How to us tb WinTcb CD to rmov

tb ncryption and boot sctor from

tb bard-disk

Summary
This article provides two solutions to overcome the following types of situations:
Windows becomes corrupt.
You cannot access the data of an encrypted computer.
Encryption or decryption fails.

IMPORTANT: These procedures should only be attempted by a trained desktop support personnel
within the University.

Solution 1
IMPORTANT: Make sure the computer's main power supply is plugged in for this procedure. Do not
attempt to perform on battery only.
Prerequisites
Before proceeding you must have the following:
The ISO image located on Z:\IT\Common\McAfee Endpoint Encryption for PC\Images
The daily access/authorization code. This can be obtained directly from Information Security.

Recovery Procedure 1
This procedure uses the Authenticate to SafeBoot Files System (SBFS) method.
1.Start the computer with the BartPE CD/DVD (WinTech CD). This loads the Endpoint Encryption
interface.
2.Click Go, Programs, SafeBoot WinTech.
3.When prompted, type the access code, and then click OK.
4.From the main menu, click WinTech and select Authenticate from SBFS.
5.Type the computer's username and password, and then click OK.
6.From the main menu click WinTech and select Remove EEPC. This will decrypt the drive and remove
the boot sector.
NOTE: It might take a few hours, depending on the computer's performance and the storage capacity of
the drive or partition.
7.When Endpoint Encryption has been removed, delete its record from the Endpoint Encryption
Manager. (The central record will no longer have the correct parameters for this computer).
CAUTION: The next time Windows is started, Endpoint Encryption automatically reactivates itself if the
installed files are still intact. It also connects to the Endpoint Encryption Server. The computer might also
encrypt at this point, depending on its database settings.

Required action to prevent this from happening:
1.Disconnect from the network prior to starting the computer (or disable wireless networking).
NOTE: Disconnecting from the network will prevent reactivation only if this computer was originally an
Online install. If it was an Offline install, then start with Windows Safe Mode first. See the Endpoint
Encryption for PC Administration Guide for further information regarding online and offline installation.
2.Allow Windows to load.
3.Click Start, Run, type cmd, then click OK.
4.Change to the Endpoint Encryption folder on the client using DOS commands. Default location is:
c:\Program Files\McAfee\Endpoint Encryption for PC. Type:
CD "c:\Program Files\McAfee\Endpoint Encryption for PC"
5.Type sbsetup uninstall
NOTE: The drive must be completely unencrypted for this command to work.


Solution 2
If Endpoint Encryption does not work and the Encryption and Boot Sector removal procedure in Solution
1 cannot be used, then follow this alternative procedure.
Prerequisites
Before proceeding you must have the following:
The ISO image located on Z:\IT\Common\McAfee Endpoint Encryption for PC\Images
The daily access/authorization code. This can be obtained either directly from Information Security.
The floppy drive or USB containing the computers configuration file (.SDB) that has been exported from
the Endpoint Encryption database. This contains the machine key that will provide access to the problem
computer.
NOTE: Any USB sticks and drives required to access the computer must be plugged in before WinTech
Recovery Procedure 2
This procedure will use the authentication method: Authenticate to Database
Step 1 - Create a SafeTech Boot Disk.
First create a SafeTech recovery disk at the McAfee Endpoint Encryption Manager and export the
User/Computer configuration to the floppy disk/USB device.
STEP 2 - Use the WinTech CD.
1.Start the computer with the BartPE CD/DVD. This loads the Endpoint Encryption interface.
2.Click Go, Programs, SafeBoot WinTech.
3.When prompted, type in the access code, then click OK.
4.From the main menu click WinTech, then select Authenticate from Database.
5.Select the computers SDB file, then click OK.
6.From Select Machine, select the correct computer name.
7.From the main menu, click WinTech, and then select Remove EEPC. This decrypts the drive and
removes the boot sector.
NOTE: It might take some hours depending on the computer performance and the storage capacity of
the drive or partition.
8.When Endpoint Encryption has been removed, delete its record from the Endpoint Encryption
Manager (the central record will no longer have the correct parameters for the this computer).
NOTE: If you had a problem with Windows and the operating system is repaired, Endpoint Encryption
will automatically reactivate itself if the installed files are still intact. It also connects to the Endpoint
Encryption Server. The computer might also encrypt at this point, depending on its settings in the
database.
Required action to prevent this from happening:
1.Disconnect from the network prior to starting your computer (or disable wireless networking):
2.Allow Windows to load
3.Click Start, Run, type cmd, then click OK.
4.Change to the Endpoint Encryption folder on the client using DOS commands (default location is:
c:\Program Files\McAfee\Endpoint Encryption for PC). Type:
CD "c:\Program Files\McAfee\Endpoint Encryption for PC"
5.Type sbsetup uninstall
NOTE: The drive must be completely unencrypted for this command to work.
WARNING: Disconnecting from the network will prevent reactivation only if this computer was originally
an online install of Endpoint Encryption for PC. If it was an offline install start with Windows Safe Mode
first. See the Endpoint Encryption for PC Administration Guide PDF document