November 17th, 2006, 07:23 PM
pointsec problems - windows xp corrupted
I have a friend with a laptop running pointsec and windows xp pro.
The windows install has become corrupted.
We can log into pointsec normally. However, a few seconds after windows begins to load the system will reboot. This continues no matter what option is chosen from the boot menu (safe mode, last known good.....).
Is it possible to reinstall/repair windows, or simply recover their data?
From what I have been reading it looks like without being given administrator prevliges in pointsec windows cannot be repaired (or the drive accessed).
I thought I would try to boot from a windows CD and reinstall windows. But, the CD boot process starts before I am asked to log into pointsec.
November 17th, 2006, 08:13 PM
My understanding of Pointsec is that it loaded prior to the OS, so you should really be asked to login to it first?................sounds like the corruption might be a bit more serious that you thought?
You might try going into setup and changing the boot sequence to HDD (usually IDE0) then CD/DVD
When you reboot it might just look at the HDD, decide it is unacceptable, but give you the Pointsec login before going to the CD to boot? A bit of a long shot I know, but worth a try?
If that doesn't work then set it back to boot from CD and use a Linux CD to recover your files..............problem is that Pointsec has almost certainly encrypted the data? you may not be able to decrypt it outside of its home territory.
So, I would go for extracting the files, rebuild the system, reload Pointsec then the files? You will need to look at how Pointsec works in more detail though?
November 18th, 2006, 12:58 AM
From the behavior I have been seeing it looks like pointsec has probably encrypted (or modified) the partition table and possibly the MBR.
What I have been reading about pointsec, they have at least three levels of users... "users", "power users", and "administrators".
I am certain my friend only has "user" privileges.
Their corporate help desk refuses to support problems like this, even though the upgrade they pushed caused the problem. Apparently it is their way of teaching the importance of backups.
November 18th, 2006, 11:50 AM
More like their way of going out of business? You load this stuff onto portables..........it should not be needed on your desktops?
Now, your office based user (or remote through VPN) is actually working on systems within the company that are backed up in accordance with the corporate security policy,
When you have someone who is truly mobile, they can only do this when they are connected to the corporate network? It is unrealistic to expect them to make local backups............and if they did, would they be subsequently accessible through Pointsec? if not, you would be saving potentially sensitive data "in plain" on vulnerable media?
This stuff must come on a CD? get hold of that and reinstall it. Set your man up as an administrator..................The CD must be bootable, or there is an obvious security design flaw?.............it needs to run before you boot the OS, so you cannot logically load it from within the OS or it could be interferred with.............typically with "PointsecKilla" by the infamous MR.Tigg3R
Please try my idea of booting with HDD first, CD second.........as I said, you just might get lucky and it will try something else.
At the end of the day you have reformat and reinstall.................
Now, is this computer your friend's, or does it belong to his employer?.....you see, there should be no way that the software can be loaded without at least one user account having administrator rights?
So, as my alternative hypothesis: maybe your friend should go to his IT Department and fess up?
November 18th, 2006, 04:11 PM
Funny, I just assisted to a demo of pointsec this thrusday..!
Pointsec has versions of BartPE boot disk that are preset with the appropriate stuff to boot/read off a pointsec encrypted drive; it should have come with the pointsec install files.
Credit travels up, blame travels down -- The Boss
November 18th, 2006, 04:20 PM
All the employees are issued laptops, I dont think I have seen a desktop in the entire office. Everyone has a loptop but rarely does anyone "go mobile".
All the PCs are owned by the employer.
What I am told is the corporate IT department does not provide any service for data recovery. If you send your PC back to them all they are capable of doing is to re-image the drive. It is entirely the employee's responsibility to successfully perform a backup on an un-encrypted CD. I guess the idea is that the CDs will not leave the office.
Yes, I am sure this stuff comes on CD, as does MS Office, and windows. However, I have never seen a CD for anything in the office. Corporate policy is not to send CDs out.
At the office they have a direct link to the corporate network. In the evening their IT department will at times push updates. I am told that after the last update she came in to work and her pc was doing this.
I tried booting from the HDD first, Windows looks like it is starting normally. Then ooopps.... It reboots. It didnt even touch the CD.
what is pointseckilla? and where do i find it?
January 30th, 2007, 11:56 AM
I have seen a lot of these errors since the Co I work for rolled out Pointsec, to recover I create a pointsec recovery disk remove pointsec and hey presto windows boots with no errors!
I actually have 2 on my desk doing this at the moment
March 27th, 2007, 10:35 PM
My corp has also dictated Pointsec but are not providing any real way to recover your data is you have a system failure. So my question - how do I build a pointsec recovery disk? (Or, what do I need and where can I get it?) -- All the IT folks did was force a push install of pointsec, with no support info. And, when you try to talk to them they just "growl" back. In other words, absolutely no willingness to help. -- Information off of the Pointsec vendor's website (and a couple of other sites) mention creating a recovery disk but again no real details or actual help. I have pulled a copy of the pointsec recovery files off of my system but there has to be some driver loaded (on this recovery disk) to know what to do with them in reference to my hd.
I am guessing this pointsec recovery disk is fd based but can it be put into bartpe as a plugin?
thanks in advance