This content has been marked as final. Show 14 replies
Since it appears that you did a force decrypt you can try to boot into safemode and run the SBSetup.exe -uninstall from the command prompt. That should remove the program files and any registry hooks safeboot has.
we'd need to know what the original BSOD message was to answer that. happy
Thanks for the response. When I tried to do the uninstall, I get the message that "Boot protection is still enabled on this machine. The client can not be uninstalled while boot protection is enabled."
Any ideas on how I do that?
I think since MEE doesn't have any components loaded in safemode its not able to see that the drive is decrypted and boot protection is in fact removed. I'm running a test on a virtual machine to see if I can enable MEE in safemode so it will allow for an uninstall and post my results. I don't want to take a wild guess and have you completely break a production machine.
If you have a non encrypted drive. You can do a SBSetup.exe -uninstall. Before doing a SBSetup.exe -uninstall you have to do a fdisk /mbr.
NEVER Fdisk a Vista machine - if you do it will be the end of it...
I fixed the MBR by using both Super FDisk and the BartPE Safetech Disk->Restore Original MBR option, neither option made a difference. I still get the "Boot protection is still enabled on this machine. The client can not be uninstalled while boot protection is enabled." message when trying to do the uninstall in SAFE mode.
While in Safe mode, I changed the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL key back to the windows default of MSGINA.DLL and I can now successfully log into the machine without going into safe mode, but I still recieve the same error message when trying to do the safeboot uninstall.
just remove it the legal way via the policy in the management console, that will solve your problems. You probably don't have enough admin rights to do it via the command line (or the boot code IS still installed).
If you remove SafeBoot via the SafeTech or WinTech disk, and then boot back into Windows and the machine is connected to the network it will start to re-encrypt all over again.
The best way to remove SafeBoot is using the console to flag the machine to Remove & Reboot on the next sync. This cant be done if the machine is BSoD and cant get into windows. In the case of the BSoD you need to use the method below.
This is the method i have used in the past and never had trouble with this method:
1.) use WinTech or SafeTech to Remove SafeBoot
2.) before rebooting, delete the machines object from the database and unplug the network cable
3.) boot the machine and use the sbsetup -uninstall command from the local administrators windows account
After all that the machine should be free and clear of SafeBoot. Also, if the sbgina.dll is messing things up so that you cant login to Windows normally you can boot to safe mode and change it back to msgina.dll in the registry as noted above.