I'm using hardlinking with USMT 4 via SCCM OSD. We have discovered an issue where users are reporting that not all folders are coming back. Specifically, it appears encrypted subfolders do not make it back with loadstate.
Here is my OSDMigrateAdditionalCaptureOptions Variable:
/nocompress /hardlink /uel:60
I tried to look at things like /efs:hardlink, but that tells me /efs:copyraw is already used as a default with USMT 4.0.
I have a few options it appears:
1) Try and find scanstate variables that will help me.
2) Try and find loadstate variables that will help me.
3) Try and decrypt encrypted folders as part of my task sequence.
If anyone has any suggestions for 1 or 2, please let me know.
In regards to 3, I'm not very versed with much usage on EFS, but I learned a ton today. I have the recovery cert in my possession, but it really does no good to me to manually pop it into my user store. Nor does it do any good to try and user
certutil if I don't know where I should be putting it with a batch file.
Essentially, I am looking to have a batch file that:
certutil to place the recovery cert into a system account store to run
cipher /d /i /s:"c"
certutil remove cert
My issues seem that everything I read about EFS has to do with manually popping something into a user store to do recovery. From an enterprise perspective, if I'm re-imaging a whole bunch of machines every night, I should be able to have an ability
to decrypt folders with the key under system context in a batch file. You would think that is possible?
Anyone who has experienced the vanishing encrypted subfolders with hardlinking, please comment!
There is an amazing pack of free network admin tools. click here to download it
Other recent topics
