Cryptomator on Windows: Accessing your vault with admin priviliges

Hey folks,

after we introduced Dokany with version 1.4.0 as another unlocked vault provider and changed it after a while to be the default one, several windows user reported

The Problem: Processes (aka programs) do not have access to an unlocked vault, even when Cryptomator is started with admin privileges.


The Reason for it is the following: Cryptomator has no user management and so, after your vault is unlocked and you have a decrypted view of it, with Dokany either only the current user (you) or everyone has access. Due to security reasons we set it to the first one. And as long you started Cryptomator and not the administrator, he/she has no access to your unlocked vaults.


The Solution: With version 1.4.12 we added the feature to give the vault provider custom mount options. For Dokany one of these is the flag CURRENT_SESSION and it does exactly what is described above. You can remove it, but be aware of the implications: Every process is able to access the vault afterwards. To remove it go to the vault specific settings (before 1.5.0: advanced settings of a vault), click the checkbox “Use custom mount options” and remove only the string --options CURRENT_SESSION.

Hope it helps.

Remark: People complain that if they start Cryptomator with admin privileges they cannot access the unlocked vaults anymore. The reason of it is the same as above: They tried to access the vaults with their user account and not the one of the administrator.

4 Likes