Safeboot

Safeboot or its successor End-Point Encryption from Mcafee is widely used in corporate businesses. Therefore I will add this software to my wiki just in case anybody is looking for automation in Safeboot. I have worked with both Endpoint Encryption as safeboot and it is a very good program but can be cumbersome when you make a tiny mistake.
To automate things you can write some batchfiles like e.g. when you want to add a specific group to a number of computers in a particular group. Here I will describe how to make this batch file

When you need a list of computers from a particular group you will use the following command:

D:\SafeBoot\SBAdmin\sbadmcl -adminuser:user@companyxyz.com -adminpwd:"passw0rd" -command:DumpMachinesByGroup -Group:GroupNameInSafeboot -File:OutputFileName.txt

Once you have the list of computers you can use these names to add a group to these computers with:
FOR /F %%a IN (list.txt) DO D:\SafeBoot\SBAdmin\sbadmcl -adminuser:user@companyxyz.com -adminpwd:"passw0rd" -command:SetUser -Machine:%%a -Group:GroupNameToAdd -OutputFile:OutPutFileName.txt >> displayOutputFileName.txt

You also want to take into account all the computers that haven't been connected to the network for 365 day or users that are not active
you would run the following scripts to find those computers or users:
D:\SafeBoot\SBAdmin\sbadmcl -adminuser:userswithadminrights -adminpwd:"P@ssw0rd" -command:ShowOldMachines -CheckForSeq:No -Group:* -DaysOld:365 -OutputFile:Machines_not_active_for_365_days.txt >> Complete_run_oldmachines.txt

or Users
D:\SafeBoot\SBAdmin\sbadmcl -adminuser:userwithadminrights -adminpwd:"P@ssw0rd" -command:ShowOldUsers -Group:* -DaysOld:365 -OutputFile:Users_not_active_for_365_days.txt >> Complete_run_oldUsers.txt

Safeboot emergency boot

When You can't get into the laptop you will need to perform an emergency boot. I will describe the steps that you will need to follow:

  1. Reboot the problem machine using SafeTech boot disk
  2. At DOS prompt, type SafeTech and press return
  3. Enter access code (you'll need to have this to be able to boot into the safetech tools
  4. Values from Database
  5. Loading values from a Machine’s database
  6. Ensure the correct machine configuration is on the disk (you need a machine export without the users)
  7. select ‘Proceed’ (caution the selection with the < proceed > is not colored but gray and has <>
  8. >Proceed< - Press Return.
  9. The machine name will be shown in an open window
  10. only the correct machine should be listed!
  11. Wait for this to load, a message “SafeBoot values read from configuration database"
  12. Select “Emergency Boot” menu option
  13. Select “Create Data File”. This will create a small file called sbrepair.dat on the disk
  14. SafeTech will also prompt to write an emergency MBR
  15. Select ‘Proceed’ (caution the selection with the < proceed > is not colored but gray and has <>
  16. >Proceed< - Press Return
  17. “The Emergency Boot MBR written” confirmation is displayed.
  18. Select ‘Previous menu’ option
  19. Exit to MSDOS
  20. Remove boot disk and reboot the machine
  21. The system will prompt for the SafeBoot Emergency Boot disk
  22. With the disk inserted press a key
  23. proceed with a normal boot
  24. Sync the safeboot from within Windows to make sure it will update it's database and you could normal boot the laptop

Error's on your laptops

You could receive the following error when you try to synchronize the laptop with the safeboot server:

DB010002 Unable to change the object's access mode

This error when you try to move the machine or delete it will keep popping up. The only resolution that I came across is to restart the safeboot communication server service on the safeboot database server. Then restart the Safeboot console on the server, just end the session and start a fresh session. Then reboot the troubled machine. After that you should be able to communicate with the central safeboot server again. This error occurs when the safeboot server thinks that the object is being held by another administrator. When you are sure this is not the case then restart the service.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License