Quick Note: I am not an authorized distributor of Checkpoint's software. Please don't ask me to send you software that I do not have permission to send. I'm sorry if you lost your installation media, but I'm sure the people at Checkpoint can work something out with you. I will delete comments asking me to send software.
Did you know that you take a computer that is encrypted with Pointsec for PC and boot it to a CD? Maybe you did know that, but finding the documentation that describes how to create the CD is actually more difficult than creating the CD itself. Here I will outline the steps that I used to create a bootable CD that can read the encrypted contents of a hard drive protected by Pointsec.
The procedure that I'm going to describe was written for Pointsec for PC version 6.2. I have verified that it is the same process for Pointsec 6.3.
There is one thing that I need to clear up right away. This is not a way of getting around the encryption on a computer, and it is not evidence that your computer is not being protected by Pointsec. This bootable disk will still require that you enter valid credentials for the hard drive that you are trying to access. In fact, once we've finished creating the CD, we're actually going to boot to the hard drive first, authenticate, and then boot to the CD. This is very valuable as a troubleshooting step when the Pre-Boot Environment is working properly but the operating system is not. A good example I can think of is when a device driver becomes corrupted. You might log into the Pre-Boot Environment, but then Windows blue screens while it is loading. You might normally just image the machine and move on, but this one has some files that your user hasn't backed up. If you don't have one of these boot CDs handy then you would have to use your recovery file to create a boot device and remove the encryption. This takes a while and is a real pain when you just want to recover a couple files. Another item of interest is that since you're going to authenticate to working Pre-Boot Environment, you don't need to use the computers recovery file and you don't need to create a unique CD for each computer that you're going to recover from.
Materials Needed: In order to create a boot disk you will need the following
- 1 working computer running Pointsec for PC. The version running needs to be the same as the version on the computer you are going to recover from.
- 1 Windows XP installation CD
- The latest version of PE Builder, available at http://www.nu2.nu/pebuilder/
- The installation media for the version of Pointsec that you are running.
Download the latest version of PE Builder and install it on a working computer that is running the same version of Pointsec for PC as the machine you're going to recover from. You can accept the defaults for the installation. In the version that I used, it installed itself to c:\pebuilder3110a. If this is different for you, that's fine, just make sure in the next step that you provide the real path not the path that I list. Do not run the program once the installation is complete.
Seriously, don't ask me to distribute Check Point software! People seem to have trouble reading the note at the begining of this post. If you ask in the comments it wont even show up on the blog because I'll reject it. I do not have permission to distribute Check Points software and neither does anyone else who is likely to be reading this blog. So please dont ask me.
Install the Pointsec plugin for PE Builder
Included with your installation media is a folder called Resource Kit, and in that folder you'll find another folder called BartPE Pluginbuilder. Inside that folder you'll find another zip file that needs to be extracted. Extract the zip file to c:\pebuilder3110a\plugin.
When the extraction is complete you should have a folder in c:\pebuilder3110a\plugin called Pointsec. This Pointsec folder should have two subfolders called files and images. Make sure that the directory structure is correct. It is very easy to accidentally extract the zip file and end up with a path like c:\pebuilder3110a\plugin\pointsec\pointsec\files, which is not correct. There should only be one folder called pointsec.
Next you have to copy the Pointsec filder driver to the plugin folder. You will probably have to stop the Pointsec service and the Pointsec Service Start Service because the file you need will be locked. Navigate to c:\windows\system32\drivers and copy the file prot_2k.sys. Navigate to c:\pebuilder3110a\plugin\pointsec\files and paste the prot_2k.sys file.
Create the boot image
Insert your Windows XP installation CD into the CD ROM on your machine. Open PEBuilder, which will give you the option to search for Windows installation files. You may want to skip that step and just type d:\ or whatever your disk drive letter is. Click the plugins button and make sure that the Pointsec for PC Encryption filder driver is included in the list and that it is enabled. Click the close button to go back to the builder screen and then click build to create your ISO image.
Burn to a CD
Burn the ISO to a CD using the software of your choice.
Boot to the CD
It seems counter-intuitive, but the way to boot from the CD is to boot from the hard drive first. Remember, your Pre-Boot Environment must be working properly for this to work. You may need to configure your BIOS to boot to the hard drive and not the CD.
If you're using Windows Integrated Login then you wont have the opportunity to authenticate to the Pre-Boot Environment. You can turn off WIL even if your computer isn't working properly by following these directions.
When you get to the Pre-Boot Environment screen, press CTRL+F10. Nothing visible will happen when you press the key combination, but after you login you will be taken to the Alternate Boot Menu. From here you can instruct Pointsec to boot to the CD that you created. Once the boot process is complete you should be able to read the hard drive and copy files to a network share.