Posted by James Gillies on 22 August 2011 03:19 PM
The purpose of the workspace exercise is to ensure the correct key (otherwise known as an SDB file) is being used on the correct machine. If you use the wrong key you risk double encrypting the machine so it is important to carry out the following exercise.
The Workspace tool works by selecting the first sector of the windows operating system and displaying it in the workspace window. After selecting ‘decrypt’ workspace, if the writing on the workspace becomes legible you can be assured that you have the correct key that has successfully decrypted a single sector of the encrypted drive.
- To carry out this exercise you must have an up to date SafeTech/Wintech CD. You can boot to either to perform this exercise.
- You must have the SDB Key. You will need to unzip this and pop it on a USB stick and make sure it is plugged into the machine before booting to the CD or it will not find it.
- You will need the ‘Daily Authorisation Code’
Steps required for DPMS2 McAfee Endpoint Encryption – “Workspace Exercise”
1..... Boot the Safetech / WinTech CD
2..... Start SafeTech and Authenticate From Database
3..... Get Disk Information
4..... Open Workspace
5..... Decrypt Workspace
N.B. You must also have the .sdb file supplied by Safeboot Support on the root of your USB disk if you have been instructed to “Authenticate From Database” – details on section 3.
1. Boot the Safetech / WinTech CD
Boot into the SafeTech/Wintech CD… and choose option 1 to start Safetech… you may need to change the "Boot Order" on your computer first or access the "One-Time Boot Menu" on your computer, dependant on what function your computer supports. Please refer to your computer user guide for clarification if needed. (Usually the Esc, F2, F10 or F12 keys during system start-up are a good place to start)
Safetech will start up and then ask you for todays “Authorisation Code”
Enter the Authorisation Code for today (it is a four digit number that changes every day, please contact Support for the relevant code)
Look at the bottom-left of your screen, you will see that you are “Authorised” which means you have entered the correct daily authorisation code.
2. Start SafeTech and Authenticate From Database
This section assumes you will authenticate using the .sdb file supplied by Safeboot Support. As described on section 1 please ensure that you have inserted the USB disk containing the .sdb file (at the root of the USB disk) BEFORE you boot the machine with the Safetech / WinTech CD or else the USB disk will not be seen by SafeTech.
You will now need to “authenticate” to SafeBoot so that you can read the contents of the encrypted drive, so from the menu at the top left of the screen choose “SafeTech / Authenticate from Database”
A dialog box will open prompting you to choose the location of your .sdb file – As per the screenshot you should be able to select the USB disk from the drive letters on the left:
Once you have selected the USB disk you should be able to select the .sdb file as shown below:
Look at the bottom-right of your screen, you will now see that not only are you “Authorised” (because of the correct daily authorisation code being entered) you will also be “Authenticated” because you have successfully logged into you encrypted drive (SafeBoot). You also need to make sure that the “WrkSpc: 0x12” is also showing, that means you are using the correct encryption algorithm.
3. Get Disk Information
You will then see disk information similar to below. Expand all the logical drives (you may have more than 1) and expand ‘Partition x’ where x represents a number. You should be able to get an idea of which logical partition represents each physical disk by looking at the Sector Count. If it’s a small drive it’s likely to be your USB stick. If it’s a large drive it’s possible that it is the disk you are trying to authenticate to.
Take note of the ‘Start Sector’ number displayed on your screen as well as the ‘Logical Disk Number’ of the disk you are trying to authenticate to. You will need them in the next step.
4. Open Workspace
Click on ‘Disk’ > Open Workspace
In the Workspace window go to; Disk > Load Buffer from Disk
Select Disk: <Select the logical disk you noted in previous step>
Start Sector: <Type the start sector you noted in the previous step>
Sector Count: <Leave this selected as 1>
NOTE: The reason we choose the start sector is because we know this is the first sector that Windows will write to.
The workspace should now look similar to above. If the machine is encrypted none of the text to the right hand side will be legible.
4. Decrypt Workspace
Click Data > Decrypt Workspace
If the decryption was successful and you can now see legible text on the right hand side (For example ‘NTLDR is missing’ this confirms that the SDB file you have used is correct. It also confirms whether the machine was encrypted or not in the first place.
The workspace exercise is now complete and you can continue with your initial objective (ie) WinTech or SafeTech Removal, Emergency Boot etc.