VC 1.23 for Windows only available on administrator accounts?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Hey All,
Curious if there's a page/discussion explaining why VC 1.22 and up is only avaiable to administrator accounts on Windows? I've always used my VC containers and drives on the Guest account, but now they mount as read-only on the limited account.
I'm not an infosec professional but was told it's better to use a limited Windows account for day to day computing because malware, viruses, exploits etc. can do limited damage while admin priviledges are disabled. Following that I reasoned that while mounted VC volumes are decrypted and readable, a data exfiltration attack would be more difficult to execute on a Windows Guest account.
Trying to learn if that's accurate and what the purpose of limiting VC to admin accounts was, so any help would be much appreciated!
Many thanks,
Q
Oh, and first post so not sure where this one goes. If it belongs in general let me know and I'll move it.
Last edit: Qtron 2018-10-30
My understanding is you install or upgrade VeraCrypt using the Windows administrator account and during the installation, make sure the option "Install for all users" is enabled.
After the installation and reboot, you can login as the user account.
You can search the forum for read-only to determine how other users solved the problem.
Did you create the volume when using the administrator account or reinstall the Windows OS?
You may need to set the permissions and ownership on the dismounted file container. Then mount the file container. Set the permissions and ownership of all the files within the file container.
https://www.windowscentral.com/how-take-ownership-files-and-folders-windows-10
Different folders can have different permissions and ownership permissions for user accounts in Windows that are inherited when you place a file in that folder.
Google search Windows permissions and ownership on files.
Hey E2I,
Many thanks for your reply. Taking ownership and allowing full control of the dismounted containers in Guest fixed read-only the problem. When the containers are mounted the files within are now editable.
I noticed that user accounts in container properties only had limited permissions. So on my set up (Windows 8.1 with VC 1.23) new containers or encrypted external drives are written by VeraCrypt with Administrator as the owner and read-only permission assigend for user accounts. Adding full control permission to the respective user account fixes that. Phew. Simple. (Sure I read somewhere that VC 1.22 and up only works on Win Admin accounts... )
Also, when tried to take control of an encrypted external hard drive I right clicked the mounted Drive, rather than the folders within the drive. The modiy ownership process failed and a 'Recycle bin curruption' dialogue appeared. I was prompted to delete it, which I did. The folders in the drive appeared to be fine so I repeated the process on the folders without any trouble. Do you think the corrupted recycle bin may lead to further corruptions on the external drive's disk? (it's a 1tb Toshiba Canvio)
No. I had experienced the corruption of the Recycle Bin and after deleting the Recycle Bin then rebooting, I have not experienced the problem again.