CodePlexProject Hosting for Open Source Software
Security Requirements and Precautions
Keep in mind, that the content of a mounted VeraCrypt volume is visible (accessible) to all logged on users. NTFS file/folder permissions can be set to prevent this, unless the volume is mounted as removable medium (see section
Volume Mounted as Removable Medium) under a desktop edition of Windows Vista or later (sectors of a volume mounted as removable medium may be accessible at the volume level to users without administrator privileges, regardless of whether it is
accessible to them at the file-system level).
Moreover, on Windows, the password cache is shared by all logged on users (for more information, please see the section
Settings -> Preferences, subsection Cache passwords in driver memory).
Also note that switching users in Windows XP or later (Fast User Switching functionality) does
not dismount a successfully mounted VeraCrypt volume (unlike system restart, which dismounts all mounted VeraCrypt volumes).
On Windows 2000, the container file permissions are ignored when a file-hosted VeraCrypt volume is to be mounted. On all supported versions of Windows, users without administrator privileges can mount any partition/device-hosted VeraCrypt volume (provided that
they supply the correct password and/or keyfiles). A user without administrator privileges can dismount only volumes that he or she mounted. However, this does not apply to system favorite volumes unless you enable the option (disabled by default)
Settings > ‘System Favorite Volumes’ > ‘Allow only administrators to view and dismount system favorite volumes in VeraCrypt’.
Last edited Nov 14, 2014 at 8:36 PM by idrassi, version 1