Installing VeraCrypt via remote desktop

[Haole Boy]

Aloha everyone. I've been asked to install VeraCrypt on a desktop that is a couple thousand miles away from me, so I would have to do this using my remote support program Instant Housecall. Looking at the install process, it doesn't look like this can't be done, but I just wanted to ask if anyone has actually done this and what, if any, pitfalls you might have run across.

FWIW, I'll be encrypting the entire system drive. Not sure which version of Windows is installed on the target machine.

Mahalo,

Harry Z

 

[nerd2u]

Never done it remotely but should not be an issue minus creating recovery media.

I found veracrypt to be painfully slow

Sent from my SM-G870W using Tapatalk

 

[SlickMinnow]

+1 on the veracrypt S L O W . I also had a veracrypt box (full disk encrypted) crash hard when Windows 10 tried to to do a major update and blew up the boot sector. It is said that the latest version of Veracrypt properly deals with that situation, but that certainly was not my experience.

On Win10, I gave up and 'upgraded' to Win10 Pro and set up bitlocker. If not Win10, I still trust and use Truecrypt 7.1a

As far as the remote install - if I recall correctly, there will be a point where you'll have to reboot and enter your new passphrase to test and then continue the full encryption. You will need someone at the machine to enter this as the passphrase is requested right after the POST (long before the OS fires up) - so no remote access at that point.

 

[Markverhyden]

You will not be able to do the entire process remotely just by yourself. As @SlickMinnow mentioned you have to do a test which is at the boot sector level. No OS, so no network. The only way this could happen is with a network connected KVM unless you trust the customer do follow your directions.

Personally I'll do FDE after due diligence. As in making a disk image and tested to work properly.

 

[Sky-Knight]

To go along with the warnings, if you're using 3rd party encryption, and you aren't using Windows 10 Professional configured to operate on the Semiannual Update channel, you're just asking for trouble. AV and disk encryption software must be updated before Windows, or bad things happen.

 

[fencepost]

If the device in question has Windows 10 on it, just get the upgrade (if required) to Windows 10 Pro and use Bitlocker. If it has a TPM it can be configured to boot into Windows while still remaining encrypted, but for security it'll then be depending on the Windows login passwords. It can also be configured to require a PIN or password at boot time (or a USB key, but I don't really recommend that because people will just leave it inserted). Back up the Bitlocker key separately.

If the device has Windows 7 or 8 but can be viably upgraded to Windows 10, do that then do the above.

If the device is running Windows 7 or older and cannot be upgraded, be sure you discuss with the client what they're going to be doing in less than a year when Windows 7 is no longer receiving security updates but is still vulnerable to almost everything uncovered as new security problems with Windows components. In this scenario TrueCrypt/VeraCrypt may be a viable option.

 

[Haole Boy]

Thank you all for your responses. Yes, there will be someone at the machine to enter the password on the reboot. And they will have a CD or two to make the recovery disk. I'll have to see what version of Windows is on that machine. Unfortunately, this is a 2 person business, and upgrades to Windows 10 will probably be deferred until the week before Win 7 goes out of support... :-(

Harry Z

 

[nerd2u]

Why do they need / want full disk encryption?

Sent from my SM-G870W using Tapatalk

 

[Haole Boy]

Why do they need / want full disk encryption?

Sent from my SM-G870W using Tapatalk

Financial adviser, requirement of their company.

 

[fencepost]

That's the area that I want to be focusing on - not financial advisers particularly, but clients with compliance needs for encryption, etc. and a need to be able to show that they met those requirements.

If the client is a financial adviser they should be on Windows 10 Pro with Bitlocker encryption. If they're using Office 365 it needs to be on a Business plan; I'm not sure about Onedrive/Sharepoint from a financial industry compliance standpoint but there are other folks here who can likely answer that.

 

[nerd2u]

Exactly they are running a business they need to be on business grade stuff.

If they can't pony up a couple hundred for win 10 I wouldn't want them managing my money.

Sent from my SM-G870W using Tapatalk

 

[Haole Boy]

Thanx for all the replies. I will be talking to them about upgrading to Win10 Pro. There's 1 Win 7 machine and 1 Win10 Home machine. Gotta go lookup upgrade license costs.

 

[fencepost]

$100 to go from Home to Pro, directly to MS.

Windows-X, System, scroll down, "Change Product Key or Upgrade"

I have a couple clients who've started to show unfortunate tendencies to go buy equipment. I use that as a penalty/dissuasion point to keep them from doing so in the future, because what's a $30 difference when ordering business systems is $70 more after the fact and that $70 would've paid for an SSD upgrade.