My PC crashed recently that was running EEPC 5.0.1 using hardware tokens to log on (username and passcode), after the standard response from the helpdesk that a restore / decryption is not supported and to reimage my machine I decided to go the safetech route and decrypt the drive using SBFS authentication (selected "Remove EEPC" from the menu and it gave the option for Disk 0), this worked 100% for the primary C:, however I had a D: installed in the notebook that was also encrypted and infinitely more important as i already had a backup of C:.
It appears that when the safetech disk completed the decryption it removed the hardware tokens from the boot sector of the C: and now no longer accepts the username and password in order to decrypt the D:.
Is there any chance of restoring the SBFS authentication on the C: or will we need the SDB from the EPO server (assuming the implementation is managed from an eop server - this assumption comes from the fact that the helpdesk is able to reset passwords etc remotely - not sure this is a valid assumption though).
After the decryption was complete Windows 7 booted first into system recovery and then back into the normal windows logon (able to logon and everything is 100% except the D: shows and unformatted / encrypted)
Edit: I belive this question may be in the wrong location, the version is 184.108.40.206 which i belive is not EPO managed but via the EE Manager?
Message was edited by: bobbo_sa on 4/4/12 10:04:12 AM CDTMessage was edited by: bobbo_sa on 4/4/12 10:05:12 AM CDT
(moved to correct forum)
No, there's no way to restore C now. If you had both drives installed at time of removal, they would both have been decrypted (assuming both were visible within the pre-boot?)
You need the SDB file, no, it won't be in EPO, it will be in the SafeBoot Management Center - you're using a version which pre-dates EPO by many years though. Once you have that, you, or better your IT team can use SafeTech to decrypt this 2nd drive - obviously it will need to be BIOS accessible though, or you'll have to use a xPE disk and WinTech.
Thanks Simon, thought as much, managed to get the .sdb file for my machine, however when i select "Disk -> Crypt/Decrypt sectors -> Disk 1 -> Start 0 / End 0312578047 -> Decrypt" then it gives me the following error: "Encryption Error 0xe002000a" even though its Authorised and Authenticated.
Is the next option to use the force decrypt?
Yes, do the force decryption..
caclulate the sector information for D: drive and decprypt only d drive. C is aldready decrpyed.
PS: clone your hdd before decryption
Thanks, I decided to pause all efforts until I've done exactly that, :-), i just wish i had done it on the C: before it decrypted.
Question, now that my C: is booting etc fine and i have the sdb file, would it be an option to reencrypt the C: and restore the EEPC MBR using the SDB file - my mind says it would then be as it was and then the i should be able to access the D: once the OS boots.
It will not work.. even I applied same logic in past , but it gives 92h error, when we restore SBR where another SBFS is there.. (I might be wrong here)
but I am sure this does not work..
force decrpytion is the good option to get data back..
You could do that - encrypt the partition, then do an emergency boot. No idea if your 2nd drive will appear though, probably since the disk information is on each mechanism.
BUT why bother? Just decrypt the correct sector range on the 2nd drive - it's not the whole drive which is encrypted, it's the partitions....
You should be able to see what is and what is not encrypted from the disk info screen after choosing the other mechanism.