@Geoff
traveller mode so that they can use it on their home pc. not have to install trucrypt on their own machine.
@zerohour
i'll have a look at autoit cheers
still need to look at the group policy load driver permission thing
cheers everyone
Printable View
@Geoff
traveller mode so that they can use it on their home pc. not have to install trucrypt on their own machine.
@zerohour
i'll have a look at autoit cheers
still need to look at the group policy load driver permission thing
cheers everyone
Here is the code for autoit:Code:RunAsSet('{USER}', '{DOMAIN}', '{PASSWORD}',{Load profile 1=yes 0=no})
RunWait('{PATH TO EXE WITH SWITCHES}')
Exit
The CC3 package I created for TrueCrypt v6.1a can be downloaded from here. The best bit is that if you use all the files I included in the 'Traveller Disk' folder within the package folder on your USB flash drives, TrueCrypt will work for both restricted users at school (because the driver has already been installed as part of the package) and on staff home computers too (since TrueCrypt can also run directly from the USB flash drive). The AutoIt script I created to do this is also shown below. :)Quote:
Originally Posted by box_l
Mount.au3
Autorun.infCode:#NoTrayIcon
#AutoIt3Wrapper_icon=TrueCrypt\Icon.ico
#AutoIt3Wrapper_Compression=4
#AutoIt3Wrapper_Res_SaveSource=y
$tc_hdd = '"' & @ProgramFilesDir & "\TrueCrypt\TrueCrypt.exe" & '"'
$tc_usb = '"' & @ScriptDir & "\TrueCrypt\TrueCrypt.exe" & '"'
$tc_switches = " /q background /cache y /history n /mountoption removable /explore /beep /v "
$tc_volume = @ScriptDir & "\Encrypted.tc"
If FileExists($tc_hdd) Then
Run(@Comspec & ' /c ' & $tc_hdd & $tc_switches & $tc_volume, "", @SW_HIDE)
Else
Run(@Comspec & ' /c ' & $tc_usb & $tc_switches & $tc_volume, "", @SW_HIDE)
EndIf
N.B. I have only tested this package on computers running Windows XP Pro SP2 since our CC3 network is XP only at the moment. I've included the Advanced Installer project file too, just in case you want to have a look at how I created the package or need to modify it to work on Windows Vista and 64-bit versions of Windows.Code:[Autorun]
label=Encrypted Volume
icon=TrueCrypt\TrueCrypt.exe,1
action=Mount TrueCrypt Volume
open=Mount.exe
shell=Item1
shell\Item1=&Mount TrueCrypt Volume
shell\Item1\command=Mount.exe
shell\Item2=&Unmount TrueCrypt Volume
shell\Item2\command=TrueCrypt\TrueCrypt.exe /dismount /quit /silent /wipecache /beep
shell\Item3=&Run TrueCrypt
shell\Item3\command=TrueCrypt\TrueCrypt.exe
shell\Item4=&Read Me
shell\Item4\command=notepad.exe Readme.txt
Ah.. still have to prove to myself that there is a "which driver" issue, but that's essentially what I came here to suggest (look for tc on the system and run that if extant, otherwise try the penstick copy.)
The bit that bothers me though is the collision between the risk of someone not encrypting something confidential because clicking say a shortcut to mount containers is jus too hard, and the risks of encouraging people to autoplay of USB sticks given it's now well-established use by malware.
And that will be very bad news unless you've got different ones for every machine- in which case how does it work when I go to another machine?Quote:
they might get a local admin passord
Arthur
thats great! seems to be just what i need.
i am guessing i cant use a cc3 package without cc3 so i will build my own msi
piqueaboo
i know, i just could not figure a way for a teacher to go to a non truecrypt domain machine where they are not a local admin and still get this to work.
i will have to install to all machines on the school network for this to be fully usable. including all the student ones. i'll have to make sure the kids dont realise the software is there and encrypt things they shouldnt.
thanks again Arthur:D
I decided not to care about that scenario. If they can do it on org's boxes including teacher laptops and on their home machines that's good enough for me. Ultimately this is supposed to be work/business data - why do you need to access that from any box anywhere on the planet?Quote:
i just could not figure a way for a teacher to go to a non truecrypt domain machine where they are not a local admin and still get this to work
Its not a problem scenario, its an undocumented security feature. You're restricting the machines where the data can be accessed to those you have authorized.Quote:
Originally Posted by PiqueABoo
piqueaboo,
lots of the teachers i support have two machines, one for home one for class.
i had not planned on putting truecrypt on the machine that never leaves school, so was a bit stuck on how they would have used the traveller stick on a locked down machine with no trucrypt.
i'll just have to install to all machines.
BoX
Box. My package will work for non-CC3 networks too. I didn't do anything special when I created the package that will only make it work on RM networks (I tried to copy what the official installer does as much as possible) so feel free to use it if you want. :)
If you download the .exe from the link above and then extract the files to a folder you can then use the included .msi to install TrueCrypt to computers via Active Directory (or whatever method you normally use) and the files in the 'Traveller Disk' folder for your USB flash drives. When you install TrueCrypt from my .msi you will need to restart the computer so that the TrueCrypt driver starts properly.
Edit. If you would like to modify my TrueCrypt package all you need to do is install TrueCrypt from my .msi on a clean PC, download the demo version of Advanced Installer and then open the included .aip project file. Make your changes to the package and then build the .msi again. Much simpler than starting from scratch. :)