good point Michael, well spotted :)
On Tue, May 14, 2013 at 10:33 PM, Burke, John <[email protected]>wrote: > ** > yeah. I doubt the mcafee encyption will throw anything in wmi like this > anyway and i'm starting to doubt that i can even run it against the OS > itself while in WINPE anyway. > > I'll have to go back to my mcafee support folks and ask about the whole > TMP thing. I don't know the answer to that. > > This is really ugly. I am close though. I have finally booted up - and > re-imaged a system via winpe using offline usmt. > > I just need to throw in some checks to set some variables. > > I also have some odd issue with that new bootwim where it seems to be > calling gather before i even put my password in for the task sequence. (i'm > guessing i screwed something up as i've never seen this gather or anythign > else run BEFORE i pick a task sequence). > ------------------------------ > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Michael Niehaus > *Sent:* Tuesday, May 14, 2013 5:27 PM > *To:* [email protected] > *Subject:* RE: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry > check condition whilst in winpe or do you have to use some other kind? > > That’s also a BitLocker-specific WMI class. It won’t be useful for a > McAfee-encrypted disk.**** > > ** ** > > Thanks,**** > > -Michael**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Niall Brady > *Sent:* Tuesday, May 14, 2013 12:52 PM > > *To:* mdtosd > *Subject:* Re: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry > check condition whilst in winpe or do you have to use some other kind?**** > > ** ** > > does that computer have a tpm ?**** > > ** ** > > On Tue, May 14, 2013 at 9:46 PM, Burke, John <[email protected]> > wrote:**** > > I'll give it a shot. Thanks. They look very microsoft specific. **** > > **** > > This doesn't exist in my wbem for example.. > root\CIMV2\Security\MicrosoftVolumeEncryption isn't a valid namespace.**** > > **** > > **** > > ** ** > > ------------------------------ > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Niall Brady > *Sent:* Tuesday, May 14, 2013 3:54 PM > *To:* mdtosd > *Subject:* Re: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry > check condition whilst in winpe or do you have to use some other kind?**** > > that script checks for encryption while in WinPE, all those checks are > done before the HTA displays (in WinPE) **** > > so go ahead and test it in WinPE by running the script in a command prompt > **** > > ** ** > > On Tue, May 14, 2013 at 6:17 PM, Burke, John <[email protected]> > wrote:**** > > That is probably exactly what happened.**** > > **** > > So currently my zero touch has access to the system outside of winpe - so > it's easy to tell if the mcafee endpoint encryption software is installed. > **** > > **** > > **** > > Any suggestions as to how i would detect this from pxe to begin with? I > kknow it has to be done way earlly or everythign will crap out soon as it > has to touch the c drive. **** > > **** > > Nail suggested the new cf12 hta as it has some scripts to detect > encryption with bitlocker. **** > > **** > > I "think" its via the "isvolumnencrpted.wsf" script. which looks like it > relies on wmi. **** > > **** > > ********** > > <job id="IsEncrypted"> > <script language="VBScript" src="..\ZTIUtility.vbs"/> > <script language="VBScript">**** > > **** > > Dim oTSProgressUI > set oTSProgressUI = CreateObject("Microsoft.SMS.TSProgressUI") > oTSProgressUI.CloseProgressDialog()**** > > **** > > > strComputer = "." > Set objWMIService = GetObject("winmgmts:\\" & strComputer & > "\root\CIMV2\Security\MicrosoftVolumeEncryption") > Set colItems = objWMIService.ExecQuery( _ > "SELECT * FROM Win32_EncryptableVolume",,48) > For Each objItem in colItems > x=objItem.ProtectionStatus**** > > **** > > > Next**** > > **** > > Dim oShell > Set oShell = CreateObject("WScript.Shell") > > oEnvironment.Item("Drive_Protected") = False > > retCode = x**** > > **** > > msgbox "0=Protection OFF" & vbCrLf & "1= Protection ON" & vbCrLf & > "2=Protection Unknown" & vbCrLf & vbCrLf & "Protection Status Return > code is:" & retcode,0, "Checking If Volume is Encrypted" > > If(retCode = 2) OR (retCode = 1) Then > oEnvironment.Item("Drive_Protected") = True > End If > > WScript.Quit(0) > </script> > </job>**** > > ******** > > **** > > BUT this must be getting called in the OS. I need something that can be > called in winpe. Or maybe I should simply just call something and let the > tech decide if it's encrypted? **** > > ** ** > > ------------------------------ > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Michael Niehaus > *Sent:* Monday, May 13, 2013 11:34 PM > *To:* [email protected] > *Subject:* [MDT-OSD] RE: OSD - TS - Question - Can you use a registry > check condition whilst in winpe or do you have to use some other kind?**** > > Well, you could probably include registry checks but they would be > checking the Windows PE registry, not the old OS registry, so I doubt that > would do you much good J**** > > **** > > Thanks,**** > > -Michael**** > > **** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Burke, John > *Sent:* Monday, May 13, 2013 6:05 PM > *To:* [email protected] > *Subject:* [MDT-OSD] OSD - TS - Question - Can you use a registry check > condition whilst in winpe or do you have to use some other kind?**** > > **** > > I'm guessing hte answer is yes, but i'm just doing a sanity check since I > couldn't find anything on line about it.**** > > **** > > When doing zero touch i have a few variables set based on registry keys > existing in wow6432node and software node. **** > > **** > > they skipped right past them when the same check was tried in winpe. **** > > **** > > Wondering what checks I can use. File system and wmi checks only?**** > > ** ** > > ** ** > >
