7 Replies Latest reply on May 27, 2013 8:44 PM by spectra

    Problem retaining a fully encrypted disk when re-imaging by USB (winpe3)



      We currently use OS deployment in SCCM to refresh our encrypted devices (EEPC 6.2) with Windows 7, whilst retaining a fully encrytped disk. This method works really well and saves having to re-encrypt the drive once a new Windows 7 build has been applied. However there are some sites where we don't have access to SCCM and have to reimage devices using a USB stick.


      What I would like to do is retain the fully encrypted disk after reimaging a PC to Windows 7 in a WinPE 3.0 environment using a USB stick. I think I am pretty close to achieving this, but it's not quite working. I will explain the whole process I am using:


      1.     Boot off a USB stick on an encrypted PC (EEPC 6.2). This boot stick uses WinPE 3.0  and includes all of the EEPC drivers and registry keys.

      2.     Run the EETech tool to authenticate with my token credentials. This allows me to see the contents of the disk with the operating system (C:)

      3.     Backup the EEPC MBR using the EpeWinUpgradeTool.exe (output shows success)

      4.     Unlock and Unhide the SafeBoot files

      5.     Delete all files from the disk, except C:\SafeBoot.fs,  C:\SafeBoot.rsv and the backed up MBR dat file

      6.     To apply the Windows 7 WIM image it would not work unless I ran the EETECH tool again and this time Authorize with the code of the day, click "Edit Disk Crypt State" and "Clear Crypt         List"

      7.     The Windows 7 image would then successfully apply and I then copy MfeEEAlg.sys and MfeEpePc.sys to C:\Windows\System32\Drivers in the new image

      8.     I write all of the correct EEPC registry keys (in ControlSet001) on the new image by loading the hive C:\Windows\System32\Config\System. Then I unload the hive.

      9.     Restore the EEPC MBR using the EpeWinUpgradeTool.exe (output shows success)

      10.  The preboot encryption logon appears and I log in with my credentials

      11.  At this the PC tries to boot into the OS and there a coloured squres to indicate corruption and the PC hangs and wont boot into windows (see attachment).


      I suspect that this is something to do with clearing the Crypt List. Unfortunately if I don't do this I cannot apply an image to the disk (just authenticating with a token isn't enough to fully unlock the drive). My question is, is there another way to apply the WIM image without clearing the crypt list?


      It would be nice if I could get this solution working, otherwise the only other option is to delete the partion, which kills the encryption and means that the disk has to fully encrpyt again after the image has been applied, which can take a whole day on some machines.