File Share Encryption

 View Only

  • 1.  Lost MBR while cloning the hard disk

    Posted Jul 14, 2015 12:48 PM

    Hi

    I was trying to clone my hard disk to a bigger hard disk. I have PGP V4.0.1 installed with 2 partitions on the hard disk. After the cloning process strated, computer restarted and suddenly MBR3/ MBR1 or MBR2 error coming up asking to insert floppy.

    Is there a way to recover my MBR and ultimately my data?

    Thanks all experts for sharing their knowledge.

    James



  • 2.  RE: Lost MBR while cloning the hard disk

    Posted Jul 16, 2015 11:38 AM

    Hello,

     

    When you say PGP V4.0.1 i am not certain as to which version of encryption is this.

    Encryption desktop would have a version of 10.x.x

    Encryption desktop comes with a recovery disk that could be used to repair the MBR.



  • 3.  RE: Lost MBR while cloning the hard disk

    Posted Jul 19, 2015 12:26 PM

    Hello R_fernandes,

    I've been told that the version used is V4.0.1, but when I looked inanother machine (C\programFiles\PGP Corporation\PGP Desktop\ReleaseNotes), I see the version is PGP Desktop version 10.1. is there a way to find out which is actual version?

    I have a new machine with PGP 10.1 installed and I need to fix MBR error on another hard disk which was encrypted and while cloning I lost the MBR. Could you please write step by step intructions how to create recovery disk. I've windows 7 professional in both the machines. At this time ny target is to get the data back without attempting decrypting as the password went with person who installed PGP in older machine and he is no more. Can I connect the correupted hard disk as a USB drive and run the recovery disk?

    I really appreciate and thank you, your help in recovering my precious data.



  • 4.  RE: Lost MBR while cloning the hard disk

    Posted Jul 19, 2015 01:00 PM

    James01

    You could tell the version of the software if you are able to launch PGP desktop. Click Help and then about.

    If the release notes are of the same setup file that was used to install PGP desktop and no upgrade was done then the version will be 10.1

    10.1 is a very old version. the latest version is 10.3.2 MP 9

     

    Yes, you can slave the disk to another computer as USB. However tyhe other computer must have PGP 10.1 or higher installed. 

    Once this is done you can use the PGP command list to find out how many users were enrolled on this disk. 

    If PGP desktop is unmanaged on the affected hard drive (i.e. not reporting to a PGP server which is usually when you have more than 100 users using PGP desktop in your environment), then there are only 2 options to decrypt the disk.

    1. Find out how many users where enrolled on the disk by using the --list-user command.

    If any other user besides the forgotten user is listed, try using their password to decrypt the disk next with --decrypt.

    Command list:
    https://support.symantec.com/en_US/article.DOC3604.html

    You can also create a recovery disk to decrypt the disk. However, again, 

    if standalone/unmanaged then you will need the users password to start decryption

     

    Recovery disk images:

    http://www.symantec.com/docs/TECH152604

    .. use 10.1.1 if you are going to attempt with recovery CD.

     

    I would suggest slaving the disk as USB over using the recovery disk as decryption with the recovery disc could take days whereas with USB would be done in less than a day (depending on the disk size and other factors)

     

    As of now from what i uderstand is this looks like a standalone install with 10.1 and the user who is enrolled on this PC is not reachable so we cannot get the passphrase. Our best shot would be to check if there are any other users enrolled and then see if we could get thier password to decrypt the disk.

     

    If the laptop happens to be managed by a PGP server then there is lot more of a chance to recovery the disk. In a managed environment, the PC checks in with the PGP server and gives is encrypted to multiple recovery options like WDE Admin, Local Self Recovery, WDRT token.

     

    Starting with 10.3.2 standalone version of PGP, users now are prompted with a WDRT token to note and keep in case the password was lost. 

     

    *Note:

    Do not use the FixMBR command until you are certain you have checked all possible steps. Fixing the MBR would attempt fixing PGP's MBR if curropted and would not help. 

     

    Question:

    Are we certain this laptop/PC is not managed by a PGP server ? If there is a PGP Universal server, your IT Administrator will be aware of it.  

    There is a PGP stamp entry in registry which is responsible for client server communication. To check this go to Start>Run>Regedit. PGPSTAMP can be found in the following container:

    32 bit machines: HKEY_LOCAL_MACHINE\Software\PGP Corporation\PGP
    64 bit machines: HKEY_LOCAL_MACHINE\Software\Wow6432Node\PGP

    • PGPSTAMP should look similar to this with ovid= pointing to your PGP server:

    ovid=keys.yourdomain.com&mail=*&admin=1

    if it equals Default then its a standalone client.

     

    Other helpful Article:

    http://www.symantec.com/docs/TECH149679

     



  • 5.  RE: Lost MBR while cloning the hard disk

    Posted Jul 20, 2015 12:56 PM

    Hello R_fernandes,

    Thanks for wonderful information.

    When I launch PGP Desktop, in the Help tab, I see Encrypt and Decrypt, there is no About. But as I wrote previously documentation shows it is 10.1

    I should have been more clear in what I was asking for. The old hard drive belongs to me, so I have the passphrase with me, only thing that I ( nor our IT guy who joined recently) do not have is password to Decrypt. Our IT dept installs basic configuration to any new laptop from a Image created by former IT guy who is no longer with us and Decrypt password was with him.

    Now, the new laptop that I have has the same PGP version as on the older corrupted hard drive. I am wondering if with the recovery disk is it possible to fix MBR somehow and copy the data from old hard drive connected as slave USB to working laptop with same PGP version.  I do not want to Decrypt the hard disk unless it is necessary, my target is just to recover the data from the hard disk.

    I checked in the Registry for my Win 7, 64 bit system it is in the format

    ovid=keys.yourdomain.com&mail=*&admin=1

     

    Let me know if this information helps you to help me!

    Thanks Again.

     

    James



  • 6.  RE: Lost MBR while cloning the hard disk

    Posted Jul 20, 2015 01:17 PM

    Hello R_fernandes,

    The version installed is 10.1.2, build 9, PGP SDK 4.0.1 and the License Type is Enterprise Complete Edtion. The older hard drive belong to me so I know the passpharse. Also, now I have new laptop where I checked the version from, I would like to connect to this laptop the older corrupted hard drive as USB.

    I am not interested in decrypting the hard disk, my target is to just fix MBR is possible somehow and recover the data from it.

    Our new IT guy configures the new laptop from a image created by another IT Administrator who is no longer alive and password went with him.

    Also, I checked the registry in my Windows 7 64 bit laptop, the key is in the format

    ovid=keys.yourdomain.com&mail=*&admin=1.

    With the recovery disk is it possible to fix the hard disk somehow and recover the data without attempting to decrypt it.

    Let me know if you need more information to help me rescuing!


    Thanks for detailed reply.

    James