Help With Uninstalling - Looking for silent uninstall or a command line
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I'm an Admin for a company of 300 employees. Our laptops at at he company are encrypted with VeraCrypt.
We have VeraCrypt installed on roughly 200+ Windows 10 laptops. Is there a command line prompt that can be used to decrypt the laptops and uninstall Veracrypt. Or would this have to be manually done one at a time? Basically I'm looking for a silent uninstaller, or a script, or command line that can automate this process instead or manually doing this.
Any help would be greatly appreciated.
Have a look at the documentation about cli at https://veracrypt.fr/en/Command%20Line%20Usage.html.
Or use the /help or /? parameter to see if it satisfies your needs.
Greets
Last edit: RealTehreal 2021-09-25
Hi RealTehreal, I went through that documentation. I'm not seeing anything in there that would help with a silent uninstall or any sort command line that would decrypt a computer and then uninstall Veracrypt. Is there some sort or instructions or directions out there for this process. I would have to think if a small company is using Veracrypt on there systems there would have to be a way to automate this process and not have to uninstall manually.
Hi RealTehreal, I went through that documentation. I'm not seeing anything in there that would help with a silent uninstall or any sort command line that would decrypt a computer and then uninstall Veracrypt. Is there some sort or instructions or directions out there for this process. I would have to think if a small company is using Veracrypt on there systems there would have to be a way to automate this process and not have to uninstall manually.
While you manually decrypt a system, you can have a look at task manager and see, that following is running:
c:\Program Files\VeraCrypt Format.exe /dsysenc
This call would decrypt the system. However, this process, of course, will need administrative permission/privileges. It will also bring up the volume creation wizard and show the current state of the decryption process.
Then, after a system restart, you should be able to uninstall VeraCrypt.
All the above should be doable via domain policy or whatever mechanism suits you best.
Greets
As much as I appreciated the help, but like you said it is a possible solution. which didn't work so I'm trying to find a way to uninstall this product without having to do it manually one machine at a time. I assume there has to be a way that this can be done. What are other companies doing when they uninstall? We have had issues with feature updates not passing through and already having to manually update systems. The company is moving away from it as it doesn't seem like this is designed for an enterprise solution so I'm hoping to not have to remove it manually.
What exactly did not work? Please be more specific about errors or the like. Additionally, I just saw that the path above is not completely correct. It should be more like
c:\Program Files\VeraCrypt\Format.exe /dsysencBut it is possible that you have to slightly adjust the path, depending on how you've configured the systems.
The above solution would be a way to let things pass automatically. Other companies would likely use login scripts or similar to start processes on user login. But you should be aware that you, of course, have to boot up every machine to let it decrypt.
Maybe it's also possible to rip off the HDDs and decrypt them offline. But I guess this would be much more workload, and you would have to test it once on your own, as I'm unaware if this really work.
I've attached the error message that Michael Dziegiel is talking about.
The command given doesn't work for VeraCrypt, nor I can I find any switches online that un-encrypts drives on cmd line.
Please assist if able.
Tim
Using the command line, you have to encapsulate directories and file names that include spaces with double quotes.
EDIT: Beware that this is an internal command to the application and not meant for CLI since the CLI does not check if the system encryption was interrupted and needs to resume or if the system drive is in an encrypted state. The coding logic to check for these conditions is in the GUI when you select
System > "Permanently Decrypt System Partition/Drive".
EDIT 2: If the user interrupts the system encryption and you reissue the decrypt using the CLI above, I do not know if the decryption will restart at the point of interruption or will decrypt starting from the beginning again which leads to loss of OS and data.
Last edit: Enigma2Illusion 2022-04-22
Thanks much for that.
However it appears the /silent switch doesn't work although the /deysenc switch does.
It prompts the GUI with /silent. very frustrating.
That silent switch actually exists, here is all available switches for that exe.
/zinplace
/resumeinplacedec
/inplacedec
/sysenc
/risysenc
/isysenc
/encdev
/dsysenc
/csysenc
/acsysenc
/secureDesktop
/keyfile
/protectMemory
/fastcreatefile
/quick
/nosizecheck
/force
/dynamic
/silent
/create
/size
/pim
/password
/hash
/filesystem
/encryption
/quit
/tokenpin
/tokenlib
/noisocheck
/history
Anyone have any ideas on how to get this thing to unencrypt but not have the user know about it?
The software is working as designed.
There are certain hidden command switches that are used in the main application (GUI) and should not be used in the CLI. Only the main application is making the call to the format program with the hidden switches of which dsysenc command is one of the internal commands to be called by the GUI.
https://github.com/veracrypt/VeraCrypt/blob/762065917f3ac47c3bdcacdb608d35b36dfb3973/src/Format/Tcformat.c#L9142
Using the software in unsupported methods due to finding the hidden command calls located in the source code is not recommend nor supported.
Last edit: Enigma2Illusion 2022-04-28
I apologize for asking silly questions. This sort of stuff is out of my IT wheelhouse.
All I need for the 800 machines I need to decrypt is a method to use command line remote through our RMM tool, so that there is no user awareness that the process is kicking off.
The silent switch still brings up the GUI.
Can you provide direction for what will accomplish this? And if not possible, that's fine too.
I can still use the decrypt switch and inform users to minimize the window, but ideally I'd want this running without user impact.
I'd buy you a 12 pack if I can get this working :)
Would save us tons of time.