Boot to Windows 7 from inside PE

[rhager68]

Really strange question but I have scoured the web looking for an answer and found nothing. Here's my situation:

I have a regular client PC running Windows 7 Pro. It mainly handles nightly database backup and storage duties for a small office environment. No biggie. It mostly just sits around waiting to run scheduled tasks. However, the entire hard drive is encrypted with TrueCrypt, so there is a startup password when you first turn the PC on before it even lets you get to the Windows boot screen. My problem is, this PC runs in a small, remote office where the users can be gone for days at a time. If the office experiences a power outtage, the PC naturally reboots. But, instead of booting back to the Windows login screen, it hits the TrueCrypt password screen and will just sit there until the proper phrase is given. If nobody knows to reset this PC or boot past the trueCrypt screen then the aforementioned tasks cannot run.

So...

What I was thinking about doing was creating a Windows PE USB thumb drive or boot disk and insert it into the PC. I could adjust the boot priority in the BIOS to hit the thumb drive or cd-rom first which would boot into the PE environment. From there I could have a script or utility which will alert someone that the PC has rebooted and that they need to get the machine past the TrueCrypt screen. This could be an automated e-mail message to a flashing screen/siren alert. Once someone is in front of that keyboard in the PE environment they could click a button that would that would drop out of PE and go directly to the boot sector on the hard drive which would then prompt them with the TrueCrypt password.

I know that you can shutdown and reboot a PC from within PE but it turns control over to the BIOS which selects the first available boot media which would be the USB drive or CD and that would be a viscious cycle. I want to be able to jump directly into Windows 7 from my script in PE but I'm not even sure if this is possible in PE. I've seen Linux bootdisks do this but not sure about PE. Any help, ideas, thoughts or criticisms welcome.

[jaclaz]

What I was thinking about doing was creating a Windows PE USB thumb drive or boot disk and insert it into the PC. I could adjust the boot priority in the BIOS to hit the thumb drive or cd-rom first which would boot into the PE environment. From there I could have a script or utility which will alert someone that the PC has rebooted and that they need to get the machine past the TrueCrypt screen. This could be an automated e-mail message to a flashing screen/siren alert. Once someone is in front of that keyboard in the PE environment they could click a button that would that would drop out of PE and go directly to the boot sector on the hard drive which would then prompt them with the TrueCrypt password.

I know that you can shutdown and reboot a PC from within PE but it turns control over to the BIOS which selects the first available boot media which would be the USB drive or CD and that would be a viscious cycle. I want to be able to jump directly into Windows 7 from my script in PE but I'm not even sure if this is possible in PE. I've seen Linux bootdisks do this but not sure about PE. Any help, ideas, thoughts or criticisms welcome.

Not possible the way you devised it.

Most logical would be to remove the pre-boot authentication, but since you might have some reasons for it (though it doesn't make much sense if you can allow a non-boot-from-first-hard-disk-only like the proposed CD or USB stick ).

What you can do is to have a USB stick (or a CD, but this would make things a tadbit more complex) with grub4dos and have it "set" next boot instance (and "reset" the counter from the booted Truecrypted OS install).

A similar (though relating not to EXACTLY the same problem/issue) approach has been explained here:

http://reboot.pro/16283/

http://reboot.pro/16283/page__st__10

jaclaz

[rhager68]

Yeah, I was afraid of that. Unfortunately, the TrueCrypt setup is dictated through a company policy or that would have been the first thing I changed. Thank you for the reply.

[allen2]

You could try to setup something like this: virtualize the current windows 7, then install on the physical computer an hypervisor (like a vmware esxi ). This way when the power is back online the hypervisor will restart and you should be able to remote control the VM and enter the truecrypt passphrase at boot.

[jaclaz]

Yeah, I was afraid of that. Unfortunately, the TrueCrypt setup is dictated through a company policy or that would have been the first thing I changed. Thank you for the reply.

Well, no.

A policy may prescribe the use of cryptography, but I doubt that indicates "Truecrypt" and specifically "Truecrypt pre-boot authentication".

In any case if you allow booting from an "external device/media" the machine you are effectively undermine the "spirit" of *any* policy that requires cryptography and/or authenticated access.

Personally I would rather have a (theoretically less secure) grub4dos password protected setup and a "normal" (without pre-boot authentication) crypted volume then allowing booting from external media.

jaclaz

[IcemanND]

How old/new is the machine? Able to replace it with new hardware that has the current Intel AMT technology in it? It allows connecting to the machine remotely and watching the entire boot process from the BIOS to windows.