Showing results for 
Search instead for 
Did you mean: 
Level 9

Problem with SCCM 2007 OSD & PCs with Endpoint Encryption for PC

As part of a move to Windows 7 on our PCs, we have been working on setting up Microsoft System Center Configuration Manager (SCCM) to handle the Operating System Deployment.

The idea being that we would advertise the OS install to existing PCs and it would, in effect, be initiated from within Windows prior to restarting into Windows PE.

During initial testing we've been getting on with no major issues.

Problem came up today when we attempted to do an OS deployment to a PC with fully encrypted hard disk (Endpoint Encryption 5.2.5).

The problem being that, we had an error come up that the operating system was missing.

What happened was...

1) Windows 7 deployment initiated from "run advertised programs".

2) Progress message on screen to advise restart into Windows PE

3) PC restarts and comes up with "Missing Operating System" message.

Restarting brings up same message.

I can only assume that, as part of the WinPE provisioning, it is doing something to the MBR, which then breaks both WinPE and Encryption so that the PC won't boot.

Only suggestions i've found involve either de-crypting the PC first, or booting off WinPE to iniiate the OSD task sequence (rather than launching from in windows), which, whilst achievable, would be inconvenient and not popular with the management.

I would be interested in hearing how other people handle this, as i'd be surprised if no-one has come across this issue or is using SCCM to deploy an operating system to encrypted PCs.


Matthew W.

0 Kudos
3 Replies
Level 13

Re: Problem with SCCM 2007 OSD & PCs with Endpoint Encryption for PC

Have you seen Dan's article:

Have a look at that and see if that solves your problem.



0 Kudos
Level 9

Re: Problem with SCCM 2007 OSD & PCs with Endpoint Encryption for PC

Thanks for pointing me at the information....

Whilst i suspect it may be able to help in fixing the issue, i'm  having trouble getting my head around what is needed to be done...

The section on SCCM seems somewhat vague in that whilst other options get some reasonable detail (although not necessarily enough in my opinion), the SCCM part just mentions some issues that need to be resolves with (again in my opinion) little information or guidance on what needs to be done.

I understand the parts about the MBR, and why the issue happens.

I guess i was hoping for a different type of solution that would not involve so much in changing our existing build images and task sequences, but still mean a windows build can be launched from within Windows and not fail at first attemp to boot to WinPE.

0 Kudos
Level 21

Re: Problem with SCCM 2007 OSD & PCs with Endpoint Encryption for PC

unfortunately, since SCCM is a scripted, programmed environment, it's not possible to "package" up a task as deep as this - you need to build it into your process. Your SCCM or Microsoft experts should be able to do it easily though as they will be familier enough with the existing process to see where the new steps have to be inserted.

0 Kudos