best thing to do is pass it over to the person who was trained in this product and let them help you.
but, the machines original MBR is indeed in EPO. and there"s a "restore mbr" button you found in the tool already. But, this would not do anything without you feeding it some information like an SDB file or a user name/password - can you remember EXACTLY what you did?
If you can see a file structure of the disk, then it can't be encrypted - there's no way the files can be encrypted, and the directories not.
It sounds like you had a WinTech CD, not an EETech CD? - you need to use the right tool for the product version you are using.
What was the third party tool you used?
No, there's no special software - it's not needed - you have everything you need to recover a normal machine.
Finally, if the machine did not sync with AD, then it can't have activated the proeuct in the first place, the disk can't be encrypted - in fact, EEPC would not have made any changes to the drive itself. SO, what you say is quite mysterious
Well, I am the responsible for that software here in my company. I have also an open service request with the McAfee Gold support.
I clicked on the Restore MBR button and it didn't ask me for a file. It only said it was ok. Should it be asking for some SDB file? Where the SDB file is located in ePO?
For the EETech, I used the McAfee EETech user guide provided in the McAfee Website. There is two way of create the disk, WinPE v1 or Standalone. I did both nut used the Standalone version. So, following the steps of the user guide, I used the EETech CD. But the KB I said, says that there is a SafeTech Boot Disk. Is SafeTech Boot Disk the same as WinTech CD?
I used Recovery Information File (.xml) that was exported from the ePO to authenticate.
When I run some partition tools, such as Partition Find and Mount, I shows a partition with NTFS ok but with only two files. The size used on that partition is the size of the files. And other partition that was not recognized properly.
So I think that the structure of this HD is confused, but the files still there.
I used the GetDataBack tool to see the structure of the files. I can even opy the files but some of them open all scrambled, not readable.
The issue with not sync with AD, maybe is because I applied the TAG first in ePO and after that I related an user from my domain to the machine. I think I should do that before assigning the TAG (encrypt).
I think your partition tool is the cause of the problem here. There's no way it would find a real partition on an encrypted drive - I expect it's just found some random data and created a partition out of it.
The question is, are you sure the drive was encrypted to start with? The product won't activate if there are no users assigned.
The fact that you've used this partition tool and used EETech incorrectly means I think you'll need to speak to your platinum person to get any help here, even saying that, the data is probably lost now without spending a lot of time and probably professional services
Well, I think I could retrieve some data. If not, the manager said that he has a backup of some data.
I am sure the encrypt worked because when I reboot the computer, it prompts for the username and password. My AD user didn't work and I didn't know the local ePO user.
I did a recover with the challenge code and the response from ePO and could load the Windows. But then, after that, Windows asked again for the login, with the EEPC GINA screen.
I'll contact my support person and see if I could try to restore something.
just a FYI - there's no such thing as a "Local ePO user" - EEPC just adds the users you tell it to add via the policy, there are no spare or extra ones.
the most usual problem is people set it to add users in the fully qualified name format, rather than SAMAccountName, so you need to confirm that in your epo policy to see what format to type the user name in, either shunt, simon hunt, or email@example.com etc.
It's your choice what format to use, but you need to obviously type the right one.
For the public good, I'm going to explain what you *should* have done in this scenario.
- When the EE Tech standalone tool returned an error, you should *not* have done the restore MBR operation. This does you no good at all since the disk is still encrypted.
- You should have used one of the other decrypt methods in EE Tech, either "crypt sectors" or "force crypt sectors".
- These methods require you to enter precise information for which sectors to decrypt. You can get this information by using the "disk info" button in EE Tech. This will show you the encrypted regions of the disk. You only want to decrypt those sector ranges.
- Once that decrypt operation is done, THEN you'd want to restore the MBR.
Because you restored the MBR too soon, the system displayed the NTLDR missing error. The way to recover from that would have been to go back into EE Tech and restore the Endpoint Encryption boot record and start at step 1 above.