Operation Manual
89
Secure any computer hardware component or a whole computer.
Secure any data on a computer where the security requirements or precautions listed in the
chapter Security Requirements and Precautions are not followed.
Do anything listed in the section Limitations (chapter Known Issues & Limitations).
Under Windows, a user without administrator privileges can (assuming the default VeraCrypt and
operating system configurations):
Mount any file-hosted VeraCrypt volume provided that the file permissions of the container
allow it.
Mount any partition/device-hosted VeraCrypt volume.
Complete the pre-boot authentication process and, thus, gain access to data on an
encrypted system partition/drive (and start the encrypted operating system).
Skip the pre-boot authentication process (this can be prevented by disabling the option Settings >
‘System Encryption’ > ‘Allow pre-boot authentication to be bypassed by pressing the Esc key’; note that this
option can be enabled or disabled only by an administrator).
Dismount, using VeraCrypt, (and, in the VeraCrypt application window, see the path to and
properties of) any VeraCrypt volume mounted by him or her. However, this does not apply
to ‘system favorite volumes’, which he or she can dismount (etc.) regardless of who
mounted them (this can be prevented by enabling the option Settings > ‘System Favorite Volumes’ > ‘Allow
only administrators to view and dismount system favorite volumes in VeraCrypt’; note that this option can be
enabled or disabled only by an administrator).
Create a file-hosted VeraCrypt volume containing a FAT or no file system (provided that the
relevant folder permissions allow it).
Change the password, keyfiles, and header key derivation algorithm for, and restore or
back up the header of, a file-hosted VeraCrypt volume (provided that the file permissions
allow it).
Access the filesystem residing within a VeraCrypt volume mounted by another user on the
system (however, file/folder/volume permissions can be set to prevent this).
Use passwords (and processed keyfiles) stored in the password cache (note that caching can
be disabled; for more information see the section Settings -> Preferences, subsection Cache passwords in
driver memory).
View the basic properties (e.g. the size of the encrypted area, encryption and hash
algorithms used, etc.) of the encrypted system partition/drive when the encrypted system is
running.
Run and use the VeraCrypt application (including the VeraCrypt Volume Creation Wizard)
provided that the VeraCrypt device driver is running and that the file permissions allow it.
Under Linux, a user without administrator privileges can (assuming the default VeraCrypt and
operating system configurations):
Create a file-hosted or partition/device-hosted VeraCrypt volume containing a FAT or no file
system provided that the relevant folder/device permissions allow it.
Change the password, keyfiles, and header key derivation algorithm for, and restore or
back up the header of, a file-hosted or partition/device-hosted VeraCrypt volume provided
that the file/device permissions allow it.
Access the filesystem residing within a VeraCrypt volume mounted by another user on the
system (however, file/folder/volume permissions can be set to prevent this).
Run and use the VeraCrypt application (including the VeraCrypt Volume Creation Wizard)
provided that file permissions allow it.
In the VeraCrypt application window, see the path to and properties of any VeraCrypt
volume mounted by him or her.