executing VC from a script. The lack of a "Preferences" sub-parm for the VC /quit paramet may be the cause of my problem - allowing VC to exit w/out continuing it's background job which dismounts the volumes.

TBD.

Rufus

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

TPT - 2019-10-21

Adrien

Missed your post. Here's the script:

@echo off
rem Run at login.
rem - mount veracrypt volume(s)

rem define parms needed
setLOCAL EnableDelayedExpansion
SET _KEY-DRV=E:\
SET _Key-Dir=
SET _Key-NM=TPT-keyfile-1
SET _Pgm-Path=C:\Program Files\VeraCrypt\

"%_Pgm-Path%veracrypt" ^
/v ID:72D62D764E955888C3E20CFBCE6A56E4F322506E82C7B603FF862384A19AAF1A ^
/k E:\TPT-key-1 ^
/l M /b /tryemptypass ^
/w ^
/q preferences ^ * "preferences" is new, not tested yet ***
/m rm

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

TPT - 2019-10-21

The problem looks solved. Giving the /quit parm its subparameter to run VC-background provides expected behavior - dismounting vols on signoff.

The /quit parm for running VC maybe ought to have something highlighted about what it means when VC-backgrouind doesn't remain running. There is a note about this when setting Preferences in the gui, but no mention in the command line docs that I worked off of.

I cleaned up the bat file and added "start" so the command window didn't stick around on first login (it did not remain when running the bat file directly from a shortcut). Below is the "productioin" bat file.

==========
@echo off
rem Run at login.
rem - mount veracrypt volume(s)
rem allows "hands off" user interface provided the expected key file is available on a
rem usb drv plugged into the machine

rem define parms needed
setLOCAL EnableDelayedExpansion
SET _Key-Drv=E:\
SET _Key-Dir=
SET _Key-Nm=TPT-key-1
SET _Pgm-Path=C:\Program Files\VeraCrypt\

start "" /I /MIN "%_Pgm-Path%veracrypt" ^
/v ID:72D62D764E955888C3E20CFBCE6A56E4F322506E82C7B603FF862384A19AAF1A ^
/k %_Key-Drv%%_Key-Dir%%_Key-Nm% ^
/l M /b /tryemptypass ^
/w ^
/q preferences ^
/m rm

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.