Two questions (remote boot and remote system encryption check)

Topics: Technical Issues
Feb 10, 2015 at 2:34 PM
Edited Feb 10, 2015 at 3:51 PM
  1. Is there an ability to reboot remotely a computer with "Encrypt System Partion/Drive" with a 1 time password bypass?
    Similar to this
    2> is there a way to tell remotely if a system drive is encrypted? Its easy to check if veracrypt is installed... telling if the drive is actually encrypted is another story.
    EDIT number 2 is assuming the machine is on and i have full admin remote access.
Feb 11, 2015 at 8:24 PM
Edited Feb 11, 2015 at 8:26 PM
  1. There is no such bypass feature in VeraCrypt. I don't know how Symantec product works but I don't see how one can implement a remote password in BIOS mode? Windows can't run before the disk is decrypted and I'm not sure that they implemented remote desktop in their bootloader (if they had this, no need to propose a bypass feature anyway). The most probable explanation is that this feature simply changes the encryption password to empty string so that the disk can be booted automatically without typing anything and after Windows starts, their software restores the original password. Anyway, this approach is not very secure because it gives many opportunities to attackers to retrieve the encryption master key or the password. Unless someone propose a secure approach to implement, such type of features will not be implemented in VeraCrypt.
  2. Yes, you can check simply that a system is encrypted using the registry: under the registry key "HKLM\SYSTEM\CurrentControlSet\Services\veracrypt", the REG_DWORD value "Start" must be equal to 0 and the REG_SZ value "Group" must be equal to "Filter".