Home > Security/Exploits > Disaster Recovery, WinTech and WinPE

Disaster Recovery, WinTech and WinPE

WinTechA long while ago, probably back in 2006 I wrote an article about how to add WinTech (the diagnostic and disaster recovery toolkit for the “SafeBoot”, or McAfee Endpoint Encryption for PCs) to a BartPE CD Image. At the time WinPE was only available to system integrators, and not to the likes of you and me. The steps to create custom WinPE CDs were obtuse, thanks mainly to a lack of documentation from Microsoft as to how WinPE worked, and thus many people migrated to the simple and easy BartPE system.I wanted to provide an easy way for people to make these useful bootable recovery CDs

UPDATE – 12th Sep 2012 – Don’t forget if you are using WinPE3.1, you need to take the disk offline before authenticating with WinTech/EETech . If you don’t, pesky WinPE3.1 will start writing to the private pre-boot area and will corrupt it. There are comments to this effect below, and also on https://community.mcafee.com/message/200194#200194

UPDATE – 16th June 2010 – I added my Windows 7 scripts for EETech and WinTech to CTOGoneWild – They are called “MakePECD3.01 EEPC5+W7.zip” and “MakePECD3.02EEPC6+W7.zip” – let me know how you get on with them!

UPDATE – 14th Dec 2009. I added a new version of the script which makes a EETech CD for EEPC v6 – you can find it on CTOGoneWild as usual.

Today, the latest versions of WinPE are both well documented and accessible, and now the Windows AIK toolkit is available to all, there seems less reason to persist with the BartPE plugin system than there was before.

I recently wrote a simple batch file to automate the instructions on how to add WinTech to a PE3 image – it makes things simple, and later still, I found a bunch of useful SATA ACPI and NIC drivers which too my script can add into the image for you.

All this is available from CTOGoneWild, the script is called MakePCCD2.bat. You can use it as inspiration for your own boot CDs even if you don’t need WinTech. It has a shell (no Explorer with PE remember!, and some old bat tricks to enumerate folders and use the PE builder stuff to insert drivers etc.

Please read the “readme.txt” file in the zip before starting, as you need to download Windows AIK, and also set some values in the script before starting it. Oh, and on Vista, if for some odd reason you’re using UAC, you need to run it “as administrator” on a local drive. You’ll also need either SafeBoot Administration, or McAfee Endpoint Encryption Manager installed so the script can pick up the right drivers.

As always, Enjoy!

About these ads
  1. Mike
    September 11, 2009 at 13:14

    This is GREAT! I have been looking on how to do this for a while. The issue I am running into is that we are using version 5.1.9 build 5701 and I think this cmd was written for an older version since the sbadmin folder doesn’t exist anymore. I substituted most of the files located in safeboot remote console dir. The only one I could not find was the safeboot.w2k which I replaced with the safeboot.sys found in the McAfee->Endpoint Encryption for PC folder. This works and I am able to boot into the Winpe environment, load Wintech and authenticate from the local file system. After authenticating and mounting the drive I can then even explore the files on the drive. The issue I am having is after I exit the winpe environment and attempt to log on the machine I recieved an error “unable to load the safeboot file system error 0030002. To test things I grabbed another encrypted machine logged onto wintech, authorized and authenticated using the local file system and then restarted. I received an error 0050020 unable to open the client datastore. It is as if I am corrupting the local safeboot mbr or something. Any suggestions or advice?

    • Mike
      September 11, 2009 at 14:04

      I recreated the iso using files from the bartpe wintech which we have been using for recoveries in the past. I once again booted into the winpe environment, authenticated and authorized when I restartI recieve error: 0xe0030002 “Unable to mount the SBFS” Would you have a list of files used in your sbadmin folder and their versions?
      Thanks Mike

      • Simon Hunt
        November 23, 2009 at 16:48

        for tech support, please contact your McAfee people – this blog is my personal blog.

      • Milosz
        June 16, 2010 at 11:39

        I had the same problem, and I solved it. It required taking disk offline with diskpart. However PE created with AIK from Vista doesn’t have offline option in Diskpart.
        Instead I used Win7AIK, modified Simon’s Script (won’t work because Dism superseed most of older commands, e.g. Peimg etc).
        Procedure after booting from cd:
        > Diskpart
        > select disk 0
        > offline disk
        After Authorize and Authenticate in Wintech you can either choose to Remove McAfeeEE or to take disk online (with Diskpart) and backup/copy/access data on disk. You won’t be able to use Remove McAfeeEE if you have disk online, take it offline before proceding.

      • August 3, 2010 at 12:50

        Milosz :
        I had the same problem, and I solved it. It required taking disk offline with diskpart.
        Procedure after booting from cd:
        > Diskpart
        > select disk 0
        > offline disk
        After Authorize and Authenticate in Wintech you can either choose to Remove McAfeeEE or to take disk online (with Diskpart) and backup/copy/access data on disk. You won’t be able to use Remove McAfeeEE if you have disk online, take it offline before proceding.

        Thanks Milosz that works perfect. Was having the same issue even with the latest MakePE scripts. Taking the drive offline, authenticating and then taking it back online doesn’t corrupt the sbfs. Thanks for the comment!

  2. Simon Hunt
    September 11, 2009 at 14:25

    It’s not linked to any particular folder, it reads the path out of the registry (or you can set it in the script. The remote console is not a proper Admin install though (it’s a bad unsupported hack), you should try again using the script in a proper installed-from-deployment media admin, then I expect it will work better ;-)
    There’s tons of stuff missing from the remote admin installs which you’ll only find in a proper install.

    • Mike
      September 11, 2009 at 15:56

      Thanks for the help. I now directed the path to the sbadmin folder on a system with the deployment media admin console installed, recreated the iso and once again after simply authenticating from local database upon restart I receive the same error “Unable to mount the SBFS” I am going to attempt to some more troubleshooting tomorrow and see if I can find what is causing the corruption. Thanks again.

  3. Hardik Kothari
    March 10, 2010 at 13:29

    Hi,

    I am facing lot of complication with McAfee Endpoint Encryption for PC v. 6.0.1. Single sign on not working properly,user group creation(as it used to be in 5.x) and many more things.Apart from product guide i didn’t find any other document which can be of help.

  4. Simon Hunt
    March 10, 2010 at 15:23

    There’s a bunch of stuff available – contact your platinum support person and ask them for help, or bring it up with your services people. The McAfee forums have lots of information as well (community.mcafee.com)

  5. Ryan
    May 5, 2010 at 14:47

    This really is great! I made an attempt at converting the BartPE plug-in back when WAIK 1.0 was released. I was able to authenticate and mount the drive, but the pre-boot would continually become corrupt after a reboot. I can’t wait to give this a try with the Win7 WAIK. Any reason why McAfee won’t package this script (or a small user friendly app) which can be used to package the drivers and WinTech / EETech via the MS WAIK? I think BartPE is a bit past its prime. ;)

  6. Simon Hunt
    May 5, 2010 at 15:39

    that would require McAfee to “support” WAIK – I think we expect customers who use WAIK to have been through the Microsoft training etc and know how to use it, because it’s so highly customized.

  7. Jon Ruggenberg
    June 3, 2010 at 12:28

    I have been tasked with building a Win7 64 bit DaRT (Diagnostic and Recovery Tools) Emergency Recovery Disk. The MS MDOP provides a simple UI for accomplishing this but the challenge is incorporating MEE v5.2 support. I have the AIK tools and have attempted the comparable command documented in WINPE2.1_GUIDE.doc but get SBAlg.sys boot manager errors. Any documentation out there for doing this right?

  8. Simon Hunt
    June 3, 2010 at 19:22

    no docs other than the microsoft ones, no. Did you use the 64bit versions of the drivers, or the 32bit versions?

    • Jon Ruggenberg
      June 4, 2010 at 16:58

      Used the files on the server where our company hosted the MEE 5.2 install EEPC_Tools\Making a Rescue CD\BartPE Plugin for SafeBoot\SBWinTech_AES-FIPS I found all of the files as documented in the WINPE2.1_GUIDE.doc “Creating a Windows Vista PE Recovery CD with SbWintech Plug-in”. As I mentioned the documentation that is available from Safeboot / McAfee is very outdated. Tried a ticket with McAfee and got nowhere.. Very frustrating..

      —- here is some partial history —- I can email the thread if you would like
      Subject: RE: SR # Assignment Notification

      McAfee closed the ticket I had as they do not have any documentation or tried to include the drivers in DaRT…

      My reply to that was…

      The Microsoft part of creating a WinPE 3.0 ISO or a DaRT ISO works great. Not sure what else I could ask of them at this point.

      No way to do it without some direction from McAfee and considering they included the support for WinPE 2.1 I don’t think we are asking too much for an update from them. We probably won’t be the last customer to ask for this.. DaRT has some very cool features but it is useless if we can’t see the content on C:.

      My request is pretty straight forward. How do we integrate MEE support in the MSDaRT 6.5 boot CD build process outlined here: http://technet.microsoft.com/en-us/library/ee460919.aspx

  9. Simon Hunt
    June 6, 2010 at 13:01

    this is not McAfee tech support Jon – I suggest you post in the encryption forums at http://community.mcafee.com.

    The short answer though is that McAfee is not offering technical support or problem solving for WinPE (any version) at the moment – you are responsible for putting WinTech/EETech into the WinPE CD given the various formal and informal information available, plus the Microsoft documentation. After all, you simply need to copy the drivers in place and set a few reg keys – it’s pretty simple.

    I’m sure if you got some Prof Services from McAfee though, they would help you do this.

  10. Simon Hunt
    June 16, 2010 at 11:54

    I just added my W7 scripts for EETech and WinTech to my CTOGoneWild site – see the edit in the post for the link.

  11. Joe Sudol
    June 21, 2010 at 14:18

    I have a question about your script. You wrote above “Please read the readme.txt file in the zip before starting”

    I downloaded the zip file but thee is no read me in it?

  12. Simon Hunt
    June 21, 2010 at 14:37

    the readme is in earlier versions – same site. I think you can work it out though if you know how to use AIK. The readme does not apply to W7.

  13. Jean-Marie
    September 16, 2010 at 08:39

    Hello simon,

    it seems that there is some errors in the Windows 7 scripts for EETech and WinTech :

    the line For /d %%l In (HTA.cab…. , is finishing with %%1 (not %%l) and the ending ” is missing.

    • Simon Hunt
      November 15, 2010 at 08:37

      Duh! Thanks Jean-Marie. I’ll fix that at some point!

  14. Sagar Sanghavi
    October 14, 2010 at 19:15

    Hi Simon I have gong through your Blog /Its excellent to see you creating the great stuff for securtity tool. Actualy i was looking for wintec safetech recovery CD for windows on winpe Xp/Windows 7 the version we are using is 5.2.2 also i was looking to see if you have anything in ready tool . Also i will be glad if you can Windows ERD to Wintech CD which is really help full in some case to recovery on crasehed windows with Macfee Encryted. hope you got my question and requirement & May if you can helpor guide on this

    Bye Sagar Sanghavi

    • Simon Hunt
      November 15, 2010 at 08:36

      I think you are asking if I can supply you a cd? If so, sorry no – your Licence is with Microsoft so you need to make it yourself.

  15. Roderick
    November 14, 2010 at 11:26

    Mike :

    Milosz :I had the same problem, and I solved it. It required taking disk offline with diskpart.Procedure after booting from cd:> Diskpart> select disk 0> offline diskAfter Authorize and Authenticate in Wintech you can either choose to Remove McAfeeEE or to take disk online (with Diskpart) and backup/copy/access data on disk. You won’t be able to use Remove McAfeeEE if you have disk online, take it offline before proceding.

    Thanks Milosz that works perfect. Was having the same issue even with the latest MakePE scripts. Taking the drive offline, authenticating and then taking it back online doesn’t corrupt the sbfs. Thanks for the comment!

    I am really suffering this… I cannot use the script for w7, and I would like to try the “offline” trick, since I cannot recover my computer. Could you please send it to me to taopaipai7@hotmail.com ?? Thank you very very much

    The one from Simon has problems in the “Overlay for…” part and the “Adding Registry Settings” part and I don’t know how to fix it. Thank you

  16. Ken
    March 17, 2011 at 21:46

    First off – AWESOME tutorial and script! THANK YOU!!!

    Had a minor problem. I seems the EEM and the client both need to be installed (not just EEM).

    The following line in file “pesetenv” changes the current directory.
    cd /d %~dp0

    Once the current directory is changed, %wtpath% is not longer the same path as the script. So later parts of the script fail.

    rem out “cd /d %~dp0″ within file “pesetenv” solved it for me.

  17. EM
    July 31, 2011 at 05:06

    Hello Simon,

    Please provide some *minimal* instructions on your WinPE Builder.
    What I’d like to know is the must haves – other than WAIK – to build this successfully.

    ie: Do you need to run this on the machine that has the admin console, or can you do it on a clean machine with nothing other than WAIK installed.

    Min reqs please?

    • Simon Hunt
      July 31, 2011 at 09:05

      For technical support, please use the encryption group at http://community.mcafee.com

      • EM
        July 31, 2011 at 20:07

        Just asking for minimum requirements. Where to place the script, what must be installed for it to run, what caveats are there, where are the things you must do in order for it to run YOUR script.

  18. Simon Hunt
    August 1, 2011 at 10:56

    same answer – use http://community.mcafee.com for tech support – It just does not work well doing tech support in the comments of a blog post.

  19. EM
    August 1, 2011 at 18:55

    Yeah, thanks Simon. All sorted. It took a while but I did find some good resources there.

    Top stuff.

  20. Joachim
    October 21, 2011 at 10:28

    Hi Simon,

    above you placed the link to your script files. But there I can only find “MakePECD3.01 EEPC5+W7.zip” and missing “MakePECD3.02EEPC6+W7.zip”. Where may I find this one?

    Thanks

    Joachim

    • Simon Hunt
      October 22, 2011 at 16:57

      It’s right below it on the “Interesting Files” page.

  21. Alvaro
    November 29, 2011 at 15:54

    Where I can get these files, I not have McAfee Endpoint Encryption Manager

    You also need to copy the winTech.exe and support files to your CD:
    • Program Files\SafeBoot\WinTech.exe
    • Program Files\SafeBoot\SBComms.dll
    • Program Files\SafeBoot\SBDBMGR.dll
    • Program Files\SafeBoot\SBUILib.dll
    • Program Files\SafeBoot\SBXFERDB.dll
    • Program Files\SafeBoot\SBAlgs\SBAlg.dll (appropriate version for your environment)

  22. Simon Hunt
    November 29, 2011 at 16:54

    You should contact your SafeBoot administrator perhaps?

  23. Edgar
    January 18, 2012 at 10:57

    Hello Simon,
    I’m using your script to create the Wintech CD (great script by the way) with Windows 7 AIK but it’s not able to boot, I’m getting an error saying that file windows/system32/drivers/SBAlg.sys is missing or corrupt – code 0xc000035a – however I have ensured that the file is there in the mount files.

    In one of the disks I created before this latest one, and that is able to boot, I found later that while creating it, it sent me an error message at the adding registry settings step which means it doesn’t has the registry for safeboot.sys, sbalg.sys, rsvlock.sys and tcpip.sys, I’m able to get into Wintech but it doesn’t allow me to authenticate saying that the encryption disk drivers are not found (my guess is that it’s because those .sys are not in the registry).

    So I ensured that the script didn’t send any errors but it’s not able to boot due to the error I described first. To make a further test I removed the entry for sbalg.sys from the “registry changes.reg” file and now it sends the same error for safeboot.sys.

    I must say that I’m running the script in a machine where Endpoint Encryption is running fine so I’m tooking the file sbalg.sys directly from windows/system32/drivers but safeboot.sys cannot be copied from there (it says it’s in use by a process) so I took it from the application directory under Program Files, unfortunately I don’t have Endpoint Encryption Manager available to create the disk.

    Could you please provide any lead on what can be wrong and how to fix it?

    Thanks!

    • Simon Hunt
      January 18, 2012 at 13:37

      The best place for tech support is http://community.mcafee.com – you can get help there for this kind of issue.

      I sounds though like you’re not running the script on a machine with eem installed.

    • Edgar
      January 18, 2012 at 15:31

      Hello Simon,
      I think I found the problem, my Win 7 version is amd64 and I didn’t change that in the script. I already did so and I got rid of the messages with the sys files but now the problem is while trying to run the nu2menu I get this error 0x80070134: the subsystem needed to support the image type is not present, is this a problem related to processor architecture? (I mean running 32bit programs in a 64bit env), do you have any idea on how to fix it?
      Thanks!

      • Simon Hunt
        January 18, 2012 at 15:36

        I don’t believe wow64 is supported on winpe. You’ll need to build from a 32bit system.

  24. Justin
    November 7, 2012 at 16:02

    MakePECD3.02EEPC6+W7.zip

    I had to update some of the command lines for WINPE3. I assume because of a new WAIK version. The autorun failed to start eetech. THe MCAfee Tools –> McAfee EETech for EEPC6 is grayed out. Inconstantly on a few HP models, the authorization code is prompting for the next day’s code of the day. The bios time is accurate so I’m not sure why this is occurring. Authentication fails when clicking on the Token button. Error EE0C0001: INvalid disk for pre-boot file system.

    • Simon Hunt
      December 2, 2012 at 09:04

      Please comment at community.mcafee.com in the encryption forum – you’ll get much better response. There’s no inconsistency in your bios times, remember that waik uses the pacific time zone unless you specifically set the correct local zone.

  25. Simon Hunt
    February 19, 2013 at 09:39

    For tech support, please use the data protection forums in the Buisiness section of community.mcafee.com

  26. Patricio
    April 16, 2013 at 13:15

    Hi,
    EETECH throws me the following message “Unsupported Token Type”, what does it mean?.
    Thanks.

  27. Keith
    April 24, 2013 at 12:49

    Simon,
    Have you ever looked at Winbuilder (http://reboot.pro)? If so, have you thought about creating a script for EEPC 7’s EETECH to use with Winbuilder. Winbuilder uses WINPE3 and seems to be the new BartPE. That is, unless you can recommend something else that not only allows the building of an EETECH DVD, but allows for other tools can be added to it like UBCD4WIN (old, but useable, technology)?
    I put in a PER for both, UBCD4WIN and Winbuilder, both were turned down, UBCD4WIN because it is “old technology” and Winbuilder because the people looking at it, were not aware of it and they “don’t provide support for 3rd party applications and the functionality for WinPE provided should be sufficient”. A rather disappointing answer especially since the documented method leaves the user at a command prompt (requires the user to know and type the exact path to EETECH) and does not easily allow additional tools to be added. Nothing like taking a step backwards for support. I was able to use version 5’s BartPE with UBCD4WIN and it worked well.
    We added some additional tools to it so we could recover data from an encrypted drive without decrypting first. In the case of a failing drive, this was very important and saved us a lot of time and money
    I used to see a decrease in application functionality when products went from fat client to browser based, a lot of good functionality disappeared for many releases (some never recovered it). Sorry for the rant, but it is just some of my frustration coming out.

    Thanks,
    Keith

    • Simon Hunt
      April 24, 2013 at 13:40

      You can add anything you like to a WinPE CD as you build it – most people seem to add A4k for example, and nu2menu etc – I agree it would be nice if there was a pretty GUI builder etc, but that’s not Microsoft’s intention for the WinPE solution, and it seems most corporations are unhappy to use the BartPE style things because of the dubious licence compliance problems.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 175 other followers

%d bloggers like this: