McAfee, Inc.

SafeTech and WinTech Administrators Guide

1
5140(513-0015) 
 McAfee, Inc.

McAfee, Inc.
McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, USA
Tel: (+1) 888.847.8766
Internet: www.mcafee.com

For more information regarding local McAfee representatives please contact your local McAfee
office, or visit:
www.mcafee.com

SafeTech/WinTech Administrators Guide

FOR BEST VIEWING RESULTS, PLEASE SET YOUR

ACROBAT READER VIEW TO “FACING”

Go to the View menu, then Page Layout, then click “Facing”

Document: SafeTech and WinTech Administrators Guide

Last updated: Wednesday, 27 February 2008
SafeBoot Enterprise Build: 5140(513-0015)

Copyright (c) 1992-2008 McAfee, Inc., and/or its affiliates. All rights reserved.

McAfee, SafeBoot and/or other noted McAfee related products contained herein are registered
trademarks or trademarks of McAfee, Inc., and/or its affiliates in the US and/or other
countries. McAfee Red in connection with security is distinctive of McAfee brand products. Any
other non-McAfee related products, registered and/or unregistered trademarks contained
herein is only by reference and are the sole property of their respective owners.

2
 McAfee, Inc.

Contents 
1. INTRODUCTION ............................................................................ 1-1 
1.1 SAFETECH OVERVIEW ............................................................................................ 1-1 
1.2 PRIOR KNOWLEDGE ............................................................................................... 1-1 

2. USING SAFETECH/WINTECH ......................................................... 2-2 

2.1 CREATING A SAFETECH DISK .................................................................................... 2-2 
2.2 CONCEPTS ......................................................................................................... 2-2 
2.2.1 SafeTech.................................................................................................... 2-2 
2.2.2 WinTech .................................................................................................... 2-2 
2.3 CREATING THE BOOT DISK ................................................................................. 2-3 
2.3.1 SafeTech Concepts ...................................................................................... 2-3 
2.3.2 When to Use WinTech/SafeTech .................................................................... 2-3 
2.3.3 Using the WinTech : Additional Requirements .................................................. 2-3 

3. SAFETECH COMMANDS .................................................................. 3-5 

3.1 FILE ................................................................................................................. 3-5 
3.1.1 Authorize ................................................................................................... 3-5 
3.1.2   Quit ..................................................................................................... 3-5 
3.2 DISK ................................................................................................................ 3-6 
3.2.1 Open Workspace ......................................................................................... 3-6 
3.2.2 Get Disk Information ................................................................................... 3-6 
3.2.3 Crypt/Decrypt Sectors ................................................................................. 3-8 
3.2.4 Force Crypt/Decrypt Sectors ......................................................................... 3-9 
3.2.5 Edit Disk Crypt State ................................................................................. 3-10 
3.2.6 Restore MBR............................................................................................. 3-10 
3.3 SAFEBOOT ....................................................................................................... 3-11 
3.3.1 Authenticate from SBFS ............................................................................. 3-11 
3.3.2 Authenticate from Database........................................................................ 3-11 
3.3.3 Reset INT13 vector .................................................................................... 3-11 
3.3.4 Emergency Boot........................................................................................ 3-11 
3.3.5 Remove SafeBoot ...................................................................................... 3-11 
3.4 ALGORITHMS..................................................................................................... 3-11 
3.4.1 Enumerate Algorithms ............................................................................... 3-11 
3.4.2 Set Algorithm ........................................................................................... 3-12 
3.5 OPTIONS ......................................................................................................... 3-14 
3.5.1 Set Background Colour (SafeTech only option) .............................................. 3-14 
3.6 HELP .............................................................................................................. 3-14 

3
 McAfee, Inc.

3.6.1 Contact .................................................................................................... 3-14 

3.6.2 About ...................................................................................................... 3-14 

4. THE WORKSPACE ........................................................................ 4-15 

5. TROUBLESHOOTING .................................................................... 5-16 
5.1 TROUBLESHOOTING SCENARIOS ............................................................................... 5-16 
5.2 TROUBLESHOOTING PROCEDURES .................................................................... 5-17 
5.2.1 How to create a SafeTech Disk .................................................................... 5-17 
5.2.2 How to export the machine key (machine configuration) ................................. 5-17 
5.2.3 How to create a WinTech PE Boot CD/DVD .................................................... 5-20 
5.2.4 Reset INT 13 Procedure ............................................................................. 5-21 
5.2.5 Remove INT 13 Protection .......................................................................... 5-25 
5.2.6 SafeTech Emergency Boot Procedure ........................................................... 5-26 
5.2.7 Encryption and Boot Sector Removal: Method 1 ............................................. 5-31 
5.2.8 Encryption and Boot Sector Removal: Method 2 ............................................. 5-37 
5.2.9 Mount Drive (WinTech Only option).............................................................. 5-41 

4
 McAfee, Inc.

Table of Figures
FIGURE 1 SAFETECH AUTHROIZATION CODE  3‐5 
FIGURE 2 ‐ THE WORKSPACE  3‐6 
FIGURE 3 ‐ DISK INFORMATION  3‐7 
FIGURE 4 – INSERT THE START SECTOR VALUE (63)  3‐9 
FIGURE 5 ‐ FORCE CRYPT/DECRYPT SECTORS  3‐10 
FIGURE 6 ‐ ENUMERATE ALGORITHMS  3‐12 
FIGURE 7 ‐ SET ALGORITHM  3‐13 
FIGURE 8 ‐ CHECKING THE SBADMIN ALGORITHM  3‐13 
FIGURE 9 ‐ CONTACT DETAILS  3‐14 
FIGURE 10 ‐ ABOUT DISPLAY  3‐14 
FIGURE 11 ‐ THE SAFETECH WORKSPACE  4‐15 
FIGURE 12 ‐ CREATING THE SAFETECH BOOT DISK  5‐17 
FIGURE 13 ‐ THE DEVICES TAB  5‐18 
FIGURE 14 ‐ THE MACHINE GROUP  5‐18 
FIGURE 15 ‐ EXPORT CONFIGURATION  5‐19 
FIGURE 16 ‐ THE LOCATION OF THE BOOTABLE DISK  5‐20 
FIGURE 17 ‐ ENTERING THE SAFETECH CODE  5‐21 
FIGURE 18 ‐ SELECTING AUTHENTICATE FROM SBFS  5‐22 
FIGURE 19 ‐ LOGIN WITH SELECTED TOKEN  5‐23 
FIGURE 20 ‐ ENTER THE USERNAME AND PASSWORD  5‐23 
FIGURE 21 ‐ SELECT RESET INT13 VECTOR  5‐24 
FIGURE 22 ‐ INT13 VECTOR RESET MESSAGE  5‐24 
FIGURE 23 ‐ VIRUS PROTECTION OPTION  5‐25 
FIGURE 24 ‐ CLIENT MACHINE SYNCHRONIZATION MENU  5‐26 
FIGURE 25 ‐ ENTER THE AUTHENTICATION CODE  5‐27 
FIGURE 26 ‐ LOADING VALUES FROM A MACHINE’S DATABASE  5‐27 
FIGURE 27 ‐ AUTHENTICATE FROM DATABASE  5‐28 
FIGURE 28 ‐ SELECT THE MACHINE NAME  5‐29 
FIGURE 29 ‐ CHOOSING EMERGENCY BOOT OPTION  5‐29 
FIGURE 30 ‐ CHOOSE THE OPERATING SYSTEM  5‐30 
FIGURE 31 ‐ CONFIRM EMERGENCY BOOT  5‐30 
FIGURE 32 ‐ THE CLIENT STATUS SCREEN  5‐31 
FIGURE 33 ‐ AUTHORIZATION CODE PROMPT  5‐32 
FIGURE 34 ‐ SELECTING AUTHENTICATE FROM SBFS  5‐32 
FIGURE 35 ‐ SELECT TOKEN  5‐33 
FIGURE 36 ‐ ENTER YOUR USERNAME AND PASSWORD  5‐34 
FIGURE 37 ‐ THE REMOVE SAFEBOOT OPTION  5‐34 
FIGURE 38 ‐ SAFETECH REMOVING SAFEBOOT ENCRYPTION AND BOOT LOGON  5‐35 
FIGURE 39 ‐ AUTHORIZATION CODE  5‐37 
FIGURE 40 ‐ AUTHENTICATE FROM DATABASE  5‐38 
FIGURE 41 ‐ SELECT THE FILE NAME  5‐38 
FIGURE 42 ‐ SELECT MACHINE  5‐39 
FIGURE 43 ‐ SELECT REMOVE SAFEBOOT  5‐39 
FIGURE 44 ‐ REMOVING SAFEBOOT  5‐40 
FIGURE 45 ‐ THE SAFEBOOT WINTECH OPTION  5‐41 
FIGURE 46 ‐ THE WINTECH AUTHORIZATION SCREEN  5‐42 
FIGURE 47 ‐ EXAMPLE CODE  5‐42 
FIGURE 48 ‐ THE INFORMATION BAR  5‐42 
FIGURE 49 ‐ THE AUTHENTICATE FROM DATABASE OPTION  5‐43 
 

5
 McAfee, Inc.

1. Introduction

1.1 SafeTech Overview

This guide contains information on how to use the SafeBoot Device
Encryption disaster recovery tool, SafeTech. SafeTech can, if used
properly, recover data from encrypted hard disks and repair damaged
and corrupted Device Encryption installations. If used without caution
SafeTech can be dangerous for your machine. In this guide we detail
some of the common tasks you might want to perform. We advise you
always to seek the opinion of a SafeBoot certified support professional
before attempting any of the more sophisticated procedures.

1.2 Prior Knowledge

This guide was written for security administrators. It assumes that you
have some knowledge of security concepts, encryption, and the
SafeBoot product range; in particular, the SafeBoot Management
Center. It is preferable that administrators (readers) will have attended
some form of SafeBoot Training to understand basic concepts before
following the procedures in this guide.

1-1
 McAfee, Inc.

2. Using SafeTech/WinTech

2.1 Creating a SafeTech Disk

You can create a boot disk with the files needed to use SafeTech from
the SafeBoot Management Center by using the menu option Recovery
> SafeTech Disk and follow the prompts to place the files on your
selected media.

2.2 Concepts
2.2.1 SafeTech
SafeTech is SafeBoot’s comprehensive low level diagnostic, repair and
recovery utility. It runs from the OnTime 32 bit Operating System and
has the look of Windows but is not a true Windows application.
SafeTech has some unique advantages as well:
The only disadvantage WinTech has is the ability to perform an
Emergency Boot, whereas this feature is available in SafeTech created
from the directory.

Since WinTech currently has no ability to perform an

“Emergency Boot”, it will not be possible to fix a corrupted
SafeBoot logon or boot time error with WinTech – please use
SafeTech for such repairs.

Minor disadvantage is it cannot be made easily or directly from

SafeBoot Management Center as it requires a compile of a Bart PE or
Windows PE environment and also requires access to original Windows
XP or 2003 install files when first creating the Bart PE environment

2.2.2 WinTech
WinTech is the true Windows version of SafeTech and offers several
advantages:
1) The ability to booting directly from a Bart PE or Windows PE/RE boot
environment using CD, DVD or bootable USB stick giving administrators
the ability to utilize the same recovery environment they used always
used for Disaster Recovery and Repair.
2) The new MOUNT drive feature allows data on an encrypted drive to
be accessed quickly once authorized. There is no need to completely
decrypt the drive first to get to important files or documents. Data is
decrypted on-the-fly from the encrypted disk and this allows full access
to the contents.

2-2
 McAfee, Inc.

3) Easier access to USB drives and memory sticks that have been
encrypted using the new 5.x DE optional USB removable drive support.
Although normally an encrypted USB flash memory stick or external
USB drive would only be accessible from the machine it was encrypted
from, SafeBoot’s WinTech utility allows these encrypted drives to be
mounted and viewed or the contents removed without requiring access
to the original working machine as long as the machine key is still
available in the Master Object Directory of the SafeBoot Management
Center.

2.3 CREATING THE BOOT DISK

2.3.1 SafeTech Concepts
SafeTech is a diagnostic and repair tool for SafeBoot. It can be used to
repair and fix problems with a SafeBoot protected system, such as
damage caused by a virus or other types of corruption on the system.
Individual machine encryption keys and configuration information is
stored in the SafeBoot database and this can be exported for use by
SafeTech to repair or remove SafeBoot from a problem machine.
WinTech allows you to use SafeTech booted from a Bart PE or Win
PE/RE environment with all the same functionality as SafeTech from the
SBMC (except Emergency Boot).

2.3.2 When to Use WinTech/SafeTech

Recovery of users’ passwords and lost token devices are all handled by
the SafeBoot Recovery option. This tool is sufficient to handle the
majority of problems that arise. If a machine cannot boot to the
SafeBoot logon screen then WinTech/SafeTech is needed. (Please refer
to the Troubleshooting chapter for many common scenarios and the
procedures to follow for each instance.)

2.3.3 Using the WinTech : Additional Requirements

Once a Bart PE or Windows PE boot CD/DVD is complied with the
SafeBoot WinTech plugin the following is required:
• As with all SafeBoot products at all times, a valid user
authentication or machine key is needed to access the data on
the encrypted hard drive or USB stick.
• The daily access code to allow access to the functions and use of
WinTech. This is usually obtained from SafeBoot Support by
customers with a valid support contract.

2-3
 McAfee, Inc.

Although WinTech is a convenient recovery tool, it is NOT a

‘back door’ to data. The Daily access code ONLY enables
advanced WinTech menu functions - and thus stops casual
incorrect usage of the tool which could damage a SafeBoot
installation.
The Daily access code does NOT provide access to encrypted
data.
Authentication is still required to access the encrypted data.
The other way is to provide the machine’s unique encryption
key exported from the administration database (requires
SafeBoot administration rights to export).

2-4
 McAfee, Inc.

3. SafeTech Commands

3.1 File
3.1.1 Authorize

Figure 1 SafeTech Authroization Code

This screen allows you to enter the SafeTech access code to unlock
dangerous features. You only need to use this option if you started
SafeTech without entering the code, and then chose to enter the code.
Once a correct code has been entered, the SafeTech status bar changes
to show “Authorized” access.

Though you cannot damage any data by entering the code,

you should be wary that if you don’t enter the code at all,
then all dangerous features are blocked making SafeTech
“Safe”. Once the code has been entered, all dangerous
features are unlocked meaning you have the potential to
cause data loss. You should only enter the authorisation code
when you are sure you need to perform these potentially
dangerous operations.

3.1.2 Quit
This option exits SafeTech and restarts the system.

3-5
 McAfee, Inc.

3.2 Disk
3.2.1 Open Workspace
This option opens the Workspace. For assistance on how to use the
SafeTech/WinTech workspace, please contact SafeBoot support.

Figure 2 - The Workspace

3.2.2 Get Disk Information

This option displays information about the physical drives detected by
SafeTech. Each physical disk has a node in the disk information tree
which describes its LUN, partitions, size and SafeBoot information.

3-6
 McAfee, Inc.

Figure 3 - Disk Information

Disk Information
GUID – The unique GUID of this disk (a Device Encryption construct)
Alg ID - The SafeBoot Algorithm used to encrypt the disk
Database ID – The SafeBoot Database ID (hexadecimal) of the host
SafeBoot Database that this machine has registered its keys to, and is
accepting policy updates from. You can determine the Database ID
through SBAdmin by looking at the License Information.
Machine ID – This is the machine unique object ID. You can find the
machines corresponding policy object by authenticating to the correct
SafeBoot Database (using the Database ID above to ensure you’re
connected to the correct DB). Then click the “SafeBoot Machines
Group” node in the Devices tab, then click the “Groups” → “Find” and
search for the appropriate Object ID – in the example above it would be
00000003.
SBFS Sector Map – This is the sector location at the beginning of the
SBFS Sector map. The SBFS Sector map defines the ranges of sectors
on the users’ hard disk which contain the Device Encryption pre-boot
environment.
SBFS Sector Map Count – This is the size of the sector map.
Key Check – A hash of the encryption key used to protect the
machine. This is used to verify keys are correct.

3-7
 McAfee, Inc.

Crypt List
Region Count – The number of defined crypted areas of this logical
disk. This usually corresponds to the number of partitions on the drive.
Region … - Each region is defined as follows:
Start Sector – The physical start sector of the region
End Sector – The last physical sector included in the region
Sector Count – The number of sectors included in this region
PowerFail Status – Device Encryption tracks the progress of
encryption on the drive to ensure that if power is lost during
encryption, the process is recoverable.
Status – Determines whether the drive is currently in powerfail state.
A status of Inactive Indicates that the current encryption process has
finished.
Partition – A section per Logical partition on this physical drive as
follows:
Partition Number – The unique partition number
Partition Type – The file system detected on this partition
Partition Bootable – Whether the partition is bootable or not
Partition Recognised – Whether the partition is recognized as viable
Partition Drive Letter – The detected drive letter of this partition
Partition Start Sector – The physical start sector of the partition
Partition End Sector – The physical end sector of the partition
Partition Sector Count – The number of sectors in the partition

3.2.3 Crypt/Decrypt Sectors

The Crypt/Decrypt option allows you to safely manipulate which sectors
are encrypted on the disk. This option follows the crypt list (see “Get
Disk Information”) to validate the ranges you submit, so it will not
encrypt sectors which are currently encrypted, and will not decrypt
sectors which are currently not encrypted. This option supports power
fail protection.
You can only use the Crypt/Decrypt Sectors option if the disk crypt
state is still valid. If SafeBoot has become corrupt on the disk, or the
crypt state has been corrupted, you will need to use the Force
Crypt/Decrypt Sectors option.

3-8
 McAfee, Inc.

If you change the encryption state with the Crypt/Decrypt Sectors

option, appropriate modifications will be made to the disk Crypt List.
For example, if you encrypt a new range, a new Region definition will
be created. If you decrypt within an existing Region, then the existing
region will be split into two, if you completely decrypt a region, it will
be removed from the crypt list.

Figure 4 – Insert the Start sector value (63)

Though this option follows the machines built in record of

the encryption state of the disk, and supports power fail,
manual manipulation of the encrypted sector ranges should
only be attempted under the supervision of SafeBoot support
personnel. If you have to use this function it is wise to record
the exact ranges you manipulated in case of unforeseen
issues.

3.2.4 Force Crypt/Decrypt Sectors

Unlike the Crypt/Decrypt sectors option, the Force Crypt/Decrypt option
does not pay attention to the disk crypt state, it simply performs the
operation blindly according to user input. Force Crypt does not support
power fail, nor does it apply any logic or parameter validation on the
input.
You should only use the Force Crypt/Decrypt sectors option when all
else fails, when the on-disk structures are completely corrupted for
example.

3-9
 McAfee, Inc.

Figure 5 - Force Crypt/Decrypt Sectors

This option will certainly cause irretrievable data loss if used

incorrectly. If you are forced to use this option, you should
make a recording of each operation you apply to aid in data
recovery.
Ensure when using this option that there is no possibility of
losing power while it is working – this option DOES NOT
support power fail protection.

3.2.5 Edit Disk Crypt State

Call SafeBoot Technical support for assistance.
This option will certainly cause irretrievable data loss if used
incorrectly
Ensure when using this option that there is no possibility of
losing power while it is working – this option DOES NOT
support power fail protection.

3.2.6 Restore MBR

This option restores the original MBR of the machined but does no
validation checking.

3-10
 McAfee, Inc.

3.3 SafeBoot
3.3.1 Authenticate from SBFS
This authentication is through entering the correct userid and password
when presented with that screen.

3.3.2 Authenticate from Database

This function allows the user to authenticate with the machine key
through the exported SDB file form the master object directory

3.3.3 Reset INT13 vector

When moving a hard disk between machines, updating the BIOS, or
after a virus attack, SafeBoot will warn of a possible virus at boot time
and deny access to the machine.
Should there be a possibility of a virus, run a virus checker.

3.3.4 Emergency Boot

Repairs the SafeBoot File system on the client machine.

3.3.5 Remove SafeBoot

Removes the encryption and boot sector from a machine, but does not
remove the SafeBoot client files. (See the Device Encryption
Administration Guide for details on removing client files).

3.4 Algorithms
3.4.1 Enumerate Algorithms
Enumerates through each possible algorithm and tries to load it from
the SafeTech boot file. The algorithms are contained within the
SafeTech program themselves.

3-11
 McAfee, Inc.

Figure 6 - Enumerate Algorithms

3.4.2 Set Algorithm

This option allows you to select which algorithm to use in the current
SafeTech session. As the SafeBoot Device Encryption algorithm is an
enterprise-wide setting, and can never be changed, you should confirm
the algorithm the Management Center is using before setting it in
SafeTech. You can do this from the Help/About/Modules screen – check
the description of the SBAlg.DLL file.

3-12
 McAfee, Inc.

Figure 7 - Set Algorithm

Figure 8 - Checking the SBAdmin Algorithm

Selecting the wrong algorithm here will prevent any manual

decryption functions (decrypt sectors, force decrypt sectors
etc) perform the wrong mathematical functions on the data.
This process is reversible, by for example re-encrypting the
sector ranges but if the algorithm choice cannot be
remembered, can be extremely time consuming to recover
from.

3-13
 McAfee, Inc.

3.5 Options
3.5.1 Set Background Colour (SafeTech only option)
This option allows the background colour of the screen to be set to
improve clarity on older monitors. You can choose from Black, Red,
Green, Blue, or White.

3.6 Help
3.6.1 Contact

Figure 9 - Contact Details

Displays a list of current world telephone support numbers.

3.6.2 About

Figure 10 - About Display

This option displays the major and minor SafeTech version.

3-14
 McAfee, Inc.

4. The Workspace

The SafeTech workspace provides the administrator with the ability to

examine sectors of the drive for encryption state. Since it also allow the
administrator to write sectors back to the disk, it should only be used
under the guidance of SafeBoot Support representatives (or by those
who have received Advanced SafeTech Training) for advanced
troubleshooting.

Figure 11 - The SafeTech Workspace

4-15
 McAfee, Inc.

5. Troubleshooting

5.1 Troubleshooting Scenarios

SCENARIO I:
The SafeBoot login screen does not appear when booting the PC.
Follow the Emergency Boot procedure.

SCENARIO II:
Updated the machine’s BIOS and now boot to a virus warning
Follow the Reset INT 13 Vector procedure

SCENARIO III:
Boot to missing operating system while the machine is in the process of
encrypting or decrypting
Follow the Encryption and Boot Sector Removal: Method 1 procedure

SCENARIO IV:
Boot to missing operating system after machine has successfully
encrypted
Follow the Encryption and Boot Sector Removal: Method 2 procedure

SCENARIO V:
Copy Data from a corrupted encrypted drive without removing
encryption.
Follow the Mount Drive (WinTech Only option) procedure

SCENARIO VI:
Copy Data from an encrypted external USB attach drive or USB flash
drive.
Follow the Mount Drive (WinTech Only option) procedure

5-16
 McAfee, Inc.

5.2 TROUBLESHOOTING PROCEDURES

5.2.1 How to create a SafeTech Disk
A bootable disk can be created to contain all files necessary to run
SafeTech. A blank diskette (or USB flash drive) can be used to create
the SafeTech disk. It is no necessary to format the media as bootable
(although the BIOS of the machine must support booting to USB if this
media is selected.)
1. Select the menu option Recovery menu.
2. Select Create SafeTech boot disk.

Figure 12 - Creating the SafeTech boot disk

3. Select the media to use as the recovery disk and save it.

5.2.2 How to export the machine key (machine

configuration)
1. Select the Devices tab from the tree window.

5-17
 McAfee, Inc.

Figure 13 - The Devices tab

2. Locate the machine group that includes the problem machine,

and double-click on it to open the group (or right click and choose
open).

Figure 14 - The Machine Group

5-18
 McAfee, Inc.

3. In the newly opened group window, right click on the machine

needing recovery and click “Export Configuration”.

Figure 15 - Export Configuration

4. For normal use uncheck all three items under “Options” to save
disk space.

5-19
 McAfee, Inc.

Figure 16 - The location of the bootable disk

5. Type in the location of the bootable diskette just created or

browse to locate (usually A ).
6. Click “OK”.

5.2.3 How to create a WinTech PE Boot CD/DVD

To compile a WinTech PE boot CD/DVD the following is required:
• BartPE Builder Version 3.1.10a (released on Feb 17, 2006) or
later currently available from http://www.nu2.nu/pebuilder/ .
• A valid licensed copy of the XP or 2003 installation files are
required.
• The WinTech plugin available on the 5.1.0.1 CD and later.
• Blank CD/DVD
Full instructions on actually making the disk are available separately in
the “\Tools\Making a Rescue CD” folder on the current 5.1.1 or on a
later SafeBoot Management Center installation. See the SafeBoot and
Windows Rescue CDs document.
In this folder is an example bootable CD-ROM ISO image - please see
the SafeBoot and Windows Rescue CDs document for further details.
Further information regarding BartPE is also available on the BartPE
website http://www.nu2.nu/pebuilder/.

5-20
 McAfee, Inc.

(Optionally Bart PE provides instructions on building the boot

environment on a bootable USB device. Please refer to the Bart PE
online information for how to do this).

Although SafeBoot has experience with WinPE/RE and BartPE,

we cannot offer support on the use of these products other
than information on how to install SafeBoot drivers and
SafeBoot applications. SafeBoot Support cannot support
issues around configuring BartPE or WinPE/RE for other
hardware or software requirements.

5.2.4 Reset INT 13 Procedure

When moving a hard disk between machines, updating the BIOS, or
after a virus attack, SafeBoot will warn of a possible virus at boot time
and deny access to the machine.
1. Create a SafeTech or WinTech boot disk. See the How to create a
SafeTech Disk procedure. Note: The machine configuration is not
required.
2. Reboot the problem machine using SafeTech boot disk
3. At the DOS prompt, type SafeTech and press return
4. Enter the access code. This is obtained from the Helpdesk
personnel or by calling SafeBoot Support.
5. Press the <Return> key.

Figure 17 - Entering the SafeTech Code

5-21
 McAfee, Inc.

6. Select “Authenticate” from SBFS from the main menu

Figure 18 - Selecting Authenticate from SBFS

7. SafeTech reads values from the drive and returns a message as

per the screenshot below.
If you get a message that indicates a failure to read the values from
the disk, then contact SafeBoot Support – otherwise, click “Login With
Selected Token”.

5-22
 McAfee, Inc.

Figure 19 - Login With Selected Token

8. Enter Username and Password click “Ok”.

Figure 20 - Enter the username and password

9. Go to the Tool Bar menu and open the SafeBoot drop down
menu. Select “RESET INT13 Vector” from the menu.

5-23
 McAfee, Inc.

Figure 21 - Select RESET INT13 Vector

10. INT13 has been successfully reset message appears. Click

“OK”.

Figure 22 - INT13 Vector reset message

5-24
 McAfee, Inc.

Should there be a possibility of a virus, then run a virus

checker.

5.2.5 Remove INT 13 Protection

If you wish to avoid the Reset INT 13 condition while updating the
BIOS, then temporarily turn off “Virus Protection” before the BIOS
upgrade.
1. In the SafeBoot Management Center find the machine, right click
on it and select “Properties”.
2. Select the “General” icon.
3. Under Options, scroll until you find “Virus Protection”.
4. Deselect “Enable MBR virus protection” (see screenshot below).
5. Click Apply.

Figure 23 - Virus Protection option

After the BIOS has been upgraded the option is re-enabled, applied,
and the machine is synchronized. This will again protect the boot sector
of the machine.

5-25
 McAfee, Inc.

Figure 24 - Client machine synchronization menu

5.2.6 SafeTech Emergency Boot Procedure

Should SafeBoot fail to boot, and the logon screen does appear, the
SafeTech Emergency Repair process should be performed. Create a
SafeTech boot disk before proceeding.

If the data is very important, or you are unsure about the

procedure, the please contact SafeBoot support before
proceeding.

Note: When selecting options such as “Proceed” or “Abort”

the correct selection is the grey box with > < surrounding
the option (e.g. > continue < ) and NOT the colored option!

1. Reboot the problem machine using SafeTech boot disk.

2. Enter the authentication code. This can normally be obtained
from the Helpdesk personnel or by calling SafeBoot Support.
3. Click “Ok”.

5-26
 McAfee, Inc.

Figure 25 - Enter the authentication code

4. From the main menu select “SafeBoot” followed by “Authenticate

from Database”.

Figure 26 - Loading values from a Machine’s database

5-27
 McAfee, Inc.

5. Ensure the exact machine configuration is on the disk, select the

correct machine and click “Ok”.

Figure 27 - Authenticate from database

6. The machine name will be shown in an open window – only one

should be listed. Check the correct machine name is listed.
7. Click “Use Selected Machine”

5-28
 McAfee, Inc.

Figure 28 - Select the machine name

8. Select “SafeBoot” followed by “Emergency Boot”.

Figure 29 - Choosing Emergency Boot option

9. Please click “Yes” if you are using Windows XP (or earlier), or,
click “No” if you are using Windows 2003, Vista and higher.

5-29
 McAfee, Inc.

Figure 30 - Choose the operating system

10. Click “Ok” to confirm the Emergency Boot

Figure 31 - Confirm Emergency Boot

11. When the machine boots into Windows, if there is a network

connection through to the SafeBoot server, then the machine will
synchronize with the SafeBoot Object Directory and fully repair

5-30
 McAfee, Inc.

itself. Check this by right-clicking on the SafeBoot manager icon

on the Taskbar, and selecting “Show Status”.

Figure 32 - The Client status screen

If SafeBoot is unable to establish connection to the master

directory at this time, continue to use the SafeTech
Emergency Repair boot disk to boot the machine (as per step
11), until a connection to the server is made.

5.2.7 Encryption and Boot Sector Removal: Method 1

Make sure the machine’s main power supply is plugged in for

this procedure. Do not attempt to perform on battery only.

1. Create a SafeTech Boot Disk. See the How to create a SafeTech

Disk procedure.
2. Boot the problem machine with the SafeTech Boot disk.
3. Start SafeTech (it may autoload depending on the boot disk).

5-31
 McAfee, Inc.

4. Enter the authorization code.

Figure 33 - Authorization Code Prompt

5. Select the 2Authenticate from SBFS” option.

Figure 34 - Selecting Authenticate from SBFS

5-32
 McAfee, Inc.

6. SafeTech reads values from the drive and returns a message as

per the screenshot below.
7. If the message indicates a failure to read the values from the
disk, contact SafeBoot Support; otherwise, choose the right
Token and click “Logon With Selected Token”.

Figure 35 - Select Token

8. Enter the Username and Password.

5-33
 McAfee, Inc.

Figure 36 - Enter your username and password

9. Select “Remove SafeBoot”.

Figure 37 - The Remove SafeBoot option

5-34
 McAfee, Inc.

10. This will decrypt the drive and remove the boot sector. It may
take some hours depending on the machine performance and the
storage capacity of the drive or partition.

Figure 38 - SafeTech removing SafeBoot encryption and boot logon

11. Next, when the machine has been removed, delete its record
from the SafeBoot directory (the central record no longer has the
correct parameters for the machine). See the Device Encryption
Administrators Guide for further information, or, contact your
SafeBoot Database Administrator.

When the operating system is repaired, SafeBoot will

automatically reactivate itself if the installed files are still
intact and it connects to the SafeBoot Server. The machine
may encrypt at this point too, depending on its settings in the
database.
This can be prevented by disconnecting from the network
prior to booting the machine (or disable wireless networking).
Once Windows has loaded from Windows CMD prompt,
change to the SafeBoot folder on the machine and enter:
“sbsetup –Uninstall”
Important: The “sbsetup – Uninstall” command can only be
used if the drive is currently completely unencrypted.

5-35
 McAfee, Inc.

Make sure you check where the \SBADMIN (administration

system files) and the \SBDATA (database folder) have been
installed. If your installation is not in the recommended
locations, then make sure you check where they have been
installed before proceeding.

Also, disconnecting from the network will prevent re-

activation only if this machine was originally a SafeBoot
‘online’ install. If it was an ‘offline’ install, then boot to
Windows Safe Mode first. See the Device Encryption
Administrators Guide for further information regarding online
and offline installation.

5-36
 McAfee, Inc.

5.2.8 Encryption and Boot Sector Removal: Method 2

If SafeBoot itself is not working, method 1 cannot be used. Method 2
should only be attempted under the guidance of SafeBoot Support. For
this method the machine’s configuration exported from the database
will be required.
1. Create a SafeTech Boot Disk. See the How to create a SafeTech
Disk procedure.
2. Export machine configuration. See the How to export the machine
key (machine configuration) procedure.
3. Boot the problem machine with the disk.
4. Enter the authorization code.

Figure 39 - Authorization Code

5. Select “Authenticate from Database” from the SafeBoot drop

down menu.

5-37
 McAfee, Inc.

Figure 40 - Authenticate from database

6. Next select the current machine name shown in the open window.
Then click OK.

Figure 41 - Select the file name

7. Now select the correct Machine Name.

5-38
 McAfee, Inc.

Figure 42 - Select Machine

8. Select “Remove SafeBoot” from the SafeBoot drop down menu.

This will decrypt the drive and remove the boot sector. It may
take some hours depending on the machine performance and the
storage capacity of the drive or partition.

Figure 43 - Select Remove SafeBoot

5-39
 McAfee, Inc.

Figure 44 - Removing SafeBoot

9. Remember to delete the machine’s record from the SafeBoot

directory once it has finished removing, as the central record no
longer has the correct parameters for the machine.

When the operating system is repaired, SafeBoot will

automatically reactivate itself if the installed files are still
intact and it connects to the SafeBoot Server. The machine
may encrypt at this point too depending on its settings in the
database.
This can be prevented by disconnecting from the network
prior to booting the machine (or disable wireless networking).
Once Windows has loaded from Windows CMD prompt
change to the SafeBoot folder on the machine and enter:
“sbsetup –Uninstall” (Note: This command can only be used
if the drive is completely unencrypted).

Disconnecting from the network will prevent re-activation

only if this machine was originally an ‘online’ install of
SafeBoot . If it was an ‘offline’ install boot to Windows Safe
Mode first. See the Device Encryption Administrators Guide
PDF document for further information regarding online and
offline installation.

5-40
 McAfee, Inc.

5.2.9 Mount Drive (WinTech Only option)

Using WinTech: Accessing removable Data stored on an encrypted USB
Drive.
To obtain the key for the USB drive or stick, Follow Procedure No. 2
above to export the machine’s database from the SBCM. This must be
the machine that the attached drive was originally attached to when it
was encrypted.
1. Export the machine’s database. Note: Save the machine
database to a location you can retrieve later from the BartPE CD.
This exported database file contains the machine’s key.
Booting BartPE
1. In the BIOS of the client PC, find the menu to alter the order of
Boot devices.
2. Set the boot device order to boot from CD/DVD first. Consult your
PC or laptop documentation for further information.
3. Insert your WinTech Bart PE disk. Confirm the prompt to press a
key and boot from CD.
4. Once the PE environment has fully loaded you can start WinTech.
From the Start menu, choose “Programs” then “SafeBoot
WinTech”.

Figure 45 - The SafeBoot WinTech option

Any USB sticks or drives you need to access later will need to
be plugged in before Windows PE starts to load, this includes
any encrypted disks you wish to access, or any disk
containing the machine export database.

5. WinTech will then load. It will prompt for the authorization code
(this code can be obtained from SafeBoot Support). Enter the
code.

5-41
 McAfee, Inc.

Figure 46 - The WinTech authorization screen

Figure 47 - Example code

Notice the Info bar at the bottom of the tool reports “Not Authorized”
until the code has been correctly entered. After the code has been
entered, this changes to Authorized.

Figure 48 - The Information bar

The “Not Authenticated” message still shows. User authentication or an

encryption key to decrypt any data is still required!
6. Now enter the machine’s key retrieved earlier from the exported
database. Note: in the case of a USB stick or driver, enter the
key of the machine the drive was attached to when it was
encrypted.
7. Now authenticate from the machine’s database. From the
SafeBoot menu choose “Authenticate from Database”.

5-42
 McAfee, Inc.

Figure 49 - The Authenticate from Database option

8. Browse to the location of the exported machine configuration.

9. Choose the correct SDB file
10. From the “Disk” menu, choose “Mount Drive”.
11. From Start menu run your chosen File Management tool
(BartPE default is A43 File Manager).

5-43