The overall difficulty with using a script to see if EEPC is that without the EEPC drivers, the encrypted partition is unreadable. You can inject the EEPC drivers into WinPE, but the last I knew (I haven't touched EEPC is 2 years) this was VERY unsupported by McAfee, and there weren't any helpful instructions on how to do it. I managed to get it work a few years ago with WinPE 2.0 but I don't remember many details.
Your best bet might be looking at partition information in WinPE, and if you see a hidden partition named EEPC (or whatever EEPC names it's partition currently), then assume the machine is encrypted and save the MBR. From: [email protected] [mailto:[email protected]] On Behalf Of Burke, John Sent: Wednesday, May 15, 2013 7:30 PM To: [email protected] Subject: RE: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry check condition whilst in winpe or do you have to use some other kind? but if i'm doing this at the very beginning of a pxe boot, will it be able to read it from c:\ drive for example? When I tried to set variables looking for c:\program files\safeboot for example. It always returs false. So i assumed you couldn't pull out info from that mounted c drive until you get a little further along OR are in the full OS (doing zero touch) before you reboot into winpe ________________________________ From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Daniel Ackerman Sent: Wednesday, May 15, 2013 7:12 PM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry check condition whilst in winpe or do you have to use some other kind? My EEPC knowledge is a couple years old, but I remember that EEPC creates a hidden partition. Try looking at the win32_logicalvolume WMI class on a EEPC encrypted PC and see if there are any EEPC unique properties listed. If you use the Win32_Logicalvolume WMI class, you won't need to worry about trying to access a dead OS on an encrypted (potentially unreadable) disk. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Burke, John Sent: Wednesday, May 15, 2013 4:56 PM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry check condition whilst in winpe or do you have to use some other kind? On top of that something is throwing me off. If i run a script that does a WMI call whilst in winpe like this, am i not going to run into the same issue i ran into when doing the registry check? Isn't it going to try to run against the WINPE environment? If I go from a power up - hit f12 - load winpe into memory and try to check the c drive for c:\program files\safe boot. That won't even work, so i'm a bit confused as to how this wmi script could even work even for microsoft. This must get run while in the OS right? ________________________________ From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael Niehaus Sent: Tuesday, May 14, 2013 5:27 PM To: [email protected]<mailto:[email protected]> Subject: RE: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry check condition whilst in winpe or do you have to use some other kind? That's also a BitLocker-specific WMI class. It won't be useful for a McAfee-encrypted disk. Thanks, -Michael From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Niall Brady Sent: Tuesday, May 14, 2013 12:52 PM To: mdtosd Subject: Re: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry check condition whilst in winpe or do you have to use some other kind? does that computer have a tpm ? On Tue, May 14, 2013 at 9:46 PM, Burke, John <[email protected]<mailto:[email protected]>> wrote: I'll give it a shot. Thanks. They look very microsoft specific. This doesn't exist in my wbem for example.. root\CIMV2\Security\MicrosoftVolumeEncryption isn't a valid namespace. ________________________________ From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Niall Brady Sent: Tuesday, May 14, 2013 3:54 PM To: mdtosd Subject: Re: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry check condition whilst in winpe or do you have to use some other kind? that script checks for encryption while in WinPE, all those checks are done before the HTA displays (in WinPE) so go ahead and test it in WinPE by running the script in a command prompt On Tue, May 14, 2013 at 6:17 PM, Burke, John <[email protected]<mailto:[email protected]>> wrote: That is probably exactly what happened. So currently my zero touch has access to the system outside of winpe - so it's easy to tell if the mcafee endpoint encryption software is installed. Any suggestions as to how i would detect this from pxe to begin with? I kknow it has to be done way earlly or everythign will crap out soon as it has to touch the c drive. Nail suggested the new cf12 hta as it has some scripts to detect encryption with bitlocker. I "think" its via the "isvolumnencrpted.wsf" script. which looks like it relies on wmi. ****** <job id="IsEncrypted"> <script language="VBScript" src="..\ZTIUtility.vbs"/> <script language="VBScript"> Dim oTSProgressUI set oTSProgressUI = CreateObject("Microsoft.SMS.TSProgressUI") oTSProgressUI.CloseProgressDialog() strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption") Set colItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_EncryptableVolume",,48) For Each objItem in colItems x=objItem.ProtectionStatus Next Dim oShell Set oShell = CreateObject("WScript.Shell") oEnvironment.Item("Drive_Protected") = False retCode = x msgbox "0=Protection OFF" & vbCrLf & "1= Protection ON" & vbCrLf & "2=Protection Unknown" & vbCrLf & vbCrLf & "Protection Status Return code is:" & retcode,0, "Checking If Volume is Encrypted" If(retCode = 2) OR (retCode = 1) Then oEnvironment.Item("Drive_Protected") = True End If WScript.Quit(0) </script> </job> **** BUT this must be getting called in the OS. I need something that can be called in winpe. Or maybe I should simply just call something and let the tech decide if it's encrypted? ________________________________ From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Michael Niehaus Sent: Monday, May 13, 2013 11:34 PM To: [email protected]<mailto:[email protected]> Subject: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry check condition whilst in winpe or do you have to use some other kind? Well, you could probably include registry checks but they would be checking the Windows PE registry, not the old OS registry, so I doubt that would do you much good :) Thanks, -Michael From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Burke, John Sent: Monday, May 13, 2013 6:05 PM To: [email protected]<mailto:[email protected]> Subject: [MDT-OSD] OSD - TS - Question - Can you use a registry check condition whilst in winpe or do you have to use some other kind? I'm guessing hte answer is yes, but i'm just doing a sanity check since I couldn't find anything on line about it. When doing zero touch i have a few variables set based on registry keys existing in wow6432node and software node. they skipped right past them when the same check was tried in winpe. Wondering what checks I can use. File system and wmi checks only? NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.
