1 2 3 Previous Next 20 Replies Latest reply on Jul 27, 2012 3:40 AM by mirrorless

    Why does WinTech 5.1.7 based on WinPE3.1 kill our 5.2.10 installs?

      Hello all you encyrption junkies.

       

       

      After following *every* step blow by blow on making a Bootable  WinPE disc, including every incarnation of such discs, I finally got a disc that can now launch WinTech 5.1.7 (or 5.2.x) and access a drive.  I will post my steps on getting a successful WinPE3.1 Based Disc happening, but for now I need to get some suggestions on how to proceed further.

       

       

      Encrypted OS: Windows 7 32Bit

      SafeBoot Start Up : EEPC 5.2.10

      BartPE Disc Version:  5.1.7 using SBWinTEch.exe

      New Boot Disc is Same BartPE files wedged into a WinPE3.1 disc

      Number of Encrypted machines : Over 10,000

       

      My issue is now that I've finally got WinTech 5.1.7 running on my WinPE3.1 disc, I'm finding that it somehow it breaks (not always) the drive's encyption and then I can't boot the computer normally.

       

      I've read post after post about this issue, but no one can say in a nutshell what the cause is.  I'm going to have the use SafeBoot's option of taking the drive OFFLINE before starting SBWinTech.  Ultimately this is not practical but for troubleshooting purposes I have no other option but to try it.

       

      I will in time make a disc using the absolute latest files, but for now I need to use the files we've been using for a while and we know they work.  No drive has ever broke after reading a disc before.

       

       

      The only functions that the Desktop Support Team use is WinTech > Authenticate from SBFS  then go to the file explorer and copy the files to a USB Drive, then exit.  We never remove encyption, nor play with the 'Work Space'.

       

       

      Can you please shed some light on this issue?   Also, possibly provide a way to have the disk taken offline very very early in the boot process?

       

       

       

      Cheers!!

        • 1. Re: Why does WinTech 5.1.7 based on WinPE3.1 kill our 5.2.10 installs?

          The root cause is simply PE3.1- when it discovers a drive, it starts writing to it. Thats why you need to take the drive offline before mounting it.

           

          As to why it does this, well that's a mystery to me as well - I never managed to find a reasonable explanation from Microsoft.

          1 of 1 people found this helpful
          • 2. Re: Why does WinTech 5.1.7 based on WinPE3.1 kill our 5.2.10 installs?

            So Safeboot,

             

            So, you're saying make the disk OFFLINE  *before* starting SBWintech or is it too late by then?

             

             

             

            For those who want to knock out your drive being mounted enter these babies:

            REG ADD HKLM\WINFE2\ControlSet001\Services\MountMgr /v NoAutoMount /t REG_DWORD /d 1 /f
            REG ADD HKLM
            \WINFE2\ControlSet001\Services\partmgr\Parameters /v SanPolicy /t REG_DWORD /d 3 /f

             

            Oh yeah!

            • 3. Re: Why does WinTech 5.1.7 based on WinPE3.1 kill our 5.2.10 installs?

              Yes before. Once wintech mounts the partition or sbfs, winpe will start messing with it.

              • 4. Re: Why does WinTech 5.1.7 based on WinPE3.1 kill our 5.2.10 installs?

                OK Safe,

                 

                Small issue now.

                 

                Those reg entries I've post turn off auto mounting but leaves disk online.  Will this be enough?  Once I've got SBWintech going then I can enable automount and boom, I'll get the C:\ happening, or *MUST* the disk actually be OFFLINE?

                • 5. Re: Why does WinTech 5.1.7 based on WinPE3.1 kill our 5.2.10 installs?

                  You know, I'm not really sure because I can't work out what the root problem with pe3.1 is. I know it writes to the preboot without asking, and that taking the disk offline prevents that, but as to why, no idea.

                   

                  The curious thing is taking the disk offline does not prevent access to it - you can still read from it etc. I am guessing that it's because the drivers are low enough to ignore this fact.

                   

                   

                  I think we'll all be interested in your findings though.

                  • 6. Re: Why does WinTech 5.1.7 based on WinPE3.1 kill our 5.2.10 installs?

                    SafeBoot, you da man.

                     

                     

                    RighyO,

                     

                    What I've done is created a WinPE3.1 disc running 5.1.7 . and added the two registry keys I posted above.

                     

                    So what I did when I tested my build was ..........

                     

                    Boot from the disc

                    Check status of disc in Diskpart ( was online )

                    Checked mount status in A43 utility ( Disk Not Mounted )

                    Started WinTech - Daily code + WinTech > Authenticate from SBFS

                    Went into DiskPart and enabled 'AutoMount' ( Drive did not come up )

                    While still in DiskPart I took the disc offline then online ( Warning as when you place a disc 'ONLINE' it *WILL* mount it )

                    Drive then appeared in A43 Util

                    Accessed the drive and placed a new text file on the desktop of my profile on the machine

                    Closed A43 Util

                    Went back into Diskpart and took the drive 'OFFLINE'

                    Closed WinTech

                    Shutdown the machine  ( Can't remember method for shutting down )

                     

                    I was able to boot my laptop normally and logon and review my newly created txt file that I placed on my desktop.

                     

                     

                    Please Note that I do need to test this on more than one computer, and also tighten up and be more thorough in my testing, but I really think this is it!

                     

                    This could be the golden nugget we've all been waiting for.    Now, I saw somewhere here that someone created a menu entry on Nu2Menu to take the disc offline.  I really need to find this so I can test in a repeatable manner, to find out what is mandatory and what is over kill in the way we handle the drives.

                     

                    Message was edited by: eepc_monkey on 6/7/12 3:49:47 AM CDT
                    • 7. Re: Why does WinTech 5.1.7 based on WinPE3.1 kill our 5.2.10 installs?
                      mirrorless

                      No wonder i saw on DLarson guide on make pe cd with winpe someone add inthe menu to take disk 0 offline..

                       

                      So if i;m using Wintech In WinPEv3 i need to take the disk offline before running my wintech right?

                      Otherwise it's may killed my disk?

                       

                      on 6/10/12 7:47:19 PM CDT
                      • 8. Re: Why does WinTech 5.1.7 based on WinPE3.1 kill our 5.2.10 installs?
                        mirrorless

                        from

                        https://community.mcafee.com/community/business/data/epoenc/blog/2011/01/20/how- to-create-an-ee-tech-recovery-disk-for-mcafee-eepc-using-winpe-3

                         

                                            lfah2000                    Oct 3, 2011 9:18 AM                

                                                                                   

                        I updated the Menu

                        eepc_offline_disk.png

                         

                        Update nu2menu.xml with these lines (replacing the existing ones)

                        <MENU ID="mcafee">

                          <MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Program Files\McAfee\Endpoint Encryption for PC v6\EETech.exe))" CMD="RUN" FUNC="@GetProgramDrive()\Program Files\McAfee\Endpoint Encryption for PC v6\EETech.exe">McAfee EETech for EEPC6</MITEM>

                          <MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Program Files\offline.cmd))" CMD="RUN" FUNC="@GetProgramDrive()\Program Files\offline.cmd">Take Disk 0 offline</MITEM>

                        </MENU>

                         

                        Create a file offline.cmd in \Program files\

                        diskpart /s "%programfiles%\offline.txt"

                        pause

                         

                        Create a file offline.txt in \Program Files\

                        Select disk 0

                        offline disk

                        1 of 1 people found this helpful
                        • 9. Re: Why does WinTech 5.1.7 based on WinPE3.1 kill our 5.2.10 installs?

                          Thanks Heaps Mirrorless.

                           

                          The disc doesn't have to be 'OFFLINE' , it just has to be set *not* to 'Mount' it and *not* give it a drive letter.  That's what the two reg keys do.

                           

                          Can can go to extremes and set it to 'Read Only' if one desires.

                           

                           

                          Windows Registry Editor Version 5.00

                          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
                          "NoAutoMount"=dword:00000001

                          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr\Parameters]
                          "SanPolicy"=dword:00000003

                           

                          Message was edited by: eepc_monkey on 6/7/12 4:54:43 AM CDT

                           

                          Message was edited by: eepc_monkey on 6/7/12 4:55:23 AM CDT
                          1 2 3 Previous Next