Hello!
I thought this could be the place from where I could find solutions for my one small problem ) Tried to search forums but didn't find anything relative for this one.. Other threads about Pointsec didn't tell me.
So here we go;
We did order three "kind-of" mini-laptops for our job. (Though they would send us those normal 300$ asus eeepc's, only requirement I did say for them was "small and lightweight, for updating services via browser. Nothing more needed.)
Very soon found out that they sent us 3 x 12" HP 2540p and we were like "whoa this is quite more than we asked"… After small investigation, decided those laptops are just awesome… 9 hours battery, integrated 3G modem, core2duo inside, 160gb SSD… all packed to that tiny 12" case…
Mm.. lots of reasons to use it on freetime aswell D
And here comes the problem, IT desk sends every computer with those corporate software, Windows XP + Pointsec encryption. Default.
We though we could shrink the size of that partition where the XP's installed, then install second OS for that free space gathered..
XP is old and with out IT desk's own syncro programs etc it is goddamn slow, that's the reason for another OS.
Need that XP partition still for doing work, but on the freetime it would be awesome to boot to the Win7 or something similar with full admin rights and nothing stuff from our IT desk installed, which - of course - must be installed by ourselves.
Tried to shrink the partition on SSD, no success. With encrypted SSD, no programs of course couldn't even read the disk.
Then tried logging in to Pointsec (we do ofc have the password for normal "user" in Pointsec), from XP side installed first Norton Ghost, though it would do the trick when the SSD is already decrypted by logging in to Pointsec -> Clone disk with Ghost -> Should be decrypted copy also if done that way? -> Clean up SSD and restore copy from external USB drive -> Decrypted system? Then just reboot with XP installation disk and fix MBR.
Well.. it didn't go as well as we though and we had to send one laptop back to IT-desk for reinstalling ( "Operating system not found" even after fixing MBR.
IT desk did gave us fully permissions and said they got nothing against it if it just works and we can do our jobs afterwards also 😉
They did even give us temporary admin rights for that XP which is installed, but, told us they got no way to remove Pointsec in normal IT desk side. Said it is ready in their image file and will be installed always. For Pointsec admin password they said using smart cards for security reasons and couldn't therefore send us the password for it.
IT desk is located as typically to other side of this damn country so they weren't quite interested about getting in here and putting their nice smart card to our laptops ) After long phone call they did gave us permissions trying to clone SSD, also said we're free to try cracking pointsec but even I do know it's not quite possible. But anyhow, fully permissions to play with anything we can do, IF we just can do work afterwards also.
Tried also clone SSD to external HDD with MBR and making external disk bootable. Then connected it via usb and tried booting, but resulting with "windows could not start because of a computer disk hardware configuration problem."
Long story short, what we do have is
- Administrator rights for installed WinXP
- User rights and login for Pointsec
- Lots of time
What we need
- Get rid of the Pointsec and leave fully working WinXP to SSD
- Shrink the partition and install another OS for dualbooting.
- With any possible way. If there is any simple cloning solution which does not require removing pointsec or so, it would be even better.
Thanks )
Can you not wipe the harddrive and then create the 2nd partition. Install the xp image and then windows 7?
Ive never used Pointsec so dont know if it would encrypt both partitions.
Do you want Pointsec completely removed from the laptop?
Can you not wipe the harddrive and then create the 2nd partition. Install the xp image and then windows 7?
Ive never used Pointsec so dont know if it would encrypt both partitions.
Do you want Pointsec completely removed from the laptop?
You mean install the XP image from where? We do not have same installation medias than our ITdesk have.
All I do have is that clone of decrypted partition made with Norton Ghost, and resuming that results "Error loading operating system" message when booting (
Ofc have Win7, XP, installation medias on my own but doing fresh install (even if with WinXP) results losing all programs needed for doing jobs. All else would go but losing the VPN client means (and it's settings) would permanently erase possibilities for doing work with that laptop.. (no VPN = no connection to workplace's servers = no access to jobfiles and therefore no working ( )
I think removing pointsec entirely would be the only way. Because as long as pointsec exists on that machine, I cannot modify the partitions which means I can't make space for another OS.
Pointsec is probably doing what its meant to do which is protect your data so getting the admin password to remove it is going to be paramount i would have thought.
What did you use to try and shrink the partition with?
I use GParted to edit/create my partitions
And here comes the problem, IT desk sends every computer with those corporate software, Windows XP + Pointsec encryption. Default.
Is that a problem? You don't say who 'we' are, so I assume this is a corporate environment, in which case the pre-installed software probably follows corporate policy for laptops.
In that case, better get on-line with your IT manager, and explain your problem. As far as I know, you need PointSec administrator rights to shrink partitions … if it is even possible. And PointSec admin rights are the crown jewels. If you don't have 'em, you don't get 'em without some kind of revolution.
Well.. it didn't go as well as we though and we had to send one laptop back to IT-desk for reinstalling ( "Operating system not found" even after fixing MBR.
Well, yes … MBR on PointSec systems is PointSec specific … you don't mess with it. The whole idea is that it shouldn't be messable – it's a security product.
What we need
- Get rid of the Pointsec and leave fully working WinXP to SSD
- Shrink the partition and install another OS for dualbooting.
- With any possible way. If there is any simple cloning solution which does not require removing pointsec or so, it would be even better.
Uninstalling PointSec is a job for your PointSec manager. Reinstalling it with a smaller partition, too. Don't expect magic here – PointSec is intended to protect the hard drive.
If you don't want PointSec, best idea is probably to reinstall from scratch.
Just make sure you are staying within corporate policy. If that policy says 'laptops must be encrypted' (many do) you'll may get your hand cut off for violating it. Installing Windows 7 may also be such a violation. In the more militant organizations, it may even be a hanging matter.
If you don't know what your policies are, call your IT manager, and have a chat. He/she knows, and will also know about exemption possibilities etc.
Well yes, I do know that Pointsec is kind of.. unbreakable )
The default pre-installs are not "the problem", the problem is that we were planning to use these inside the corporation for doing work, and outside for doing own business in freetime. Hence - dualboot, but seems it is not possible.
"We" stands for me and my friend in here who's trying to get same result for his 2540p aswell. Both working in same job.
I've been in contact with our IT-desk as I wrote, and their opinion was "OK. Do whatever you want, as long as you can still keep on working with that laptop." and, as I wrote they do have a smart card for Pointsec administration, no password enabled, so I guess it's impossible to remove it that way. Even if we do have permissions for that.
Policies are that every computer which is in use for working has to be encrypted, but IT-desk accepted our own solution for this (Installing own Safeguard afterwards when the drive is splitted.) also checked that installing own OS is not against any rules in here.
The guy from IT-desk said it's all on us if we want to use own OS, if we can work with it and it's secure = fine, if not -> reinstall on IT-desk. (and wait for weeks for getting laptop back) (
Hence the situation is that all policies are checked, no rules or so pretending, they helped us a bit, gave us temporary admin rights for Windows as I said, that was what they were able to do for us. but for Pointsec it was not possibly to have admin rights because they can't "drop" 'em over the corporate network same way as windows permissions.
Mah. Problem solved ) IT-desk gave us their image files for reinstalling WinXP without Pointsec but all the rest corporate software included.
Didn't get pointsec installation medias though, those are for IT-managers only. But trusting in Safeguard )
For pure interest and studying;
I've heard a lot about backdoors included these encrypting softwares for police etc. use (in case police must got an access for files) True, false or cannot be proven?
Any opinions about Check Points Pointsec and Sophos Safeguard, is there differences between?
Our Pointsec is using Blowfish for encryption and my own Safeguard can be configured for either AES-128 or AES-256 algorithm.
Big differences between those two if thinking a situation where the laptop's stolen and data must be protected from unauthorized access?
I'm quite new in this ) but learning… Especially interested about encryption methods and information security overall.