I think the machine configuration got corrupted on one laptop. When rebooted it started prepopulating the username box and gave an 'unknown user' error when logging in with any of the accounts. I could do a machine recovery, but then the thing would blue screen as it started going into Windows.
I created the BartPE CD and followed the steps through decrypting the drive. After that it would get to the Windows login screen, but after pressing Ctrl+Alt+Delete, it would produce an error about SBGina.DLL. I tried replacing that file with a copy from another machine to no avail. Also tried pulling over the files from a good installation into the directory and now when hitting Ctrl+Alt+Del I get the error "Endpoint Encryption Disk Driver not Present 0xe0020018"
My question is how can I remove whatever tie in Safeboot has to the Windows login so I can actually get into the system and do a complete uninstall?
Also, in the end, would also like to know if there was an easier way to recover this than what I did.
Since it appears that you did a force decrypt you can try to boot into safemode and run the SBSetup.exe -uninstall from the command prompt. That should remove the program files and any registry hooks safeboot has.
Thanks for the response. When I tried to do the uninstall, I get the message that "Boot protection is still enabled on this machine. The client can not be uninstalled while boot protection is enabled."
I think since MEE doesn't have any components loaded in safemode its not able to see that the drive is decrypted and boot protection is in fact removed. I'm running a test on a virtual machine to see if I can enable MEE in safemode so it will allow for an uninstall and post my results. I don't want to take a wild guess and have you completely break a production machine.
I fixed the MBR by using both Super FDisk and the BartPE Safetech Disk->Restore Original MBR option, neither option made a difference. I still get the "Boot protection is still enabled on this machine. The client can not be uninstalled while boot protection is enabled." message when trying to do the uninstall in SAFE mode.
While in Safe mode, I changed the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL key back to the windows default of MSGINA.DLL and I can now successfully log into the machine without going into safe mode, but I still recieve the same error message when trying to do the safeboot uninstall.
just remove it the legal way via the policy in the management console, that will solve your problems. You probably don't have enough admin rights to do it via the command line (or the boot code IS still installed).
If you remove SafeBoot via the SafeTech or WinTech disk, and then boot back into Windows and the machine is connected to the network it will start to re-encrypt all over again.
The best way to remove SafeBoot is using the console to flag the machine to Remove & Reboot on the next sync. This cant be done if the machine is BSoD and cant get into windows. In the case of the BSoD you need to use the method below.
This is the method i have used in the past and never had trouble with this method:
1.) use WinTech or SafeTech to Remove SafeBoot 2.) before rebooting, delete the machines object from the database and unplug the network cable 3.) boot the machine and use the sbsetup -uninstall command from the local administrators windows account
After all that the machine should be free and clear of SafeBoot. Also, if the sbgina.dll is messing things up so that you cant login to Windows normally you can boot to safe mode and change it back to msgina.dll in the registry as noted above.