This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard Easy 4.30 and OSD in SCCM

I'm having some problems with SGE in a OS Deployment, XP to Win 7 in SCCM.

The drive is to be formatted during the OSD task sequence and no data on the drive is to be saved. I've prepared the WinPE image with the filter drivers as described in article 66019 and prepared a .cfg file that disables warning messages to show when MBR has been changed and disables the restore MBR option.

The new image seems to get applied correctly and I can read the disk fine during the task sequence but after restart the floppy icon still appears and it stops at "loading operating system". I've tried using bootsect /nt60 c: /mbr as the first step after the inital restart to WinPE, I've also tried diskpart with "clean" command but none of these has worked. SGE seems to reside in the MBR no matter what I do.

Is there any solution to get SGE out of the MBR and get the drive completely clean from WinPE?

EDIT: I should add that removing SGE from the MBR works fine with diskpart and option clean when I boot to WinPE from a CD, however, this is a Zero Touch scenario so WinPE must be staged and started from the disk. Also, we have the option to uninstall the with a uninstall.cfg file, but that also means a decrypt is needed if I understand correctly, and that simply takes too long in this scenario.

This thread was automatically locked due to age.

Parents

0 JohnS over 12 years ago

Hi Donmak,
No solution seems to exist for this particular scenario. The problem seems to be this:
Since the task sequence uses the disk to store needed files, you need to have a WinPe prepared with the filter drivers. This enables you to read and write to the encrypted disk. However, once the filter drivers are loaded they also effectivly protect the mbr from being overwritten. Thereby causing a catch 22 scenario. You need the filter drivers to read the task sequence on the disk, but you can't rewrite the mbr as long as they are loaded. And without the filter drivers, you can't read the disk...
Also tried using a tool from Sophos that was said to be able to stop the filter driver directly. Sadly this tool was meant for SafeGuard Enterprise and didn't work.
Ended up reverting to performing a full decryption followed by an uninstallation of SGE (SGE is still present in mbr if not uninstalled) before initiating the OS deployment. So an OS deployment that could've been completed in about 2 hours if there was a way around this, now takes at least 6 hours and causes decreased performance for the user while decryption takes place.
Let me know if you have better luck at this than me =)
:17945
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JohnS over 12 years ago

Hi Donmak,
No solution seems to exist for this particular scenario. The problem seems to be this:
Since the task sequence uses the disk to store needed files, you need to have a WinPe prepared with the filter drivers. This enables you to read and write to the encrypted disk. However, once the filter drivers are loaded they also effectivly protect the mbr from being overwritten. Thereby causing a catch 22 scenario. You need the filter drivers to read the task sequence on the disk, but you can't rewrite the mbr as long as they are loaded. And without the filter drivers, you can't read the disk...
Also tried using a tool from Sophos that was said to be able to stop the filter driver directly. Sadly this tool was meant for SafeGuard Enterprise and didn't work.
Ended up reverting to performing a full decryption followed by an uninstallation of SGE (SGE is still present in mbr if not uninstalled) before initiating the OS deployment. So an OS deployment that could've been completed in about 2 hours if there was a way around this, now takes at least 6 hours and causes decreased performance for the user while decryption takes place.
Let me know if you have better luck at this than me =)
:17945
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data