VeraCrypt

Documentation >> Security Requirements and Precautions >> Multi-User Environment

Multi-User Environment

Keep in mind, that the content of a mounted VeraCrypt volume is visible (accessible) to all logged on users. NTFS file/folder permissions can be set to prevent this, unless the volume is mounted as removable medium (see section Volume Mounted as Removable Medium) under a desktop edition of Windows Vista or later (sectors of a volume mounted as removable medium may be accessible at the volume level to users without administrator privileges, regardless of whether it is accessible to them at the file-system level).

Moreover, on Windows, the password cache is shared by all logged on users (for more information, please see the section Settings -> Preferences, subsection Cache passwords in driver memory).

Also note that switching users in Windows XP or later (Fast User Switching functionality) does not dismount a successfully mounted VeraCrypt volume (unlike system restart, which dismounts all mounted VeraCrypt volumes).

On Windows 2000, the container file permissions are ignored when a file-hosted VeraCrypt volume is to be mounted. On all supported versions of Windows, users without administrator privileges can mount any partition/device-hosted VeraCrypt volume (provided that they supply the correct password and/or keyfiles). A user without administrator privileges can dismount only volumes that he or she mounted. However, this does not apply to system favorite volumes unless you enable the option (disabled by default) Settings > ‘System Favorite Volumes’ > ‘Allow only administrators to view and dismount system favorite volumes in VeraCrypt’.