Free (subject to disclaimer)
ZENworks Full Disk Encryption supports the use of a Windows PE emergency recovery disk to regain access to encrypted devices. Creating a Windows PE disk is an extensive command-line activity that requires the entry of more than 30 commands to create the correct directory structure and add the appropriate registry entries.
The Windows Powershell script automates the creation of the Windows PE emergency recovery disk, reducing the time required to create the disk and eliminating possible mistakes.
The result of the script is a Windows PE ISO image that you can burn to a CD or DVD.
- Install the Windows Automated Installation Kit (AIK). The script expects the AIK to be located at C:\Program Files\Windows AIK. If you do not install it to this location, you will need to change the AIK path in the script (see step 1 in the Usage section).
- Create a C:\erd\WinPE directory.
- Extract the ZFDE_WinPE_Plugin.zip to the C:\erd\WinPE directory. The plugin is available under ZENworks Tools in ZENworks Control Center,
- Unzip Build_FDE_WinPE_recovery_disk_x86.zip to get the Powershell script file (Build_FDE_WinPE_recovery_disk_x86.ps1). Copy the Powershell script to the C:\erd directory.
- (Optional) Copy the emergency recovery information (ERI) files that you want included on the Windows PE disk to the C:\erd\WinPE\ERI directory. You must create the ERI directory. If you place the files in a different directory, you will need to change the ERI path in the script (see step 1 in the Usage section).
If you don’t include the ERI files on the disk, you can supply the files via a USB device at the time the disk is used for recovery.
- Make sure a C:\WinPE directory does not exist before executing the script; this directory is created and used as the build directory.
- If necessary, edit the Powershell script with a text editor to change the following variables:
- Run Windows PowerShell with Administrator privileges.
- Change to the C:\erd directory.
- Enter the following command to ensure that the Execution Policy for Windows Powershell is set to Unrestricted:
If the Execution Policy is set to Restricted, the script will not run and the following error will be displayed:
File Build_FDE_WinPE_recovery_disk_x86.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details. At line:1 char:40 + .\Build_FDE_WinPE_recovery_disk_x86.ps1 <<<< + CategoryInfo : NotSpecified: (:) , PSSecurityException + FullyQualifiedErrorId : RuntimeException
- Execute the script:
After the script successfully completes, the Novell_FDE_Recovery_WinPE.iso is added to the C:\WinPE directory.
|$BuildDir||C:\WinPE||The build directory used to create the Windows PE ISO image.|
|$Architecture||x86||x86 is for Intel and AMD 32-bit processors|
amd64 is for Intel and AMD 64-bit processors
ia64 is for Intel Itanium processors
|$Language||en-us||The user locale. Values are standard international language code formats (en-us, de-de, es-es, and so forth).|
|$KbLayout||0409:00000409||The keyboard layout. The default is en-us. See the Microsoft Go Global Development Center (http://msdn.microsoft.com/en-us/goglobal/bb895996) for layout Ids.|
|$WAIKInstallation||C:\Program Files\Windows AIK||The path to the Windows AIK installation.|
|$ISOLabel||Novell_FDE_Recovery_WinPE||The volume label assigned to the ISO image.|
|$PluginDir||.\WinPE\EN\files||The path to the Full Disk Encryption plugin files. The default uses a relative path from the perspective of the script location.|
|$ERI_Dir||.\ERI||The path to the emergency recovery information (ERI) files to include in the ISO image. The default uses a relative path from the perspective of the script location.|
For information about using the Win PE disk to recover an encrypted device, see the ZENworks 11 Full Disk Encryption Emergency Recovery Reference