8 Replies Latest reply on May 27, 2013 9:29 AM by SafeBoot

    Reimage Encrypted Drive using LANDesk 9

    pcktech

      Hello,

       

      I have been trying to reimage computers using LANDesk 9.0.2.3, but have been unsuccessful. I've managed to get as far as booting up into WinPE 3 (put WIM on hard drive, manually edit the BCD with a ramdisk entry, set the system to one time boot to the ramdisk/WIM), but even after I use diskpart > select disk 0 > clean > create partition primary > format fs=ntfs quick > assign > active > exit, ImageX still cannot apply the WIM file to the drive. It crashes on the same folder every time: error 5 (Access is Denied; see the screenshot I've uploaded with this discussion). Even using format C: /FS:NTFS (without /Q), despite C: being blank I still get access denied as though the files still existed or the sectors themselves are locked. I've tried using unlocker, but that didn't help.

       

      The WinPE 3 image has the same MfeEpePc.sys file that the client systems use; it can see the contents of the C: drive, and can delete the majority of the drive's contents.

       

      Manually trying to erase the partition using del/rmdir or robocopy /MIR displays "Access is denied" for close to about 40-50 files in various directories.

       

      I saw McAfee put out a RefreshTool early this month and I tried using that (stop the service, unlock the SafeBoot files, even tried making hardlinks, restoring the MBR, et al), but "Access is Denied" still pops up.

       

      Even if I use a USB Flash Drive with WinPE3 booting from it I get "Access is Denied" the first time. I restart, boot to the USB Drive again, and ImageX deploys the image without complaint. Unfortunately that doesn't work when trying to reimage through LANDesk (getting WinPE to reboot itself didn't help).

       

      I need to be able to image an encrypted computer remotely (with LANDesk because that's the tool we use). The process works smooth as silk with drives that are not encrypted; the "Access is Denied" errors only happen on encrypted drives.

       

      Has anyone seen this before? The only thread I've found about "SafeBoot" and LANDesk is over a year old on a different version of LANDesk, unfortunately. If I knew why these files/sectors were being held locked maybe I could work out a way around the problem, but after two weeks I'm running out of ideas and would appreciate any suggestions.

       

      Thank you.

       

      PS: This has happened on two separate systems, a Latitude E6500 and E6420 are the two primary test units. Both had Windows 7 x64 on them before and I was testing reimaging them back to Windows 7 x64.

       

      Message was edited by: pcktech on 10/18/11 1:59:45 PM CDT
        • 1. Re: Reimage Encrypted Drive using LANDesk 9

          I guess you are trying to put a clean image on the drive, so why do you have the encryption drivers in your WinPE build? The access denied error is to be expected, as EEPC is trying to preserve itself from getting wiped (thus rendering the encrypted drive unbootable), but, if you're about to wipe the drive, you don't care probably.

           

          Do you need to read the user data off the drive prior to the re-image?

          • 2. Re: Reimage Encrypted Drive using LANDesk 9
            pcktech

            Hello,

             

            Yes I am trying to wipe the drive to reapply a clean image. The drivers were added when I tried using McAfee's Refresh Tool; I was hoping it would help, but unfortunately did not.

             

            No user data needs to be saved on the drive; users will be expected to back up their data before being reimaged.

             

            Thank you.

            • 3. Re: Reimage Encrypted Drive using LANDesk 9

              well, if you're trying to wipe it clean, you need to remove the refresh drivers - they help you preserve the encryption, you need to overwrite it. Just use a clean WinPE image and your usual methods, the encryption is software based so it can't do anything to defend itself when you boot off an alternate OS.

              • 4. Re: Reimage Encrypted Drive using LANDesk 9
                pcktech

                Hello,

                 

                Thank you. I hadn't thought to do that before since we've used a PE Image (the basis for the one I was using for LANDesk's Deployment) with that driver in order to use the EETech utility. Of course it's a service, so it was actively working in the background this entire time.

                 

                Still odd our PE Image with the driver when booted from a USB Drive boots, encounters Access is Denied, then you reboot, boot to the USB Drive again (same image), and everything works.

                 

                Important thing is it appeared to work. I'll have to give it a few more deploys to verify, but this first unit's working (after that I'll mark your reply as the answer for others to reference). Thank you very much.

                • 5. Re: Reimage Encrypted Drive using LANDesk 9

                  Can you elaborate on your statement, "The access denied error is to be expected, as EEPC is trying to preserve itself from getting wiped"?  You mean the filter drivers being loaded in WinPE have some sort of self protection function?

                  • 6. Re: Reimage Encrypted Drive using LANDesk 9

                    since you added the screen shot - it would seem the error is coming from ImageX not from EEPC? If so they might be able to help you more.

                     

                    But yes, if you're trying to overwrite in-memory EEPC drivers, that's not going to be possible without unlocking them first. They are locked, because if you overwrite them, your disk will stop working.

                    • 7. Re: Reimage Encrypted Drive using LANDesk 9

                      Hi

                       

                      Please can you explain in detail as am trying to make to refresh systems from XP to WIndows 7 using SCCM 2007 with all systems encrypted with McAfee EEPC and when trying to wipe and load the OS its throwing up the access denied error at every stage.

                       

                      I have followed the steps as of the document below to load the drivers in WinpE http://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/2 3000/PD23245/en_US/McAfeeEE6x_WindowsOSRefresh_v1_1.pdf

                       

                      Iam able to get to point where its applying the OS but errors

                       

                      WIM error:C:\Windows\winsxs\amd64_microsoft-windows-d..lient-adm.resources_31bf3856 ad364e35_6.1.7600.16385_en-us_936c40cbff4a0ef1. Permissions on the requested may be configured incorrectly.


                      Failed to run the last action: Apply Operating System. Execution of task sequence failed.

                       

                      Is the documentation correct on adding drivers and registry to WinPE, without the drivers in WinPE the disk is not accesible as I tried to load a clean WinPE to see if that is going to work but it is not able to access the C: drive as its encrypted.

                       

                      Any suggestions?

                       

                      Thanks!

                      • 8. Re: Reimage Encrypted Drive using LANDesk 9

                        Can you start a new thread as the one you are responding to seems unrelated to your situation?