2 Replies Latest reply on Jul 31, 2013 5:28 PM by mkmcgui5

    Using EpeTemporaryAutoboot

    mkmcgui5

      Hi,

           I'm not sure this is the right forum for this question, so if this is the wrong place please point me in the right direction.

       

      We are looking to start using full disk encryption and using EpeTemporaryAutoboot.exe when deploying Software Updates via SCCM 2007 (soon SCCM 2012) to bypass the preboot login when the system reboots.

       

      I am not completely sure of the best way to implement this, but my initial plan of attack is to use "System Center Update Publisher" (SCUP) to import the EpeTemporaryAutoboot.exe as an "update" that I can include with each set of Update deployments.

      I only want it to run on systems that have disk encryption, so for "Installable rules" I have it looking for a "McAfee Endpoint Encryption Core Service" that it is set to Automatically start (using a WMI query).

       

      Now I just need to figure something out for the "Installed" rules (a registry key, WMI setting, or something) so that once the update runs, it will not return a status of "Failed".  Is there a way I can tell if a system has run EpeTemporaryAutoboot.exe and is just waiting for the next reboot?

       

      Also, if I'm going about this all wrong, I'm open to suggestions.

       

      Thanks,

      Mike

        • 1. Re: Using EpeTemporaryAutoboot
          JayMan

          I'd be interesting to hear how you end up working this one out.

           

          I'll be tackling the same problem in the next couple months...

          • 2. Re: Using EpeTemporaryAutoboot
            mkmcgui5

            I could not think of a good way to implement the EpeTemporaryAutoboot.exe as a "software update" without having it "fail" or not show up at all (as not applicable), so I decided to go a different route and I think it is going to work fairly well.

             

            I've decided to create a scheduled task on each of the computers with encrypted disks.  The trigger for the task is the "System Restore" event (EventID=8194) from the Application event log.

            Once the task is triggered, it will run a script that I wrote that will:

            • Query the event log (using the Win32_NTLogEvent WMI Class) for all System Resource events with a TimeWritten >= to today's date.
            • Look for the words "Windows Update" in the Message of the event
            • Look to see if SMSCliUI.exe is currently running
            • If all the criteria is met, then I know that it is a software update that we are pushing via SCCM and it will run EpeTemporaryAutoboot.exe --number-of-reboots 1

             

             

            I've created an SCCM Pkg/Prg/Adv to deploy the files and create the scheduled task for me.  I've tested this on Win7 x64  - so far it's been working great.