Issue: Recover encrypted data utility not working in LDMS 9.6

Version 6

    Verified Product Versions

    LANDESK Management Suite 9.6

    Issue

    When following the steps from article How to recover encrypted data in case of a forgotten password in LANDesk Device Control the EncUnlock utility fails and does not open.

     

    encunlock.png

    This issue was caused because the actual utility was moved from the old directory "C:\programs files (x86)" directory to the new one "c:\program files" This is to account for the new 64 bit nature of the console. Unfortunately the code behind the utility is looking for .dll's and certificates that reside in the new location. A TFS has been risen with development to resolve this and this will be resolved in the next version of the product.

     

    Resolution

    The solution now is to run the following script that I have created to workaround the issue. This script will automate the above process and prompt the LANDESK administrator for the .request file that is needed as mentioned in the article: How to recover encrypted data in case of a forgotten password in LANDesk Device Control

     

    As you can see from the script, a backup of the keys folder is created as a precautionary step before running through the application. Then the LIBEAY32.dll files is copied from the shared files directory "C:\program files\landesk\shared files\keys"

    To "C:\program files\landesk\shared files" where the actual unlock utility is located.

     

    Once this is done a symlink is created from the old location to the new one. The idea behind this is that when the old code looks to the old location it will be redirected to the new one and work as designed. Once the file has been created to unencrypt the USB information the files that have been moved and the symlink will be deleted to add a extra layer of security.

     

    Please be aware that this must be run as administrator on the LANDESK core. As this is where all the required files are located.

    Please remove the row number after you copy the scripts to your file.

    If your core server is installed on non-system drive, please change %LDMS_HOME% in line 07 to C:\program files\landesk\shared files.

     

    @ECHO OFF
    
    REM ===Author: LANDESK SUPPORT
    REM ===Verion: 1.01
    
    cd %0\..\
    cd %LDMS_HOME%
    cd..
    copy "ldclient\libeay32.dll" "shared files"
    MD "%systemdrive%\LANDESKbackup\keys"
    copy "%cd%\shared files\keys" "%systemdrive%\LANDESKbackup\keys" /Y
    mklink /D "%PROGRAMFILES(X86)%\LANDESK\shared files\keys" "%cd%\shared files\keys"
    ECHO --------------------------------------------------------------------------------
    
    :START
    set /p requestfile="Enter location of .request file: "
    "%cd%\shared files\EncUnlock.exe" %requestfile%
    ECHO --------------------------------------------------------------------------------
    IF %errorlevel% LSS 0 (GOTO CH) ELSE (GOTO END)
    
    :CH
    choice /C YN /M "Press Y to try again, N to cancel the operation."
    IF %errorlevel% EQU 1 (GOTO START) ELSE (GOTO 2NDEND)
    
    :END
    Del "shared files\libeay32.dll" /Q
    RD "%PROGRAMFILES(X86)%\LANDESK\shared files\keys" /Q
    Echo "The .unlock file has been created here ""%PROGRAMFILES%\LANDESK\shared files""
    pause
    Exit
    
    :2NDEND
    Del "shared files\libeay32.dll" /Q
    RD "%PROGRAMFILES(X86)%\LANDESK\shared files\keys" /Q
    Exit