I have a EliteBook 8440p.
The notebook had Windows Vista and the hard drive encrypted with EEPC (End Point Encryption). I have upgraded the notebook to Windows 7 doing a full installation from scratch and then reinstalled EEPC with same user and password. Before doing the upgrade, I copied all my files to an external hard drive connected to the e-SATA port. I formatted the drive (NTFS format, no Quick Format), copied all the files (using Windows explorer, normal copy-paste procedure), shutdown, desconected the external hard drive and booted from the Windows 7 installation disk and so on.
After that, I re-connected the external hard drive, again thru the e-SATA port but Windows now says that it has no format (so I've lost all my files!!!).
The problem was that EEPC confused the external drive connected thru e-SATA with an internal drive and encrypted it ( I didn't notice that at the moment). And now, even if the notebook is the same, and that when I reinstalled EEPC I used the same password, it is not allowing access to the drive.
I received no support from my company technical staff, and they didn't give me the grant number to ask support from McAffe. They simpy argue "we don't support external drives", but the problem was originated by EEPC that treated the external drive as internal.
Does anybody knows about similar problems and ways to solve it?
Does anybody knows If I reinstall Windows Vista and then EEPC encrypting the C: disk with the same key I had, Will the external drive be accesible again?
First the bad news, without your IT teams help there's no way to ever get your data back. Reinstalling won't help, that creates a new key. So nothing you as a user can do will help.
Next, as to what happened. Well most likely your operating system mistakenly recognized the eSATA drive as internal, so eepc encrypted it - by default eepc will never encrypt a removable drive. The only other explanation is that your it team set the policy to encrypt removable drives, quite logical seeing as the point of the product is to protect the data.
The good news is that your IT team can recover your data, they wil have your original key and recovery information. If they choose not to want to recover it though (after all, it is their data....) there's nothing you can do to bypass their decision.
Even if they give you the grant number, there's still nothing you can do - only your IT team have the recovery key for your old install, so only they are in a position to help you here.
I've seen some cases not equal, but similar to my case, and the other users had the same problem :internal IT Team doen't help, they don't want to waste any time helping final users.
I've read a story of someone working on my same company and giving up at the end because IT team didn't give him any help, even if the help he needed, like me, was only to recover a key from a central data base (I imagine that the key you are refering to is some key that is the Daba Base of EEM, no? is it different from the password I use at the initial login screen of EEPC, isn't it? ).
The curious thing is that, when I reinstalled EEPC, it recognized I was reinstalling it on the same PC and asked me if I were reimagining it (or something like that, I can't remember exactly the message), so I said yes, and I supposed that it should use the same previous key (because I used the same user and password for EEPC which is not syncronized with Windows). And that after finishing the installation the external drive would be accesible. But it wasn't the case.
Do you know if the keys for the C: and E: drive are the same? (it they both are treated as internal drives)
Shouldn't be the data to rebuild the key stored on the disk itself? (because when everything is working fine the disk is accesible even when you are not connected to any network, so there is no access to EEM to get any key)
I am trying to find any solution I can apply without IT Team help, because I know they will be not willing to help.
The product you are using (eepc5) does not support key reuse, and would never ask you, but of course your company may have invented something to help them track reimaged machines. All drives on one install would use the same key, but that key is not related in any way to your user and password - it's completely separate and unique. If you reactivate, you get a new key.
The key is stored on the boot disk, not on each disk separately, though the ID of the key is, to make it easy for the helpdesk to recover the drive.
Again, only your IT team can help you, unless you have an image of your original boot drive. They will have the key as you say in EEM.
I'm sorry, but this is an enterprise product, so all the power is held by the enterprise, not the end user. In fact it's designed specifically to prevent users from doing anything without the approval or assistance of your helpdesk, because at the end of the day, it's not your computer or data, it belongs to your company.
Thanks SafeBoot, you are really a master !!!
Your explanation is clear. It seems that I have a big problem, even so the solution is very simple, just because out IT Team does't give any help. The policy is not to give any help, just to reduce costs (they only chat, they don't even have a phone number). It is not a security policy, I had access to all these data alfter all. Well, we can't do anything with this.
Following with the diagnostics, your are right, we have version 5 of eepc, exactly 5.2.8. When I installed it last time, and recognized as a re-installation (as you said maybe that my company added something in the installation process to improve the administration), it showed two 8 hexadecimal strings, one as "user-id" and the other one I don't remember its label. Perhaps it was the encryption key, but it's unlikely because if it where the previous key and it were reused now my external drive would be recognized. Unless the behaviour in Windows Vista and Windows 7 were different, causing that in Windows Vista the external drive connected to the e-Sata port was treated as an internal drive and now in Windows 7 is recognized as external, so eepc doen't process the I/Os to the disk. Its a minimal probability, but I can try if I can confirm if we are doing key reuse in any way.
Do you know the length of the key?
The key is 256bits. I'm not sure I am being clear though, the key is NEVER reused. The product you are using does not support key reuse.
I think eSATA started to be recognized as external in w7 SP1, before that they were considered internal by the os.
Thanks a lot SafeBoot, you are very helpfull.
It seems that my only option is to try with our IT Team to get the previous key that should be in EEM, and then decrypt the disk using SafeTech (I have read that there is a link in this forum to download this utility).
I will try next Monday to get the key and the software (I hope it is all I will need).El mensaje fue editado por: trusted952 on 21-05-11 09:21:57 PM CDT