Showing results for 
Search instead for 
Did you mean: 

Bypass Preboot Authentication Recovery Code with SbAdmCl

I notice that through the webHelpDesk I can generate a recovery code for bypassing preboot authentication, but I cannot do this through the GetRecoveryGet command using SbAdmCl (don't see it in the docs anyway) - is it perhaps a yet to be documented parameter for the action variable, or is it truly not available?
3 Replies

RE: Bypass Preboot Authentication Recovery Code with SbAdmCl

C:\Program Files\SBAdmin5500>sbadmcl -command:getrecoveryresponsecode -help
McAfee Endpoint Encryption Scripting Tool
Copyright ® 1991-2008 McAfee, Inc. All Rights Reserved.
Executable version :
DLL version :
Get a response code for a recovery challenge
-Challenge:<challenge> Challenge string from client machine
-Action:<action> Action to perform. Must be one of:
-Token:<token> Optional new token type (for ChangeToken)

Command result:
Command = getrecoveryresponsecode
ResultCode = 0x00000000
ResultDescription = The operation completed successfully.

C:\Program Files\SBAdmin5500>

you need boot once I think?

RE: Bypass Preboot Authentication Recovery Code with SbAdmCl

BootOnce is my 2nd choice if there's no BypassPreboot. BootOnce, I believe, generates a recovery code for the machine, so I can't pass it a user name and have it reject the user name if the user isn't assigned to the machine. I'll be able to work around this by seeing who's assigned to the machine first, but was just checking first.
Level 7
Report Inappropriate Content
Message 4 of 4

RE: Bypass Preboot Authentication Recovery Code with SbAdmCl

The only way to bypass pre-boot is sbadmcl.exe -command:disablesecurity, prior to reboot. This will create an autoboot user account, that will be removed the next time the machine syncs. If you try using this option, be sure that the machine allows autoboot to be locally managed and uncheck the "do not check for autoboot user" (or whatever the verbage is).