services under Windows 2000, e.g., assign a mount point to a VeraCrypt volume (i.e., attach a
VeraCrypt volume to a folder).
VeraCrypt does not support pre-boot authentication for operating systems installed within VHD
files, except when booted using appropriate virtual-machine software such as Microsoft Virtual
PC.
The Windows Volume Shadow Copy Service is currently supported only for partitions within the
key scope of system encryption (e.g. a system partition encrypted by VeraCrypt, or a non-
system partition located on a system drive encrypted by VeraCrypt, mounted when the
encrypted operating system is running). Note: For other types of volumes, the Volume Shadow
Copy Service is not supported because the documentation for the necessary API is not
available.
Windows boot settings cannot be changed from within a hidden operating system if the system
does not boot from the partition on which it is installed. This is due to the fact that, for security
reasons, the boot partition is mounted as read-only when the hidden system is running. To be
able to change the boot settings, please start the decoy operating system.
Encrypted partitions cannot be resized except partitions on an entirely encrypted system drive
that are resized while the encrypted operating system is running.
When the system partition/drive is encrypted, the system cannot be upgraded (for example,
from Windows XP to Windows Vista) or repaired from within the pre-boot environment (using a
Windows setup CD/DVD or the Windows pre-boot component). In such cases, the system
partition/drive must be decrypted first. Note: A running operating system can be updated
(security patches, service packs, etc.) without any problems even when the system
partition/drive is encrypted.
System encryption is supported only on drives that are connected locally via an ATA/SCSI
interface (note that the term ATA also refers to SATA and eSATA).
When system encryption is used (this also applies to hidden operating systems), VeraCrypt
does not support multi-boot configuration changes (for example, changes to the number of
operating systems and their locations). Specifically, the configuration must remain the same as
it was when the VeraCrypt Volume Creation Wizard started to prepare the process of
encryption of the system partition/drive (or creation of a hidden operating system).
Note: The only exception is the multi-boot configuration where a running VeraCrypt-encrypted
operating system is always located on drive #0, and it is the only operating system located on
the drive (or there is one VeraCrypt-encrypted decoy and one VeraCrypt-encrypted hidden
operating system and no other operating system on the drive), and the drive is connected or
disconnected before the computer is turned on (for example, using the power switch on an
external eSATA drive enclosure). There may be any additional operating systems (encrypted or
unencrypted) installed on other drives connected to the computer (when drive #0 is
disconnected, drive #1 becomes drive #0, etc.)
When the notebook battery power is low, Windows may omit sending the appropriate
messages to running applications when the computer is entering power saving mode.
Therefore, VeraCrypt may fail to auto-dismount volumes in such cases.
Preserving of any timestamp of any file (e.g. a container or keyfile) is not guaranteed to be
reliably and securely performed (for example, due to filesystem journals, timestamps of file
