Hi All, We are currently upgrading our environment from WinXP to Windows 7 x64. We have a mix of laptops and desktops and of which the laptops use the McAfee EEPC encryption. We are starting the TS while in Windows XP using RAP right now for testing. The problem that we're having with the laptop in-place upgrade is that right after the laptop reboots and tries to load WinPE, we get "Missing Operating System" error, which is because the encryption of the drive. This does not happen on desktops or laptops that we decrypt first. We have opened a case with McAfee and they have provided us with this fix to try: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23237/en_US/McAfeeEE5x_WindowsOSRefres_v1_1.pdf In their example they're using MDT Task Sequence, but we are using SCCM to deploy. I noticed in their guide that they have a step between "Apply Windows PE" and "Restart Computer". However, in SCCM there is only 1 step that does both of those actions. Looking at MDT, the Apply WinPE step uses the script LTIApply.wsf. Is it possible to make a separate step for Apply WinPE in a SCCM Task Sequence that uses the script from MDT? I would have to modify it I assume to use our boot image rather than the MDT default. Anyone else familiar with McAfee EEPC and have any other work arounds without decrypting the drives first? Thanks.

The Apply WindowsPE and restart computer steps from MDT are both handled by the Restart Computer step in SCCM (it will figure out if winPE needs to be staged on the HD, which is initially the same as "Apply WindowsPE" does. I have not worked with McAffe, but from the guide, it looks like all you need to do, is modify your boot image (the boot.wim, not boot.ID.wim), and then add the steps described.. first four as the last steps of "Capture files and settings" no five "store safeboot MBR" just before "apply operating system", no six and seven just before "setup operating syetem/Setup windows and configmgr", and the last one as the last step in your TS! Michael Petersen | My blogs: blog.coretech.dk/author/mip/ and SCUG.dk/ | Twitter: @OSDeploy | Linkedin: Michael Petersen

There's a couple options, but I use a vbscript which restores the EPE MBR every 10ms to prevent it from getting overwritten by the Apply WinPE step. Check out http://social.technet.microsoft.com/Forums/en-US/configmgrosd/thread/e0048909-12c0-4c94-a4bd-6b664d946fb1

Thanks for the replies. Would it possible for you to send me your script for this mcb247? My scripting knowledge is very basic. Thanks again.

Mind sharing your script? I'm currently creating a scheduled task that calls a script. My script pings localhost around 20 times (for delay), then start endlessly restoring the MBR. After creating the scheduled task, I immediately run it, then the WinPE/restart step proceeds and I can see the C drive in WinPE. There are other major issues after this part though. Nicholas Jones, MCITP Core Infrastructure Consultant | Sparkhound https://www.mcpvirtualbusinesscard.com/VBCServer/nicholas.jones/profile

Greetings, I just came across your question on running an OSD with SCCM on machines that are encrypted with Endpoint. I am having the very same problem and as much as I am trying to follow the instructions that McAfee provided in their technical paper on this subject, but I still can't get my test machines transitioned from XP to Win7. If you have found a method that allowed you to successfully run the TS, I would love to hear about it.

I have figured out a reliable way to do this, with no scripting required. It should also be supported, which is a plus. Before the Apply WinPE step, create a shutdown script local group policy. This will allow you to execute the MBR restore step after WinPE has been applied, but before the final reboot.Nicholas Jones, MCITP | Core Infrastructure Consultant | Sparkhound | https://www.mcpvirtualbusinesscard.com/VBCServer/nicholas.jones/profile