4

On a Windows 2008 Server regular users are allowed to mount a TrueCrypt volume running a batch as administrator. The volume is dismounted automatically on certain conditions by another batch file ran by Task Scheduler.

The volume gets inaccessible every time, but about one in four cases the drive letter remains there so next time the mount script fails.

The weird thing is that it seems random which users see this phantom drive. Sometimes everyone, sometimes only one and not even the administrator (but even then, TC ran as Admin sees it and says 'volume already mounted').

The drive letter cannot be accessed (usual 'volume may be moved' error message). Disk Manager and Mountvol does not see the drive. The only way I was able to get rid of it was rebooting the server.

Start command used by other users (Yes, I know /savecred is unsafe, but it's (hopefully) irrelevant for the problem):

C:\Windows\System32\runas.exe /savecred /user:Administrator 
   "cmd /c c:\users\Administrator\ws\startserver.bat"

startserver.bat:

"c:\Program Files\TrueCrypt\TrueCrypt.exe" /v c:\Users\Administrator\ws\ws.dat /lz /q /m rm

Dismount batch ran as Administrator by Task Scheduler (before that, a MySQL and a Tomcat server running from the TC drive is stopped and there is a 30 seconds pause, there is no indication that any of these would fail to stop):

"c:\Program Files\TrueCrypt\TrueCrypt.exe" /f /dz /w /q /s

Any tips on how to investigate this?

Arthur
  • 91
  • 5

1 Answers1

1

You may try to use diskpart to free the drive letter. Add this line to your dismount script after truecrypt's dismount:

(echo select vol X & echo remove) | diskpart > nul

Where X is your volume letter.

Evgeniy
  • 66
  • 4
  • No luck. It says 'diskpart cannot be used right now'. Trying select vol Z from diskpart's command line results in volume does not exist error. – Arthur Oct 27 '15 at 05:10
  • How about this, then: do not assign letter to your drive at mount, and use diskpart to assign/remove letter. – Evgeniy Nov 01 '15 at 14:14