Enhancing and Troubleshooting Common Issues with tCrypt2Go or vCrypt2Go

This is an article illustrating how to add miscellaneous enhancements or troubleshoot common issues with tCrypt2Go for TrueCrypt Portable (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified).

(This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go


Topics Covered in this Article

  1. Formatting Encrypted Partition as exFAT in Command Prompt for Cross-Platform Support (i.e. Write Support in Mac OS X) – exFAT and TrueCrypt Only
  2. Granting Non-Admin Mac Users TrueCrypt/VeraCrypt Right (by Editing /etc/sudoer) – Mac-Only
  3. Avoiding User Account Control (UAC) Prompts
  4. Suppressing "Format Disk" Prompt with Diskpart

1. Formatting Encrypted Partition as exFAT in Command Prompt for Cross-Platform Support (i.e. Write Support in Mac OS X) – exFAT and TrueCrypt Only

  • Skip this if you accept the limitations of NTFS – you don't require write support under Mac OS X
  • Skip this if you use VeraCrypt, the GUI format tool of which already include exFAT option
TrueCrypt format tool cannot format a drive as exFAT, but we may perform it using Command Prompt on Windows Vista SP1 or above:

a. Open Command Prompt as Administrator
b. Enter format {drive letter}: /fs:exfat /q /y

Note: exFAT is supported after Windows Vista SP1 and Mac OS X 10.6.5.

For Windows XP and Server 2003, it is required to install this update to enable exFAT support: http://support.microsoft.com/kb/955704

2. Granting Non-Admin Mac Users TrueCrypt/VeraCrypt Right (by Editing /etc/sudoer) – Mac-Only

  • Skip this step if only thumb drives (container mode) will be used. That is because only using TrueCrypt/VeraCrypt partitions (USB hard disks) requires admin rights under OS X, whereas TrueCrypt/VeraCrypt container (thumb drives) doesn't.
  • Skip this step if only Windows support is required.
After installing TrueCrypt/VeraCrypt on OS X, you may encounter the following issue if you use TrueCrypt/VeraCrypt on user accounts that have only standard user privileges.



The instructions below are meant to make it possible for non-admin Mac users to use TrueCrypt/VeraCrypt. It fixes the 'administrator privileges' prompt which pop ups while unlocking TrueCrypt/VeraCrypt partitions, as standard users do not have sudo rights at all.
Note:
  • These settings are required for non-admin Mac OS users to avoid failure during unlocking (mounting) TrueCrypt-encrypted partitions as detailed in the Unlocking Flowchart from the Technical Overview article.
  • The screenshots below focus on TrueCrypt only. You may need to adjust a bit for VeraCrypt.
  • This needs to be set on user's Mac machine because it is a per-machine setting.
a. First, ensure TrueCrypt/VeraCrypt for Mac is installed.

b. At the top right corner of OS X (Spotlight), input 'term', then click 'Terminal'


c. Before moving on, we need to find the real username of the user account, because the username may be different from a user's display name:


To make sure, we run some commands to find out.
Method a. If current-logged-on user account is the user's:
  • whoami


From this example, the username is 'wanderer'

Method b. If current user account is root/administrator
  • dscacheutil -q user | grep -A 3 -B 2 -e uid:\ 5'[0-9][0-9]'
From this example, we only have one user on this Mac and its true user name is 'user' too. (Here, the difference between the display name 'User' and the real account name 'user' is that 'U' is a different case.)


d. After confirming the username, enter: sudo visudo


e. Press [i] key to switch to -- INSERT -- mode. Add this line at the end of the file
  • {username} ALL = NOPASSWD: /Applications/TrueCrypt/VeraCrypt.app/Contents/MacOS/TrueCrypt/VeraCrypt --core-service
Change {username} to the user's real account name. In this example, it is 'user'


("%users" may not always work and should not be used.)

f. When all is OK, press [Esc] key to switch back to command mode, then input :wq! to save the file and exit.


g. Done! The setting should take effect immediately. Now log on to the user's account and try unlocking any TrueCrypt/VeraCrypt partitions without administrator privileges.
Reminder: Again, this is a per-machine setting that needs to be set on each Mac computer which requires the use of TrueCrypt/VeraCrypt.

3. Avoiding User Account Control (UAC) Prompts – Optional 

During use of the encrypted storage device on Windows, clicking '.Unlock.exe' may activate a User Account Control dialog box.

Please check if the computer has either TrueCrypt 7.1[a]/VeraCrypt 1.21 and later (for TrueCrypt, installing a special driver package also counts).
  • If user has TrueCrypt/VeraCrypt, it would not trigger UAC prompts.
  • If user has the TrueCrypt driver package, it would not trigger UAC prompts only when User Account Control is disabled.
It is suggested that UAC be enabled for better security, but in case you need to disable UAC, run Command Prompt as administrator, then enter the below command and restart PC:
  • reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /f /v EnableLUA /t REG_SZ /d 0x0
To re-enable UAC, use this instead and restart PC:
  • reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /f /v EnableLUA /t REG_SZ /d 0x1

4. Suppress "Format Disk" Prompt with Diskpart

There could be an annoying imperfection – whenever the drive is connected, Windows will asks whether you want to format it or not.


To work around the issue, use the command line disk partitioning tool "diskpart" to modify the partition type to 0x64. (Please make sure the below procedure is performed on Windows 7 or later only.)

a. Run Command Prompt as Administrator
b. Enter diskpart


c. We will now use what was written down in section 1c. (disk number and partition number)
For this example, enter select disk 1


d. Enter select partition 2


e. Enter set id=64


Finished.

List of Articles on tCrypt2Go/vCrypt2Go

Welcome to support this project by buying a cup of coffee ☕ if this tool is useful to you. 😊 Thanks!

Comments