Cool Solutions

Windows Powershell script to create a Windows PE emergency recovery disk for ZENworks Full Disk Encryption



By:

May 15, 2012 3:32 pm

Reads: 6084

Comments:1

License:
Free (subject to disclaimer)

Download build_fde_winpe_recovery_disk_x86

ZENworks Full Disk Encryption supports the use of a Windows PE emergency recovery disk to regain access to encrypted devices. Creating a Windows PE disk is an extensive command-line activity that requires the entry of more than 30 commands to create the correct directory structure and add the appropriate registry entries.

The Windows Powershell script automates the creation of the Windows PE emergency recovery disk, reducing the time required to create the disk and eliminating possible mistakes.

The result of the script is a Windows PE ISO image that you can burn to a CD or DVD.

Prerequisites:

  1. Install the Windows Automated Installation Kit (AIK). The script expects the AIK to be located at C:\Program Files\Windows AIK. If you do not install it to this location, you will need to change the AIK path in the script (see step 1 in the Usage section).
  2. Create a C:\erd\WinPE directory.
  3. Extract the ZFDE_WinPE_Plugin.zip to the C:\erd\WinPE directory. The plugin is available under ZENworks Tools in ZENworks Control Center,
  4. Unzip Build_FDE_WinPE_recovery_disk_x86.zip to get the Powershell script file (Build_FDE_WinPE_recovery_disk_x86.ps1). Copy the Powershell script to the C:\erd directory.
  5. (Optional) Copy the emergency recovery information (ERI) files that you want included on the Windows PE disk to the C:\erd\WinPE\ERI directory. You must create the ERI directory. If you place the files in a different directory, you will need to change the ERI path in the script (see step 1 in the Usage section).

    If you don’t include the ERI files on the disk, you can supply the files via a USB device at the time the disk is used for recovery.

  6. Make sure a C:\WinPE directory does not exist before executing the script; this directory is created and used as the build directory.

Usage:

  1. If necessary, edit the Powershell script with a text editor to change the following variables:
  2. Variable Default Setting Description
    $BuildDir C:\WinPE The build directory used to create the Windows PE ISO image.
    $Architecture x86 x86 is for Intel and AMD 32-bit processors
    amd64 is for Intel and AMD 64-bit processors
    ia64 is for Intel Itanium processors
    $Language en-us The user locale. Values are standard international language code formats (en-us, de-de, es-es, and so forth).
    $KbLayout 0409:00000409 The keyboard layout. The default is en-us. See the Microsoft Go Global Development Center (http://msdn.microsoft.com/en-us/goglobal/bb895996) for layout Ids.
    $WAIKInstallation C:\Program Files\Windows AIK The path to the Windows AIK installation.
    $ISOLabel Novell_FDE_Recovery_WinPE The volume label assigned to the ISO image.
    $PluginDir .\WinPE\EN\files The path to the Full Disk Encryption plugin files. The default uses a relative path from the perspective of the script location.
    $ERI_Dir .\ERI The path to the emergency recovery information (ERI) files to include in the ISO image. The default uses a relative path from the perspective of the script location.
  3. Run Windows PowerShell with Administrator privileges.
  4. Change to the C:\erd directory.
  5. Enter the following command to ensure that the Execution Policy for Windows Powershell is set to Unrestricted:
    Set-ExecutionPolicy Unrestricted
    
    

    If the Execution Policy is set to Restricted, the script will not run and the following error will be displayed:

    File Build_FDE_WinPE_recovery_disk_x86.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.
    At line:1 char:40
    + .\Build_FDE_WinPE_recovery_disk_x86.ps1 <<<<
        + CategoryInfo          : NotSpecified: (:) [], PSSecurityException
        + FullyQualifiedErrorId : RuntimeException 
    	
    	
  6. Execute the script:
    .\Build_FDE_WinPE_recovery_disk_x86.ps1
    
    

    After the script successfully completes, the Novell_FDE_Recovery_WinPE.iso is added to the C:\WinPE directory.

Additional Information:

For information about using the Win PE disk to recover an encrypted device, see the ZENworks 11 Full Disk Encryption Emergency Recovery Reference

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Cool Tools, Technical, ZENworks Full Disk Encryption

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

1 Comment

  1. By:mkaufmann

    Was a great help. Thanks!

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)

Comment

RSS