Greetings. Here is my scenario. My company mostly uses Windows XP, but we are moving to Windows 7 with each new machine or re-image being deployed. We also use Symantec Endpoint Encryption, 8.1.2 MP5.
We've noticed that on machines that have the encryption software, if the machine loses power at a certain point, upon reboot, the USB ports are disabled.
Here's the problem...during normal operation, or sitting at the C-A-D screen, no issue, just need to wait out the 30 second timer on the Windows Boot menu, and the auto-selection will be, "Start Windows Normally". We can't select anything else, because the keyboard and mouse do not work. We have tried all different USB ports as well, USB 2 and USB 3, same result. So not much of a problem...but a timed hinderance.
BUT....if the power is lost when Windows is loading it's start-up files, basically when it says, "Starting Windows", the system defaults to a different boot menu with two options. The default selection is "Launch Start-Up Repair (recommended)".. The problem is that utility never fails to repair the Windows boot order, and leaves the machine in a non-usable boot-loop. The utility failure occurs with or without encryption and is a known Windows issue.
So the only way around that is to decrypt the drive, slave the drive, copy user data, and then re-image. Decrypting a mechanical drive can take over 30 hours, leaving the user without a machine for over a full day.
We tried using BCDEDIT to ignore all failures, but it still defaults to that Launch Repair option..
My thought is that SEE thinks someone is trying to access the Windows partition before it loads, so it disables the USB until Windows can take over in a proper loading sequence and initiate the OS correctly.
On a laptop, it's not so much of an issue, because the on-board keyboard still works...but with all Desktops, and a large amount of laptops that are used in a type of kiosk/cart, where the laptop is secured and normal use has an exterior USB keyboard, the machine becomes a brick in a way.
Is this a known behavior of SEE? And if so, is there any way to disable it?
Sorry for long question, but I wanted to give as many details as I could. Please ask questions if I missed something. This is seriously affecting a large deployment project of over 350+ machines..
Thank You,
-Rick S