Feature Request - Recovery Media pause before creating ISO

[dcolpitts]

We use Symantec Encryption Desktop 10.3.x (which is based on PGP) to perform full disk encryption on all our devices. Encryption Desktop can integrate into WinPE and WinRE media (allowing use to authenticated and access the encrypted drive from within WinPE/WinRE) by mounting the WinRE wim, and running PGPPE which installs the necessary drivers and executables into the wim. Further to this, we regularly utilize the Microsoft Diagnostics and Recovery Toolset (DaRT) which is part of the Microsoft Desktop Optimization Pack (MDOP). The DaRT media creator pauses (with a press next to continue button) just prior to compiling the completed wim (but with the wim mounted) to allow integration of 3rd party files, applications, drivers, etc. This makes it very convenient to run PGPPE against the recovery media without having to manually extract the wim from the finished ISO, update the wim, then re-insert it into the ISO.

The Veeam Endpoint Recovery media creation wizard should feature this option - a pause while the wim is mounted prior to actually unmounting the wim and creating the ISO image.

Or better yet - let us slipstream Veeam.EndPoint.Recovery.exe to DaRT similar to what Symantec does with Encryption Desktop.

dcc

[Dima P.]

Hello Dean,
Interesting request – thank you!

allowing use to authenticated and access the encrypted drive from within WinPE/WinRE

Let’s say we let you include the 3rd party software in WinRE recovery media. Why you may need to unlock the volumes? I mean its recovery so either your volume is dead (so there is no need to unlock it) or it’s not dead and there is no need to boot the recovery media.

[dcolpitts]

So lets say I have a 1TB 7200 RPM drive, that is partitioned as 100GB/900GB, with the 100GB partition being my OS and the 900GB partition being my data. Full disk encryption is going to take a day or more to encrypt that drive. If my OS dead and I want to recover it and boot into WinPE, unless WinPE has the encryption software in it and the user can authenticate to the disk then the only option is to restore the entire drive. If the drive uses whole disk encryption, WinPE can't see the individual partitions - all it sees is a raw drive. So if i have to restore my OS partition in the example above, I have to restore everything on both partitions because when I try to restore just the 100GB partition, it is going to overwrite the encrypted drive effectively wiping the 2nd partition too. Then after restoring 1TB of data, I still have to re-encrypt the drive which is going to take another day.

dcc