Operation Manual
133
We use VeraCrypt in a corporate/enterprise environment. Is there a way for an administrator
to reset a volume password or pre-boot authentication password when a user forgets it (or
loses a keyfile)?
Yes. Note that there is no “backdoor” implemented in VeraCrypt. However, there is a way to “reset”
volume passwords/keyfiles and pre-boot authentication passwords. After you create a volume, back
up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user
to use the volume. Note that the volume header (which is encrypted with a header key derived from
a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user
to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate
a user keyfile for him/her. Then you can allow the user to use the volume and to change the
password/keyfiles without your assistance/permission. In case he/she forgets his/her password or
loses his/her keyfile, you can “reset” the volume password/keyfiles to your original admin
password/keyfiles by restoring the volume header from the backup file (Tools -> Restore Volume
Header).
Similarly, you can reset a pre-boot authentication password. To create a backup of the master key
data (that will be stored on a VeraCrypt Rescue Disk and encrypted with your administrator
password), select ‘System’ > ‘Create Rescue Disk’. To set a user pre-boot authentication
password, select ‘System’ > ‘Change Password’. To restore your administrator password, boot the
VeraCrypt Rescue Disk, select ‘Repair Options’ > ‘Restore key data’, and enter your administrator
password. Note: It is not required to burn each VeraCrypt Rescue Disk ISO image to a CD/DVD. You can
maintain a central repository of ISO images for all workstations (rather than a repository of CDs/DVDs). For
more information, see the section Command Line Usage (option /noisocheck).
Can our commercial company use VeraCrypt free of charge?
Provided that you comply with the terms and conditions of the VeraCrypt License, you can install
and run VeraCrypt free of charge on an arbitrary number of your computers.
We share a volume over a network. Is there a way to have the network share automatically
restored when the system is restarted?
Please see the chapter Sharing over Network.
It is possible to access a single VeraCrypt volume simultaneously from multiple operating
systems (for example, a volume shared over a network)?
Please see the chapter Sharing over Network.
Can a user access his or her VeraCrypt volume via a network?
Please see the chapter Sharing over Network.
I encrypted a non-system partition, but its original drive letter is still visible in the ‘My
Computer’ list. When I double click this drive letter, Windows asks if I want to format the
drive. Is there a way to hide or free this drive letter?
Yes, to free the drive letter follow these steps: