Clone McAfee encrypted partition to SSD

3

I have a corporate laptop with a slow 5400 rpm C: drive, and I want to clone the drive to an SSD drive to improve performance on the laptop. The plan is to replace the original drive with the new SSD inside the laptop. However the original drive is encrypted using McAfee Endpoint Encryption 6.1. So I need to do a raw partition copy (bit-by-bit) of the encrypted partition(s) for any hope of this to work.

The operating system is Windows 7 Enterprise 64 bit. I have access to the laptop, meaning I can boot inside the Windows 7 OS, log into Windows as a user, and even install software. However I am not capable of decrypting the drive.

These are the stats on the source drive (spinning) and the new target drive (ssd). 

Original Source Drive (spinning 5400 rpm drive):
Physical Size:  300 GB
Partition 1:  100 MB 
Partition 2:  102 GB (encrypted using McAfee)
Empty space:  197 GB


New Target Drive (OCZ Agility 3 SSD):
Physical Size: 240 GB
Empty Space: 240 GB

I tried booting from a recovery CD using Macrium Reflect version 5.0 to do a "Forensic Copy" of the encrypted partition, but the clone failed with no error explanation. The smaller partition 1 worked fine and cloned successfully since the smaller partition 1 is not encrypted, but the encrypted partition did not work. This product support thread said it should work, but I get the message clone failed when I try.

Is there another product which is more likely to be successful at cloning these partitions to the SSD? Is cloning an encrypted partition a bad idea, and should I simply avoid doing this? Has anyone successfully cloned a Win 7 partition which is encrypted with McAfee Endpoint Encryption v6.1?

steampowered

Posted 2012-08-05T16:25:09.323

Reputation: 2 109

Answers

4

I work with thousands of McAfee endpoint encryption computers both Mac and PC. Without having access to the EPO server or the EETech tools or user XML recovery file, you are out of luck. Any modification to the encrypted MBR or PreBoot file system will break the ability for it to boot into the OS. This is intentional. Without the tools, you cannot decrypt it.

If you can still boot into the OS on the encrypted disk, do so. Then move all the data to somewhere else and reformat the drive.

Mr Anon

Posted 2012-08-05T16:25:09.323

Reputation: 56

Ok thanks. It was typical corporate IT not motivated to help someone install an SSD on their corporate laptop. We ended up just bypassing the corporate laptop with a personal one. The corporate laptop sits on the shelf at home with a KVM over IP for remote access. User only uses the corporate laptop when absolutely necessary now by remoting in using the KVM over IP. It's a real shame when laziness causes good hardware to go unused. – steampowered – 2012-08-22T20:14:54.807

3

You can do this without any special tools from IT if the destination Drive (SSD or HD) is the same size or larger than the source drive. Use a utility such as Clonezilla (open source) to do a disk to disk copy. The software doesn't need to decode the decryption, it just copies the entire encrypted partition over, even if you only have like 2gb stored on the source disk, the ENTIRE (say 250gb) partition is copied, which is why the destination can't be smaller.

If the destination is larger than the source you end up with unused space, I've used Samsung's "Magigian" software that comes with their SSD's to resize the partition. In the "overprovisioning" section you will find an option to turn overprovisioning to 0, this will resize the partition to the full size of the SSD. I don't know if this software works on non Samsung drives....

I do this often with McAfee EEPC encrypted computers for SSD upgrades, but the only sticking point is the disk size...

volvo09

Posted 2012-08-05T16:25:09.323

Reputation: 31

1I was told this is risky with encrypted drives because one flipped bit could cause big problems. What do you think? – steampowered – 2015-07-11T03:48:23.877

You can always try it. Assuming you don't modify the source, the worst that can happen is the image on the SSD won't work. – BowlesCR – 2016-01-11T21:53:29.143

2

I agree with dtfrank, this method works (I didn't try any other methods).

My laptop is encrypted with McAfee End point encryption 7, and this is the process I used:

  1. Ensure the new HDD is same size or bigger than the old one (my old one HDD was 320GB, new was 500GB SSD).
  2. Use HDD Raw copy on another PC ([http://hddguru.com/software/HDD-Raw-Copy-Tool/][1])
  3. You obviously need two USB SATA cables to connect both drives
  4. Set power management settings so that power off Hard Drive is set to a long time (9999 or Never) - otherwise it can cause the cloning to fail
  5. Run HDD Raw Copy, select source, destination, and Go! No other options to set, very simple piece of software.

Took a few hours to copy, worked like a charm, booted no problems.

SI_2000

Posted 2012-08-05T16:25:09.323

Reputation: 21

2

This is the official information from McAfee:

Imaging a hard drive that is protected or encrypted with either DE or EEPC is possible but has restrictions.

IMPORTANT:

  • The imaging software must be used in raw mode to copy all the data, including the boot sector.

  • Do not perform any compression because encrypted data cannot be compressed. The resulting image must be the same size as the original drive.

  • The process of making a sector level clone (raw image) of the disk is only advised when performing an emergency recovery.

  • Making a clone of the system for backup or deployment purposes is not supported.

Any raw-data copy software will do it - like the HDDGURU one (the above mentioned) or EaseUS Todo Backup, Roadkil's Raw Copy, ddrescue etc.

Aleksandar Aleksiev

Posted 2012-08-05T16:25:09.323

Reputation: 21

2Quote relevant information. – Ramhound – 2016-11-09T01:06:01.580

3

Welcome to Super User! On this Q&A site we try to provide good answers to questions people post. A part of this is including the answer in your post, instead of simply providing a link to another page that might answer the question. Please edit your answer to include the actual solution to the posted question. Refer to How to reference material written by others for help.

– cascer1 – 2016-11-09T10:41:16.077

1

For anyone else searching as I was, just wanted to post my successful results using Macrium Reflect free to clone a McAffee Endpoint encrypted HDD to a larger SSD using advanced/forensic sector by sector mode (booted into Macrium's PE environment). Target drive was larger, so I just have some extra unallocated space on disk to do with as I choose.

KarmIT

Posted 2012-08-05T16:25:09.323

Reputation: 19

1

After a lot of trial and error, I just finally managed to successfully clone my corporate Windows 10 Enterprise (version 10.0.16299 Build 16299) installation encrypted by McAfee Drive Encryption (version 7.2.4.2) from SanDisk M.2 SSD on Lenovo P50 using Clonezilla Live 2.6.2-15 USB in direct disk-to-disk mode (raw) to a similar, but larger SanDisk M.2 SSD (256->512GB). I believe the key was to disable Windows 10 rapid start, otherwise the subsequent boot after replacing the SSD failed during Windows 10 boot screen. Apparently rapid start causes Windows 10 to load an earlier kernel image from disk which fails in case the disk is cloned to another device.

I answered yes to Clonezilla's question about cloning also the first bytes from the beginning of the disk.

epp

Posted 2012-08-05T16:25:09.323

Reputation: 11

0

After attempting several methods each within different cloning tools, even those suggested above (Clonezilla, Macrium Reflect, etc) with no luck, I finally came across a solution that worked very well, and required no special knowledge at all - HDD Raw Copy Tool 1.1.

To elaborate...

My wife's work laptop was painfully slow, so a couple years ago I cloned her traditional drive to an SSD. By whatever means I did that originally has long escaped my memory, however I did not recall it being a challenge. Thus, I suspect that the IT department later deployed encryption, as now we can see McAfee Drive Encryption Agent 7.1.1.454 running.

She needs to turn the laptop back in, they gave her a new one. But the few hundred dollars we spend on the fast SSD for her was always my intention to pull back out.

I tried what I already knew, EaseUS cloning software. No luck. I read this forum (and others) and attempted the second thing I am familiar with - Clonezilla, which rejected attempts every time. The encryption appears to confuse Clonezilla somehow, and trying as many methods as possible to ensure it was a "raw" or "sector" clone all failed before even making a copy. I attempted Macrium Reflect exactly as KarmiIT did, but no dice for me. I reran that at least 3 times thinking there had to be a glitch. It would attempt to boot, but had Windows' messages indicating missing boot information. I did a lot of reading about running dd from Linux, but it failed shortly after beginning the clone process.

I went back to Google'ing any other phrasing of "Raw clone" or similar that I could come up with, and stumbled across HDD Raw Copy Tool. It is a remarkably simple piece of software - only trick was that I needed to run Windows on another machine, with the work-laptop source SSD and the work-laptop original HDD plugged in as auxiliary storage devices apart from the running OS. Upon plugging those in, Windows did prompt that I needed to format them, as the encrypted partition is not recognizable outside of running on its own as a usable partition. I declined Windows' kind offer to format them, closed and reopened HDD Raw Copy Tool, selected the source SSD, selected the destination HDD, and it was on its way. It seemed too easy after everything else, but sure enough it worked.

FWIW - Upon booting the laptop back up with the original HDD now running the fully up to date content, I did get a couple prompts from MS Office saying that it is not a licensed copy - something we'd seen before when I cloned to the SSD years ago, and her IT department got working for her quickly. Aside from that, everything is solid.

Long story, but hope someone else finds it useful. I'll be keeping HDD Raw Copy Tool in my bag of tricks for future clone projects for sure!

dtfrank

Posted 2012-08-05T16:25:09.323

Reputation: 21

2And this is why you never modify equipment you don't own. – Burgi – 2016-05-02T02:33:34.117

0

The Microsoft Licensing issue is likely due to hardware changes detected as a result of replacing the Hard Drive, as it will have a different hardware ID.

Abraxis

Posted 2012-08-05T16:25:09.323

Reputation: 11

Asked: 2012-08-05T16:25:09.323

Viewed: 11 494 times

Active: 2019-10-02T12:33:37.887