Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 5 subscribers
  • Views 29248 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard Easy 4.30 and OSD in SCCM

JohnS

I'm having some problems with SGE in a OS Deployment, XP to Win 7 in SCCM.

The drive is to be formatted during the OSD task sequence and no data on the drive is to be saved. I've prepared the WinPE image with the filter drivers as described in article 66019 and prepared a .cfg file that disables warning messages to show when MBR has been changed and disables the restore MBR option.

The new image seems to get applied correctly and I can read the disk fine during the task sequence but after restart the floppy icon still appears and it stops at "loading operating system". I've tried using bootsect /nt60 c: /mbr as the first step after the inital restart to WinPE, I've also tried diskpart with "clean" command but none of these has worked. SGE seems to reside in the MBR no matter what I do.

Is there any solution to get SGE out of the MBR and get the drive completely clean from WinPE?

EDIT: I should add that removing SGE from the MBR works fine with diskpart and option clean when I boot to WinPE from a CD, however, this is a Zero Touch scenario so WinPE must be staged and started from the disk. Also, we have the option to uninstall the with a uninstall.cfg file, but that also means a decrypt is needed if I understand correctly, and that simply takes too long in this scenario.

:12557


This thread was automatically locked due to age.
Parents
  • 0

    Hi John,

    Just thought I'd follow up on this since I got it working

    The fltdonothing.exe file worked a treat (obtained from Sophos support). The filter disabler is advertised as working for Enterprise 5.6 but we use Safeguard Easy 4.5 and had no issues using it (can't comment on 4.3 though) but even at worst if it doesn't work you could always upgrade your client to 4.5 without decrypting then use the filter disabler.

    Anyway for those who are interested:

    Create a config file to disable Safeguards POA

    Add SGE filter drivers to your boot.wi m (InstallSGE2WinPE20 .bat can do this for you - works fine with WinPE3.0)

    Obtain FltDoNothing.exe from Sophos support

    Mount your boot.wim and insert file into windows\system32\ folder

    Add boot.wim to SCCM

    In your task sequence add the disable POA to turn off before reboot

    After reboot into PE step - add command line %systemroot%\system32\FltDoNothing.exe 1 (before format and partition disk)

    Task sequence will disable the safeguard filter drivers, then format drive, apply Windows 7 and everything else. Upon reboot  SGE will no longer be in the MBR and it will boot happily into Windows 7 unencrypted.

    Saves us 6 hours per deployment decrypting... happy days!

    :21699
Reply
  • 0

    Hi John,

    Just thought I'd follow up on this since I got it working

    The fltdonothing.exe file worked a treat (obtained from Sophos support). The filter disabler is advertised as working for Enterprise 5.6 but we use Safeguard Easy 4.5 and had no issues using it (can't comment on 4.3 though) but even at worst if it doesn't work you could always upgrade your client to 4.5 without decrypting then use the filter disabler.

    Anyway for those who are interested:

    Create a config file to disable Safeguards POA

    Add SGE filter drivers to your boot.wi m (InstallSGE2WinPE20 .bat can do this for you - works fine with WinPE3.0)

    Obtain FltDoNothing.exe from Sophos support

    Mount your boot.wim and insert file into windows\system32\ folder

    Add boot.wim to SCCM

    In your task sequence add the disable POA to turn off before reboot

    After reboot into PE step - add command line %systemroot%\system32\FltDoNothing.exe 1 (before format and partition disk)

    Task sequence will disable the safeguard filter drivers, then format drive, apply Windows 7 and everything else. Upon reboot  SGE will no longer be in the MBR and it will boot happily into Windows 7 unencrypted.

    Saves us 6 hours per deployment decrypting... happy days!

    :21699
Children
No Data
Unfiltered HTML