Create Windows 10 WinPE recovery media for Encryption Desktop drive encryption

book

Article ID: 200549

calendar_today

Updated On:

Products

Encryption Desktop Powered by PGP Technology Drive Encryption Powered by PGP Technology Drive Encryption

Issue/Introduction

WinPE (Windows Preinstallation Environment recovery media is very useful if you need to authenticate to or decrypt a machine encrypted with Encryption Desktop drive encryption if it will not load Windows.

However, the Technical Note attached to article 163338 does not currently cover creating the WinPE media for Windows 10.

Environment

  • Windows 10 x64 version 2004, 1909 and 1903.
  • Symantec Encryption Desktop drive encryption release 10.4.2 MP5 and 10.5.

Resolution

On a machine running the same release of Encryption Desktop as the machine you wish to recover, download and install the Windows 10 Assessment and Deployment Kit (ADK). Note that the machine used to create the WinPE media does not need to have its drive encrypted. Click here to download the installer for Windows 10 version 2004. Click here to download the installer for Windows 10 version 1909 and 1903.

The ADK setup dialog has over seven components selected by default. These components will require over 1 GB of disk space. However, only the Deployment Tools are required and they require under 100 MB of disk space, so please deselect the other components if you wish to save disk space and time.

After you have installed the ADK, download and install the Windows PE add-on. You can download the Windows 10 version 2004 installer directly from here or the Windows 10 version 1909 and 1903 installer directly from here.

Do the following to create the WinPE recovery media:

1. Right click on the Deployment and Imaging Tools Environment shortcut and choose More / Run as administrator.

2. Enter this command to run the Microsoft copype.cmd script which creates working directories for WinPE image customization and media creation:

copype amd64 \winpe_amd64

3. Download the attached 1601488804411__makewinpeiso.cmd.txt file, rename it makewinpeiso.cmd and run it. This prepares all the files for the creation of a bootable ISO.

4. Run the following command to create the bootable ISO \WinPE_amd64\WinPE_amd64.iso:

makewinpemedia /iso \WinPE_amd64 \WinPE_amd64\WinPE_amd64.iso

5. Run the following command to create a bootable WinPE USB drive. The drive will be formatted. If the USB drive letter is F run this:

makewinpemedia /ufd \WinPE_amd64 f:

If the makewinpemedia command fails to create the bootable USB drive, you may need to clean and prepare the USB drive first. To do this, run the following command to find out the disk number of the USB drive. Usually the USB drive is disk 1:

reg query HKLM\SYSTEM\CurrentControlSet\Services\disk\Enum

Assuming the USB drive is disk 1, download the attached 1601459827665__diskpart.txt file, rename it diskpart.txt and run the following command:

diskpart /s diskpart.txt

Then run the makewinpemedia command from step 4 again.

If you need to roll back to the point before you ran the copype command, run these commands to remove the folders you created:

cd\
rd /s /q \winpe_amd64
rd /s /q \wde

Refer to the section Using the Customized Windows PE CD/UFD to Decrypt and Access Disks in the Technical Note attached to article 163338 in order to authenticate to the encrypted disk and decrypt it, once you have booted from the WinPE USB drive.

Attachments

1601488804411__makewinpeiso.cmd.txt get_app
1601459827665__diskpart.txt get_app