Enhancing and Troubleshooting Common Issues with tCrypt2Go or vCrypt2Go
This is an article illustrating how to add miscellaneous enhancements or troubleshoot common issues with tCrypt2Go for TrueCrypt Portable (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified).
(This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go)
a. Open Command Prompt as Administrator
b. Enter format {drive letter}: /fs:exfat /q /y
Note: exFAT is supported after Windows Vista SP1 and Mac OS X 10.6.5.
For Windows XP and Server 2003, it is required to install this update to enable exFAT support: http://support.microsoft.com/kb/955704
The instructions below are meant to make it possible for non-admin Mac users to use TrueCrypt/VeraCrypt. It fixes the 'administrator privileges' prompt which pop ups while unlocking TrueCrypt/VeraCrypt partitions, as standard users do not have sudo rights at all.
Note:
b. At the top right corner of OS X (Spotlight), input 'term', then click 'Terminal'
c. Before moving on, we need to find the real username of the user account, because the username may be different from a user's display name:
To make sure, we run some commands to find out.
Method a. If current-logged-on user account is the user's:
From this example, the username is 'wanderer'
Method b. If current user account is root/administrator
d. After confirming the username, enter: sudo visudo
e. Press [i] key to switch to -- INSERT -- mode. Add this line at the end of the file
("%users" may not always work and should not be used.)
f. When all is OK, press [Esc] key to switch back to command mode, then input :wq! to save the file and exit.
g. Done! The setting should take effect immediately. Now log on to the user's account and try unlocking any TrueCrypt/VeraCrypt partitions without administrator privileges.
Reminder: Again, this is a per-machine setting that needs to be set on each Mac computer which requires the use of TrueCrypt/VeraCrypt.
Please check if the computer has either TrueCrypt 7.1[a]/VeraCrypt 1.21 and later (for TrueCrypt, installing a special driver package also counts).
To work around the issue, use the command line disk partitioning tool "diskpart" to modify the partition type to 0x64. (Please make sure the below procedure is performed on Windows 7 or later only.)
a. Run Command Prompt as Administrator
b. Enter diskpart
c. We will now use what was written down in section 1c. (disk number and partition number)
For this example, enter select disk 1
d. Enter select partition 2
e. Enter set id=64
Finished.
(This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go)
Topics Covered in this Article
- Formatting Encrypted Partition as exFAT in Command Prompt for Cross-Platform Support (i.e. Write Support in Mac OS X) – exFAT and TrueCrypt Only
- Granting Non-Admin Mac Users TrueCrypt/VeraCrypt Right (by Editing /etc/sudoer) – Mac-Only
- Avoiding User Account Control (UAC) Prompts
- Suppressing "Format Disk" Prompt with Diskpart
1. Formatting Encrypted Partition as exFAT in Command Prompt for Cross-Platform Support (i.e. Write Support in Mac OS X) – exFAT and TrueCrypt Only
- Skip this if you accept the limitations of NTFS – you don't require write support under Mac OS X
- Skip this if you use VeraCrypt, the GUI format tool of which already include exFAT option
a. Open Command Prompt as Administrator
b. Enter format {drive letter}: /fs:exfat /q /y
Note: exFAT is supported after Windows Vista SP1 and Mac OS X 10.6.5.
For Windows XP and Server 2003, it is required to install this update to enable exFAT support: http://support.microsoft.com/kb/955704
2. Granting Non-Admin Mac Users TrueCrypt/VeraCrypt Right (by Editing /etc/sudoer) – Mac-Only
- Skip this step if only thumb drives (container mode) will be used. That is because only using TrueCrypt/VeraCrypt partitions (USB hard disks) requires admin rights under OS X, whereas TrueCrypt/VeraCrypt container (thumb drives) doesn't.
- Skip this step if only Windows support is required.
The instructions below are meant to make it possible for non-admin Mac users to use TrueCrypt/VeraCrypt. It fixes the 'administrator privileges' prompt which pop ups while unlocking TrueCrypt/VeraCrypt partitions, as standard users do not have sudo rights at all.
Note:
- These settings are required for non-admin Mac OS users to avoid failure during unlocking (mounting) TrueCrypt-encrypted partitions as detailed in the Unlocking Flowchart from the Technical Overview article.
- The screenshots below focus on TrueCrypt only. You may need to adjust a bit for VeraCrypt.
- This needs to be set on user's Mac machine because it is a per-machine setting.
b. At the top right corner of OS X (Spotlight), input 'term', then click 'Terminal'
c. Before moving on, we need to find the real username of the user account, because the username may be different from a user's display name:
To make sure, we run some commands to find out.
Method a. If current-logged-on user account is the user's:
- whoami
From this example, the username is 'wanderer'
Method b. If current user account is root/administrator
- dscacheutil -q user | grep -A 3 -B 2 -e uid:\ 5'[0-9][0-9]'
d. After confirming the username, enter: sudo visudo
e. Press [i] key to switch to -- INSERT -- mode. Add this line at the end of the file
- {username} ALL = NOPASSWD: /Applications/TrueCrypt/VeraCrypt.app/Contents/MacOS/TrueCrypt/VeraCrypt --core-service
("%users" may not always work and should not be used.)
f. When all is OK, press [Esc] key to switch back to command mode, then input :wq! to save the file and exit.
g. Done! The setting should take effect immediately. Now log on to the user's account and try unlocking any TrueCrypt/VeraCrypt partitions without administrator privileges.
Reminder: Again, this is a per-machine setting that needs to be set on each Mac computer which requires the use of TrueCrypt/VeraCrypt.
3. Avoiding User Account Control (UAC) Prompts – Optional
During use of the encrypted storage device on Windows, clicking '.Unlock.exe' may activate a User Account Control dialog box.Please check if the computer has either TrueCrypt 7.1[a]/VeraCrypt 1.21 and later (for TrueCrypt, installing a special driver package also counts).
- If user has TrueCrypt/VeraCrypt, it would not trigger UAC prompts.
- If user has the TrueCrypt driver package, it would not trigger UAC prompts only when User Account Control is disabled.
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /f /v EnableLUA /t REG_SZ /d 0x0
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /f /v EnableLUA /t REG_SZ /d 0x1
4. Suppress "Format Disk" Prompt with Diskpart
There could be an annoying imperfection – whenever the drive is connected, Windows will asks whether you want to format it or not.To work around the issue, use the command line disk partitioning tool "diskpart" to modify the partition type to 0x64. (Please make sure the below procedure is performed on Windows 7 or later only.)
a. Run Command Prompt as Administrator
b. Enter diskpart
c. We will now use what was written down in section 1c. (disk number and partition number)
For this example, enter select disk 1
d. Enter select partition 2
e. Enter set id=64
Finished.
List of Articles on tCrypt2Go/vCrypt2Go
- Introducing tCrypt2Go and vCrypt2Go – Lock-and-Unlock Utilities for TrueCrypt and VeraCrypt Portable
- Technical Overview – How tCrypt2Go and vCrypt2Go work
- Installation Guide – Setting up tCrypt2Go and vCrypt2Go to Encrypt Portable Hard Disks
- Installation Guide – Setting up tCrypt2Go and vCrypt2Go to Encrypt USB Thumb Drives
- User Guide – How to Unlock and Lock Encrypted Drives using tCrypt2Go or vCrypt2Go
- *You Are Here* Enhancing and Troubleshooting Common Issues with tCrypt2Go or vCrypt2Go
Welcome to support this project by buying a cup of coffee ☕ if this tool is useful to you. 😊 Thanks!
Comments
Post a Comment