8 Replies Latest reply on Jan 21, 2010 8:58 AM by R3k1awyk5 Branched from an earlier discussion.

    Re: RE: Correct, but...

      I am hoping for some guidance for a similar issue to that above

       

      I have a corporate laptop on which with Safeboot was installed. After mistakenly losing access to the laptop/domain (lost passwords) I was given a BartPE disk and the Safeboot daily password by our Safeboot admin and I successfully un-encrypted the disk. I was then able to access (hack) the Windows XP login and get back into the machine and network so all is good... I thought. I was told that Safeboot would re-encrypt the disk automatically, but it has failed to do so and errors each day with something like "can't access boot record" or a similar message. The company's IT guys then tried to uninstall Safeboot so that it could be installed afresh but "sbsetup -uninstall" gives the message "Safeboot boot protection is still enabled on this machine. The client cannot be uninstalled while boot protection is still enabled". They now want to rebuild my PC from scratch to install everything, including safeboot. This will be a massive disruption for me so this is my last desparate attempt to stop that happening. What is it that makes sbsetup think safeboot boot protection is actually enabled ??

       

      Note, I have now removed all reference to the word Safeboot in my registry, stopped any Safeboot services and renamed Safeboot directories under "program files"... hey I'm about to lose my whole PC config so I'll try anything right now. Also since it's the corporate system I don't have any access to safeboot tools/consoles etc apart from the old BartPE image but I'm unlikely to be provided the daily password this time since their line is now... rebuild the PC!

       

      Is there anything that can be done to disable Safeboot boot protection in this instance?

       

      Thanks very much

        • 1. Re: RE: Correct, but...

          Why are you replying to the old thread, you should create a new one.

           

          What is current situation? Is disk still encrypted? Can you still mount it and access files using WinTech utility on BartPE CD?

          • 2. Re: RE: Correct, but...

            you were tinkering eh?

             

            well, I guess if you've removed the drivers from the registry, the disk can't be encrypted or it would BSOD on boot, so what you need to do is flush the MBR with FixMBR from the Windows recovery console.

             

            depending on how much tinkering you've done though of course.

             

            Then, install again and you'll get back to the beginning.

            • 3. Re: RE: Correct, but...

              Thanks very much for your answers but...

               

              FixMBR from windows recovery seemed like it was going to solve everything but unfortunately although it appeared to run successfully it didn't seem to make any difference and I still apparently have boot protection enabled when I do an "sbsetup -uninstall". I noticed though that there are several interesting options in the Wintech software (via my Bartpe disk) such as:

              1./ "Restore MBR" - this is grayed out so I can't get to it.

              2./ "Set safe original MBR" - when I run this I get the message "Safebot client not activated"

              Would either of these be a better way to replace the MBR? If so which and how to resolve the issues with them?I think my wintech is enabled (with the daily password) but not activated - whatever that means.

               

              I did run "sbsetup -uninstall" while running from my BartPE disk and it seemed to successfully uninstall (Yay!) but then when I booted the machine XP failed to load due to the following file being missing: "c:\windows\system32\drivers\sbalg.sys". I managed to copy it back on from another machine to get it to boot but now I'm back where I started... boot protection is enabled.

               

              They're going to reformat my disk next week unless I can solve this first - help!

               

              ... and yes I probably should have started a new thread but we're here now. To recap my disk is not encrypted and I need to uninstall safeboot so that it can be cleanly re-installed and then encrypt my disk - company policy.

               

              Thanks for any help

              PS. got to tinker :-)

              • 4. Re: RE: Correct, but...

                it's probably not letting you uninstall because it can't talk to the driver - thus, it fails safe because it does not know if the disk is encrypted or not.

                 

                you could go poke through the currentcontrolset and delete the entries etc, but I think the simplest thing to do would be to reinstall to get everything back in order, delete sdmcfg.ini, reboot, then it should let you uninstall fine.

                 

                PS - there is NOTHING wrong with tinkering, in fact I encourage it BUT only with the caveat that you accept responsibility ;-) It's amazing how many people call me with a "your product sucks..." attitude and then 'fess up that they installed Ubuntu after deleting those pesky space-wasting SYS files in system32...

                 

                 

                Message was edited by: SafeBoot on 1/15/10 9:17:53 AM GMT-05:00
                • 5. Re: RE: Correct, but...

                  If you can still see disk content while using BartPE and WinTech, I suggest to take disk image after encrypted disk is WinTech mounted.

                  Then you can restore that image to your hard drive (without WinTech this time) and it all should be good.

                  • 6. Re: RE: Correct, but...

                    the disk is not encrypted though?

                    • 7. Re: RE: Correct, but...

                      Thanks so much for your help guys, the problem has been solved and I'm very relieved about that.

                       

                      To recap: my problem was that Safeboot had some corruption and was unable to encrypt my disk, also the uninstall failed due to boot sector protection being enabled.I couldn't install or uninstall!

                       

                      I "think" what solved it in the end was the "sbsetup -uninstall" being successful from the BartPE disk. Even though this killed my OS temporarily (untill I copied sbalg.sys back on) it appears to have tidied something up so that I have since been able to do a successful install of Safeboot and the disk is now fully encrypted and working! Wouldn't have bothered trying another reinstall without your suggestion and probably would have given up and let others sort it out with their "reformat" sledgehammer.

                       

                      cheers

                      • 8. Re: RE: Correct, but...
                        R3k1awyk5

                        Sounds like it would have been much easier to have the support guys image a new hard-drive for you. Then you could have slaved it to your machine, booted to your BARTPE disk, and copied your data to the new drive.  Then swapped out the old drive for the new, and BOOM,  you are fixed in less than a day.