Windows PE Recovery Tools for Endpoint Encryption


Article ID: 161041


Updated On:


Endpoint Encryption


There is a need to create WinPE files for recovery with Symantec Endpoint Encryption in a Windows Preinstallation Environment.


Best Practices for creating Microsoft Windows Preinstallation Environment ISO for recovery

When an encrypted disk fails to start the Microsoft Windows operating system, recovery of data becomes the primary goal. Creating a customized Windows Preinstallation Environment (Windows PE) CD or UFD (USB flash drive) provides a bootable recovery tool that can be used for recovery purposes.

You can use a customized Windows PE CD or UFD in the following ways:

  • To restore the previous master boot record (MBR) of the client computer, after you have restored the computer from a volume backup.
  • To recover the pre-OS screen of the client computer when a user fails to authenticate at pre-OS or the pre-OS screen is unavailable.
  • To decrypt an encrypted disk using the client administrator authentication, use "Help Desk Recovery" (for connected clients), or "Advanced Help Desk Recovery" (for never-connected clients).

Best Practices

As a best practice, you must create the customized Windows PE for recovery immediately after installing the client software. A customized Windows PE CD or UFD is the only way to recover your data when you cannot start your operating system. The best practice is to create a Windows PE CD or UFD immediately after the recovery tools have been created. A Windows PE CD or UFD stores the recovery tools away from your system and proves to be an important resource for disaster recovery.

To learn how to create a customized Windows PE CD or UFD, refer to the following Symantec Endpoint Encryption: Technical Note for Recovering Encrypted Disks Using Windows Preinstallation Environment document versions:

  • Version 11.1.0
  • Version 11.2.0
  • Version 11.3.0

Last updated June 10, 2019. Documentation version 11.3.0.

Symantec Endpoint Encryption Drive Encryption Administrator Command Line does not generate a detailed log report of errors that occur during a Windows Preinstallation Environment operation. To enable Drive Encryption Administrator Command Line to generate detailed log reports, you must include the EEMALoggerDll.dll file to your Windows Preinstallation Environment. The EEMALoggerDll.dll file is available at the Symantec Endpoint Encryption Management Agent installation directory.

Click Subscribe to this Article in the box to the right to be automatically notified when there are updates to this guide.

Attachments get_app
symcEE_11.3.0_WinPE_TechNote.pdf get_app
symcEE_11.2.0_WinPE_TechNote.pdf get_app
symcEE_11.1.0_WinPE_TechNote.pdf get_app