ZENworks Full Disk Encryption supports the use of a Windows PE emergency recovery disk to regain access to encrypted devices. Creating a Windows PE disk is an extensive command-line activity that requires the entry of more than 30 commands to create the correct directory structure and add the appropriate registry entries.

The Windows Powershell script automates the creation of the Windows PE emergency recovery disk, reducing the time required to create the disk and eliminating possible mistakes.

The result of the script is a Windows PE ISO image that you can burn to a CD or DVD.

Prerequisites:

1. Install the Windows Automated Installation Kit (AIK). The script expects the AIK to be located at C:\Program Files\Windows AIK. If you do not install it to this location, you will need to change the AIK path in the script (see step 1 in the Usage section).

• Create a C:\erd\WinPE directory.

• Extract the ZFDE_WinPE_Plugin.zip to the C:\erd\WinPE directory. The plugin is available under ZENworks Tools in ZENworks Control Center,

• Unzip Build_FDE_WinPE_recovery_disk_x86.zip to get the Powershell script file (Build_FDE_WinPE_recovery_disk_x86.ps1). Copy the Powershell script to the C:\erd directory.

• (Optional) Copy the emergency recovery information (ERI) files that you want included on the Windows PE disk to the C:\erd\WinPE\ERI directory. You must create the ERI directory. If you place the files in a different directory, you will need to change the ERI path in the script (see step 1 in the Usage section).
  

  If you don't include the ERI files on the disk, you can supply the files via a USB device at the time the disk is used for recovery.

• Make sure a C:\WinPE directory does not exist before executing the script; this directory is created and used as the build directory.

Usage:

1. If necessary, edit the Powershell script with a text editor to change the following variables:

• Run Windows PowerShell with Administrator privileges.
  

• Change to the C:\erd directory.
  

• Enter the following command to ensure that the Execution Policy for Windows Powershell is set to Unrestricted:
  

  Set-ExecutionPolicy Unrestricted
  
  

  
  
  

  If the Execution Policy is set to Restricted, the script will not run and the following error will be displayed:

  
  
  

  File Build_FDE_WinPE_recovery_disk_x86.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.
  At line:1 char:40
    .\Build_FDE_WinPE_recovery_disk_x86.ps1 <<<<
        CategoryInfo          : NotSpecified: (:) [], PSSecurityException
        FullyQualifiedErrorId : RuntimeException 
  	
  	

  
  

• Execute the script:
  

  .\Build_FDE_WinPE_recovery_disk_x86.ps1
  
  

  
  
  

  After the script successfully completes, the Novell_FDE_Recovery_WinPE.iso is added to the C:\WinPE directory.

  
  
  

Additional Information:

For information about using the Win PE disk to recover an encrypted device, see the ZENworks 11 Full Disk Encryption Emergency Recovery Reference