Hello all you encyrption junkies.
After following *every* step blow by blow on making a Bootable WinPE disc, including every incarnation of such discs, I finally got a disc that can now launch WinTech 5.1.7 (or 5.2.x) and access a drive. I will post my steps on getting a successful WinPE3.1 Based Disc happening, but for now I need to get some suggestions on how to proceed further.
Encrypted OS: Windows 7 32Bit
SafeBoot Start Up : EEPC 5.2.10
BartPE Disc Version: 5.1.7 using SBWinTEch.exe
New Boot Disc is Same BartPE files wedged into a WinPE3.1 disc
Number of Encrypted machines : Over 10,000
My issue is now that I've finally got WinTech 5.1.7 running on my WinPE3.1 disc, I'm finding that it somehow it breaks (not always) the drive's encyption and then I can't boot the computer normally.
I've read post after post about this issue, but no one can say in a nutshell what the cause is. I'm going to have the use SafeBoot's option of taking the drive OFFLINE before starting SBWinTech. Ultimately this is not practical but for troubleshooting purposes I have no other option but to try it.
I will in time make a disc using the absolute latest files, but for now I need to use the files we've been using for a while and we know they work. No drive has ever broke after reading a disc before.
The only functions that the Desktop Support Team use is WinTech > Authenticate from SBFS then go to the file explorer and copy the files to a USB Drive, then exit. We never remove encyption, nor play with the 'Work Space'.
Can you please shed some light on this issue? Also, possibly provide a way to have the disk taken offline very very early in the boot process?
The root cause is simply PE3.1- when it discovers a drive, it starts writing to it. Thats why you need to take the drive offline before mounting it.
As to why it does this, well that's a mystery to me as well - I never managed to find a reasonable explanation from Microsoft.
So, you're saying make the disk OFFLINE *before* starting SBWintech or is it too late by then?
For those who want to knock out your drive being mounted enter these babies:
REG ADD HKLM\WINFE2\ControlSet001\Services\MountMgr /v NoAutoMount /t REG_DWORD /d 1 /f
REG ADD HKLM\WINFE2\ControlSet001\Services\partmgr\Parameters /v SanPolicy /t REG_DWORD /d 3 /f
Small issue now.
Those reg entries I've post turn off auto mounting but leaves disk online. Will this be enough? Once I've got SBWintech going then I can enable automount and boom, I'll get the C:\ happening, or *MUST* the disk actually be OFFLINE?
You know, I'm not really sure because I can't work out what the root problem with pe3.1 is. I know it writes to the preboot without asking, and that taking the disk offline prevents that, but as to why, no idea.
The curious thing is taking the disk offline does not prevent access to it - you can still read from it etc. I am guessing that it's because the drivers are low enough to ignore this fact.
I think we'll all be interested in your findings though.
SafeBoot, you da man.
What I've done is created a WinPE3.1 disc running 5.1.7 . and added the two registry keys I posted above.
So what I did when I tested my build was ..........
Boot from the disc
Check status of disc in Diskpart ( was online )
Checked mount status in A43 utility ( Disk Not Mounted )
Started WinTech - Daily code + WinTech > Authenticate from SBFS
Went into DiskPart and enabled 'AutoMount' ( Drive did not come up )
While still in DiskPart I took the disc offline then online ( Warning as when you place a disc 'ONLINE' it *WILL* mount it )
Drive then appeared in A43 Util
Accessed the drive and placed a new text file on the desktop of my profile on the machine
Closed A43 Util
Went back into Diskpart and took the drive 'OFFLINE'
Shutdown the machine ( Can't remember method for shutting down )
I was able to boot my laptop normally and logon and review my newly created txt file that I placed on my desktop.
Please Note that I do need to test this on more than one computer, and also tighten up and be more thorough in my testing, but I really think this is it!
This could be the golden nugget we've all been waiting for. Now, I saw somewhere here that someone created a menu entry on Nu2Menu to take the disc offline. I really need to find this so I can test in a repeatable manner, to find out what is mandatory and what is over kill in the way we handle the drives.Message was edited by: eepc_monkey on 6/7/12 3:49:47 AM CDT
I updated the Menu
Update nu2menu.xml with these lines (replacing the existing ones)
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Program Files\McAfee\Endpoint Encryption for PC v6\EETech.exe))" CMD="RUN" FUNC="@GetProgramDrive()\Program Files\McAfee\Endpoint Encryption for PC v6\EETech.exe">McAfee EETech for EEPC6</MITEM>
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Program Files\offline.cmd))" CMD="RUN" FUNC="@GetProgramDrive()\Program Files\offline.cmd">Take Disk 0 offline</MITEM>
Create a file offline.cmd in \Program files\
diskpart /s "%programfiles%\offline.txt"
Create a file offline.txt in \Program Files\
Select disk 0
Thanks Heaps Mirrorless.
The disc doesn't have to be 'OFFLINE' , it just has to be set *not* to 'Mount' it and *not* give it a drive letter. That's what the two reg keys do.
Can can go to extremes and set it to 'Read Only' if one desires.
Windows Registry Editor Version 5.00
Message was edited by: eepc_monkey on 6/7/12 4:54:43 AM CDTMessage was edited by: eepc_monkey on 6/7/12 4:55:23 AM CDT