This project has moved. For the latest updates, please go here.

Help please with setting up Veracrypt with Prey anti-theft software

Topics: Technical Issues, Users Discussion
Feb 10, 2015 at 12:05 AM
Hi,

I'm wanting to encrypt our entire laptop hard-drive (all existing files) to prevent a thief from accessing files should the laptop be stolen, but at the same time I'd like to use Prey anti-theft software to help track / recover the laptop which would mean setting up a 'guest' account with limited access to default programs - this is only used to activate the tracking software.

Basically, I'd like two user accounts with different capabilities:
  • Main account with full access to files on harddrive via encryption. Without password to encryption software data stays secure.
  • Guest account with zero access to files on harddrive, any thief has nothing to do/see except unknowingly activate tracking software.
I'm hoping Veracrypt can help me to do this, but reading thru the beginners setup & FAQ I'm not sure and am only getting more confused! How do I use Veracrypt to achieve this goal?

I have downloaded Veracrypt and am about to set it up, but also had some questions I hope someone can answer first, tho.
  1. Will moving existing files to 'new volume' create any issues to be aware of? (like broken file links, shortcuts etc?
  2. Is this correct: windows login at start up and selecting main account will give me access to Veracrypt encryption, and no new password input needed for normal laptop operation?
Appreciate any assistance
Feb 10, 2015 at 1:14 AM
Reading the FAQ at Prey's website, system encryption with a strong passphase will prevent the thief from being able to boot into Windows. Hence, the Prey software cannot run nor communicate with the PC.

You can send a support question on the Prey support site to see if they have a way of using their software once the PC has been stolen and the PC has been encrypted which means the thief will not be able to boot into Windows on the PC.

Newer versions of Windows OS have a System Reserved partition which cannot be encrypted by VeraCrypt since this will prevent your PC from booting. The drive will show-up in the Disk Management as a partition without an assigned drive letter and is less than or equal to 200 MB in size.

Many PC vendors include other partitions on their system drive for recovery, troubleshooting tools and the Windows software. If you encrypt those partitions, you lose the ability to troubleshoot, repair and/or install OS when your PC is having problems.

Since you are concerned with preventing a thief from accessing your data if your PC is stolen, I recommend choosing the option "Encrypt the Windows system partition" which will only encrypt the C drive (partition) which is the OS.

If you have other partitions on the system drive for your data that you want to encrypt, you can encrypt them separately after the OS. If you use the same passphase as the OS encryption, you can add these partitions to the System Favorites to be automatically mounted after entering the passphase at the bootloader prompt.

One final thought. Backups! :)

Always have backups of your data on a external drive that is encrypted by the backup software. Also, make sure to create and test that you can boot the VeraCrypt Rescue disk.

Here is a step-by-step guide for TrueCrypt that is for the most part applicable to VeraCrypt.

https://www.winhelp.us/truecrypt-system-drive-encryption.html
Feb 10, 2015 at 2:06 AM
Thanks Enigma2Illusuion,

You've given me much food for thought! Might have to go back to the drawing board...