Decrypt multiple drives at boot

Topics: Technical Issues
Nov 16, 2015 at 7:01 PM
Hi Guys,

I am using veracrypt 1.16 on Windows 10
I have my OS and programs stored on an SSD for speed but I have the windows users folder stored on a separate intel Raid1 to save space on my SSD.

I want to encrypt my users folder but if it isn't decrypted before windows boots it will likely kill windows because I can't login without access to the users folder.

My question is how would I go about encrypting the raid1 in a way that will be decrypted on boot before windows loads?

Thanks in advance for any help

Regards,

Alex Pine
Nov 17, 2015 at 5:48 PM
Hello Alex,

I think the problem is going to be the drive letter assignment for the user profiles and that you need VeraCrypt to use the same drive letter which is in use by Windows Disk Management. If the user profiles are not available during Windows OS startup, you are going to problems like this user had in the thread link below.

https://veracrypt.codeplex.com/discussions/584164

For example, if your user profiles are on the D drive and you perform the in-place encryption of the D drive, you need to remove D drive letter assignment from Windows Disk Management so you can assign D drive letter in VeraCrypt System Favorites for the device/partition so Windows OS can find the profiles at boot-up. But you should not remove the D drive letter from the Windows OS while logged into Windows. It is a chicken or the egg problem.

The user above kept the D drive letter in Windows and mounted in System Favorites to a different drive letter. This worked, however you are using two drive letters to accomplish the goal.

One idea you could try at your own risk after you encrypt the drive using the in-place option is the following:
  1. Mount the encrypted drive to another available drive letter. For the sake of this example, use T.
  2. Add the mounted volume to VeraCrypt System Favorites as T drive letter.
  3. Using Notepad, manually edit the VeraCrypt System Favorite Volumes.xml file to use D (or whatever drive letter the user profiles are currently located) instead of T. The VeraCrypt System Favorite Volumes.xml is located in the folder %windir%\system32 for 32-bit systems or in the folder %windir%\SysWOW64 for 64-bit systems.
  4. Boot Windows into Safe Mode.
  5. Use Windows Disk Management to remove the D drive from the device/partition.
  6. Reboot.
Hopefully, this will allow VeraCrypt to use the D drive letter assignment at the pre-boot startup.

https://veracrypt.codeplex.com/wikipage?title=System%20Favorite%20Volumes

Also be aware if for some reason in the future you are not able to mount the device/partition with the user profiles, you will not be able to use Windows.

Proceed at your own risk.

Kind Regards.
Nov 17, 2015 at 8:22 PM

Thanks, I’ll do some more investigation.

Kind regards,

Alex Pine