3 Replies Latest reply on Nov 18, 2011 10:27 AM by SafeBoot

    Problem with SCCM 2007 OSD & PCs with Endpoint Encryption for PC

    mattw2

      As part of a move to Windows 7 on our PCs, we have been working on setting up Microsoft System Center Configuration Manager (SCCM) to handle the Operating System Deployment.

      The idea being that we would advertise the OS install to existing PCs and it would, in effect, be initiated from within Windows prior to restarting into Windows PE.

       

      During initial testing we've been getting on with no major issues.

      Problem came up today when we attempted to do an OS deployment to a PC with fully encrypted hard disk (Endpoint Encryption 5.2.5).

       

      The problem being that, we had an error come up that the operating system was missing.

       

      What happened was...

      1) Windows 7 deployment initiated from "run advertised programs".

      2) Progress message on screen to advise restart into Windows PE

      3) PC restarts and comes up with "Missing Operating System" message.

       

      Restarting brings up same message.

       

      I can only assume that, as part of the WinPE provisioning, it is doing something to the MBR, which then breaks both WinPE and Encryption so that the PC won't boot.

       

      Only suggestions i've found involve either de-crypting the PC first, or booting off WinPE to iniiate the OSD task sequence (rather than launching from in windows), which, whilst achievable, would be inconvenient and not popular with the management.

       

      I would be interested in hearing how other people handle this, as i'd be surprised if no-one has come across this issue or is using SCCM to deploy an operating system to encrypted PCs.

       

      regards

       

      Matthew W.