This project has moved and is read-only. For the latest updates, please go here.
2
Vote

Bug: Cannot Create Volume w/UAC Enabled

description

Hello Mounir,

I discovered that I cannot create a volume when UAC is enabled on my Win 7 Pro 64-bit system using both 1.16 and 1.17 Beta 2015.10.15 versions.

I only have one account on the PC that is the Administrator account. Guest account disabled.

Steps to recreate issue:
  • Logged into system using Administrator account.
  • UAC set to default setting. See screenshot attachment (UAC Setting.jpg)
  • Create standard file container volume on C:\test.hc location.
See attached screenshots for errors.

Kind Regards.

file attachments

comments

Enigma2Illusion wrote Oct 17, 2015 at 8:48 PM

Upload Format Error w UAC Enabled.jpg screenshot.

Enigma2Illusion wrote Oct 17, 2015 at 8:49 PM

Upload Create Volume Error2.jpg screenshot.

Enigma2Illusion wrote Oct 17, 2015 at 8:57 PM

Even if I select the lowest UAC setting, besides disable, I get the same errors. Uploading UAC Setting Lowest.jpg screenshot.

Only disabling of UAC allows for the volume to create.

Enigma2Illusion wrote Oct 17, 2015 at 9:36 PM

Also, the ownership of my C drive is "TrustedInstaller". See attached C Drive Ownership.jpg screenshot.

Windows Explorer > Right-click C drive > Properties > Security tab > Advanced button > Owner tab

idrassi wrote Oct 23, 2015 at 1:17 AM

Unfortunately, this is a situation where VeraCrypt can do nothing because access to file is denied to us by the operating system.

This is a permission issue and in such case the user must select a location inside his home directory.

Unless VeraCrypt is run with full admin privileges (using "run as administrator"), we can't bypass UAC protection.

I'm closing this ticket but you can reopen it if you disagree with my assessment.

idrassi wrote Oct 23, 2015 at 1:17 AM

** Closed by idrassi 10/22/2015 5:17PM

Enigma2Illusion wrote Oct 29, 2015 at 2:49 PM

Hello Mounir,

The issue occurs even if you attempt to create the file container in My Documents folder for the user account.

I think the key to the problem is the ownership of the C drive is "TrustedInstaller". See attached C Drive Ownership.jpg screenshot.

I was assisting a person to install and create VeraCrypt file containers on two systems. One system's ownership is the "TrustedInstaller" which encounters the UAC problem and the second system's ownership is "System" which does not encounter the UAC problem. My system also uses the "TrustedInstaller" for C drive ownership.

Since the TrustedInstaller is a special account from Microsoft, I figure the issue is in the VeraCrypt code since I can create other non-VeraCrypt files both on the root C drive and in the My Documents folder for the user account successfully. However, I cannot create a new VeraCrypt volume.

I hope this explanation clarifies the problem.

Kind Regards.

Enigma2Illusion wrote Oct 29, 2015 at 7:26 PM

PS: The user account referenced in my post above is the PC administrator account and on my system, is the only account.