Upload
poncho-davila
View
214
Download
0
Embed Size (px)
Citation preview
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 1 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
GITCS-OSI-055
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Version 2.0
Effective Date: 01-Oct-2007
Purpose: The purpose of this OSI is to describe how to support SafeBoot Mobile Data Security Client Software loaded on a Lilly business notebook/tablet for Zone 1, Zone 2, and Zone 3 local desktop support groups.
Scope: The scope for this document is global Zone 1, Zone 2 and Zone 3 local support teams.
Areas Involved: Global IT Customer Services
Supersedes/Replaces: GITCS-OSI-055, SafeBoot Mobile Data Security Client Software Version 4.2 and Higher, Version 1.0
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 2 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
TABLE OF CONTENTS 1. INTRODUCTION ............................................................................................................................................. 3
1.1 SCOPE....................................................................................................................................................... 3 1.2 CHANGE CONTROL REQUEST ...................................................................................................................... 3 1.3 REFERENCE DOCUMENTS............................................................................................................................ 3 1.4 DOCUMENTS REFERENCED IN THIS PROCEDURE: .......................................................................................... 3 1.5 ROLES AND RESPONSIBILITIES: .................................................................................................................... 4 1.6 GLOSSARY/ACRONYMS/ABBREVIATIONS: ...................................................................................................... 6
2. USING SAFEBOOT MOBILE DATA SECURITY CLIENT .............................................................................. 7 2.1 CHECKING SAFEBOOT ENCRYPTION STATUS ................................................................................................ 7 2.2 VERIFYING SYNCHRONIZATION WITH SAFEBOOT SERVER............................................................................... 8
3. TIER 2 – LOCAL SUPPORT USER TOOLS................................................................................................... 9 3.1 RECOVERING A COMPUTER WITH UNKNOWN SAFEBOOT CREDENTIALS (BOOT ONCE)...................................... 9 3.2 PERMANENTLY REMOVING SAFEBOOT AND DECRYPTING A BUSINESS COMPUTER (BOOTABLE FUNCTIONING MACHINE) ........................................................................................................................................................... 18 3.3 RECOVERING DATA FROM A FAILED OR NON-BOOTABLE HARD DRIVE (WITHOUT DECRYPTING)........................ 19 3.4 BIND USER TOOL...................................................................................................................................... 22
4. TRAINING ..................................................................................................................................................... 23
REVISION HISTORY: .......................................................................................................................................... 24
PROCEDURE APPROVAL SIGNATURES:......................................................................................................... 24
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 3 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
1. INTRODUCTION
1.1 Scope The purpose of this document is to describe how to support SafeBoot Mobile Data Security Client software on a Lilly business notebook/tablet for Zone 1, Zone 2, and Zone 3 local desktop support groups.
1.2 Change Control Request Problems with the content of this Operational Support Instructions (OSI) document will be documented with a Change Request and resolved in a subsequent version of the document.
1.3 Reference Documents Refer to the GITCS Master Document List System located on the GITCS website for the latest version of this document. The GITCS Quality Integrator maintains the Master Document List Systems.
1.4 Documents Referenced in this Procedure: Document Name Location
GITCS-OSI-052 SafeBoot Mobile Data Security Administration GITCS Master Document List System
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 4 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
1.5 Roles and Responsibilities: Role Responsibility
Enterprise Administrator
Highest Administrative Authority for the SafeBoot Administrative Environment. The Enterprise Administrator is the system owner.
1. Server Architecture/Design/Administration a. Architecture and design implementation b. Administer the SafeBoot Database c. Administer the SafeBoot Server(s)
2. Policy Design and Maintenance a. Globally administer user and machine groups policies b. Create and apply changes to policies for users and machine groups
3. User Management a. Globally create/delete/rename user accounts b. Globally administer users in support groups
4. Machine Management a. Globally create/delete/rename machine accounts
5. Group Management a. Globally create/delete/rename user groups b. Globally create/delete/rename machine groups
6. AD Synchronization Management a. Globally maintain Active Directory Connector objects.
7. Password/token resets a. Perform WebRecovery Password Resets b. Perform Administrative Password Resets
8. Perform Recovery Operations a. Perform WebRecovery Machine Recoveries/unlocks b. Perform Administrative Machine Recoveries/unlocks c. Perform Administrative SafeBoot decryption and SafeBoot
uninstallation d. Distribute daily SafeTech access codes to Regional Administrators,
as needed.
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 5 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Regional Administrator
The Regional Administrator (one per EIS IT Zone) administers all users and machines for the respective Zone. Scope is machine groups and user groups in the respective Zone only.
1. Server Management a. Check status of SafeBoot Server b. Restart SafeBoot Server
2. User Management a. Globally create/delete/rename user accounts b. Globally administer users in support groups
3. Machine Management a. Globally create/delete/rename machine accounts
4. Password/token resets a. Perform WebRecovery Password Resets b. Perform Administrative Password Resets
5. Perform Recovery Operations a. Perform WebRecovery Machine Recoveries/unlocks b. Perform Administrative Machine Recoveries/unlocks c. Perform Administrative SafeBoot decryption and uninstallations d. Distribute daily SafeTech access codes to Local Support User on an
as needed basis.
Regional Support User – Tier 1/Remote Tier2
Regional Support encompasses the typical Tier 1/Help Desk function, and possesses the responsibility to perform password/token resets for users in their respective Zone. The Regional Support role also possesses the responsibility to unlock machines for machines in their respective Zone. It embodies the capabilities of a technician doing remote Tier 2 support (remote control of the PC with the business partner on the telephone).
It is not expected that SafeBoot will create any significant increase in incidents to be resolved, but resolution times will increase due to the challenge/response nature of the account management tools.
1. Perform WebRecovery Password Resets and Account Unlocks 2. Provide Boot Once assistance to Local Support Users as needed
Local Support User – On-site Tier 2
Local Support User role exists to allow a small number of Tier 2 technicians the ability to provide valid SafeBoot preboot credentials to a SafeBoot user’s machine within the specific locality. This role has no administrative authority in the server environment. Scope of the role is machines assigned to groups for their respective affiliate location. Such technicians are presumed to have Windows-based Administrator rights to perform the needed modifications to the computer. Disaster recovery incident resolution times will increase due to the need to decrypt the information on the computer to perform some recovery efforts.
1. Perform Disaster Recovery Operations using SafeBoot tools (WinTech & SafeTech) provided by the vendor
2. Performing Boot Once Procedure as needed 3. Reinstall SafeBoot Data Encryption on notebooks during break/fix activities
End User Client end user. No administrative authority in the server environment.
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 6 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
1.6 Glossary/Acronyms/Abbreviations: Acronym Description
BET Business Event Training (Course Number)
GITCS Global IT Customer Services
OSI Operational Support Instructions
IVI Installation Verification Instructions
MBR Master Boot Record
T1 Tier 1
T2 Tier 2
CR Change Request
TT Trouble Ticket
HDD Hard Disk Drive
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 7 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
2. USING SAFEBOOT MOBILE DATA SECURITY CLIENT
2.1 Checking SafeBoot Encryption Status To check the status of SafeBoot encryption or connection to the SafeBoot server, follow the steps below. You would want to do this to verify encryption is completed
Step # Action Expected Result
1 Right click on SafeBoot icon in system tray Menu Appears
2 Select “Show Status” from menu (NOTE: Do not double click or SafeBoot screen saver will activate.)
SafeBoot Status Window appears
3 Verify Encryption status in bottom right corner of window
Encryption status will be:
• Blue: In Progress
• Red: None
• Green: Encrypted
4 Click “Close” button SafeBoot Status Windows closes
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 8 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
2.2 Verifying Synchronization with SafeBoot Server To verify synchronization with the SafeBoot server, follow the steps below. You would want to do this to verify end user(s) are added or updates are received. Synchronization is on a 1-3 minute delay, so it will not start immediately when user logs into PC.
Step # Action Expected Result
1 Right click on SafeBoot icon in system tray Menu Appears
2 Select “Show Status” from menu (NOTE: Do not double click or SafeBoot screen saver will activate.)
SafeBoot Status Window appears
3 Verify that ”Finish Synchronization” appears in Activity Log area of windows
For example last line should read: 12/05/2006 17:29:30 finished synchronization
4 Scroll up in windows to see what updates were performed (i.e. added end user, updating token, updating database, etc.)
All updates will appear in activity log
5 Click “Close” SafeBoot Status Window closes
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 9 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
3. TIER 2 – LOCAL SUPPORT USER TOOLS
The tools in this section are to be used by the Local Support Users in troubleshooting business computer problem(s) with an encrypted SafeBoot business computer.
IMPORTANT: Use of these tools may cause permanent loss of data. There is no guarantee that data can be recovered from a failed hard drive or operating system. The best and easiest practice is to ensure all end users are performing and maintaining frequent secure backups of their data. If a hard drive is damaged or is not bootable, the hard drive should be replaced or formatted and a new eBuild applied with the back up data.
If you have any questions about this tool, please contact the Enterprise or Regional SafeBoot Administrator prior to using these tools.
3.1 Recovering a Computer with Unknown SafeBoot Credentials (Boot Once) This option is used in case the user name is forgotten or the end user or technician is not assigned to the business computer and the business computer is in the pre boot environment. In this instance you will need to initiate a process to boot the business computer into Windows. An example of an instance to use this process would be when a new Local Support User needs to log onto a business computer that has not been synchronized for an extended period of time, thus the new support user does not have valid credentials on the machine.
NOTE: This process should never be used with an End User.
Step # Action Expected Result
1 Navigate to the SafeBoot Web Helpdesk website for your zone.
• Z1 - IC1encrprd01: https://40.1.234.72 • Z2 - YO2VMENCSVR01: https://40.205.6.78 • Z3 - sg3sboot01: https://40.191.33.58
NOTE: Use of fully qualified domain name (am.lilly.com) will cause the website to lock during a reset. Recommendation: use IP address.)
SafeBoot Web Helpdesk opens
2 Select “Perform SafeBoot Recovery. Under Helpdesk Operators
SafeBoot Web Helpdesk Recovery page appears. NOTE: If a “4” appears on this screen, it is just an indication that you are using Version 4 of SafeBoot
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 10 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
3 Select “PC/Laptop/User Recovery”
Web Helpdesk Logon page appears
4 Login using your SafeBoot credentials.
Web Helpdesk User Challenge screen appears
5 Have Local Support User (Tier 2 Tech) boot computer to the SafeBoot Login Screen. Instruct them to leave the User Name and SafeBoot Password fields blank and then click on “Options.”
SafeBoot Options screen appears.
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 11 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
6 Have Local Support User (Tier 2 Tech) click on “Recover.”
The Local Support User (Tier 2 Tech) will be presented with a 16 digit key on their screen.
7 Have Local Support User (Tier 2 Tech) read this 16 digit “User Code” from their screen to you.
User code is read and verified
8 On the Web Helpdesk User Challenge screen, enter the end user’s code in the “Challenge (from end user’s screen)” space. Select the “Boot Machine Once” option. Click Next.”
You will be presented with the Web Helpdesk User Recovery Response screen.
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 12 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
9 From the Web Helpdesk User Recovery Response screen, read Line 1 of the recovery code (this will be a 17 digit code) to the end user. Instruct the End User to click “Next” on their screen.
Local Support User (Tier 2 Tech) will receive a screen with a blank Recovery Code.
10 User enters code and verifies code back Code is verified
11 Click on Enter Challenge line at top of screen. You will be taken back to the User Challenge screen.
12 Instruct Local Support user to click on Next.
The Local Support User will see a message on their screen that says, “SafeBoot is now ready to recover your machine. To proceed, click Finish.”
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 13 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
13 Instruct them to Click Finish
Local Support User (Tier 2 Tech) receives a message that says, “Recovery completed successfully.”
14 Instruct them to Click OK
Local Support User (Tier 2 Tech) will receive a message that the business computer will “Boot Once.” Business computer will restart, windows will load and Local Support User (Tier 2 Tech) will be presented with a SafeBoot login prompt that will look different than the normal prompt.
15 Have Local Support User (Tier 2 Tech) click Recover on the SafeBoot Login in prompt.
They will receive a screen with another 16 digit User Code.
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 14 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
16 Have the Local Support User (Tier 2 Tech) read the 16 digit “User Code” from the screen to you. Enter the 16 digit Code into the Challenge box, verify the code, Select the “Cancel Screen Saver” option and click on Next.
User Code is read and verified.
17 Instruct the Local Support User (Tier 2 Tech) to click on Next on their screen.
Local Support User (Tier 2 Tech) will receive a screen with a blank Recovery Code.
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 15 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
18 Read the Recovery Code Line 1 to the Local Support User (Tier 2 Tech) who will enter it into the Recovery Code field.
Code is verified and entered
19 Instruct the Local Support User (Tier 2 Tech) to click Next
Local Support User will see a message on their screen that says, “SafeBoot is now ready to recover the business computer. To proceed, click Finish.”
20 Have the Local Support User (Tier 2 Tech) click Finish
A message appears on Local Support User (Tier 2 Tech) screen that says, “Recovery completed successfully.”
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 16 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
21 Have Local Support User (Tier 2 Tech) to Click OK
Local Support User (Tier 2 Tech) will be prompted with the iPass logon.
22 NOTE: If the Local Support User (Tier 2 Tech) is not connected to the Lilly network, they will need to connect via Ethernet or make a connection via iPASS at this point. To bring valid credentials down to the business computer it must connect with the SafeBoot server. If you are only trying to access the business computer to retrieve data you do not need to be connected to the network.
If Then Result
If already connected via Ethernet to the Lilly network (i.e. at an affiliate)
Click No to iPASS prompt. Local Support User (Tier 2 Tech) will be prompted with the Security Authentication screen
If working remotely and in location where they can make an iPASS connection
Click on Yes to make an iPASS connection to Lilly
Local Support User (Tier 2 Tech) will be prompted to login into iPASS and enter iPASS information and presented with the Security Authorization screen.
If unable to connect to the Lilly network or just needing to access business computer to move data
Click No to iPASS prompt. Local Support User (Tier 2 Tech) will be prompted with the Security Authentication screen
23 Click OK to the Security Authorization screen Windows Logon screen appears
24 Have Local Support User (Tier 2 Tech) enter valid Windows logon credentials to logon the business computer (if they are not connected to the network, these credentials will need to be cached on machine or they will not be able to log in.)
Windows will load. Connection to SafeBoot server is made, if connected to network, and valid credentials are added.
25 Have Local Support User (Tier 2 Tech) open the SafeBoot status icon and verify SafeBoot synchronization occurred in Activity Log
Local Support User credentials are verified in activity log.
26 Have Local Support User (Tier 2 Tech) restart business computer
Local Support User (Tier 2 Tech) will be prompted with the normal login prompt for SafeBoot
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 17 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
27 Have Local Support User login to SafeBoot with valid SafeBoot credentials
Local Support User will be prompted for Windows credentials and Windows desktop will appear
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 18 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
3.2 Permanently Removing SafeBoot and Decrypting a Business Computer (Bootable Functioning Machine) The following procedure is used to remove SafeBoot, decrypt the drive and remove all SafeBoot files from Windows and the Windows Registry, from the business computer that is functioning properly. To remove and decrypt a non-bootable machine, see Section 3.3.
Step # Action Expected Result
1 Local Support User submits a TT to Regional SafeBoot Administrator to have SafeBoot removed and business computer decrypted using.
Regional SafeBoot Administrator initiates removal and decryption via GITCS-OSI-052 SafeBoot Mobile Data Security Administration
2 Regional SafeBoot Administrator forces a synchronization of the local business computer after initiating removal of SafeBoot or the Local Support User can force the sync from the SafeBoot icon in the system tray
Synchronization will begin and the business computer will begin to decrypt and SafeBoot will be removed (this can take 2-3 hours complete – during this time the computer should be left alone).
3 Business computer will automatically reboot once decryption is complete
SafeBoot is removed from the business computer, from Windows, and from the Windows Registry. The business computer is no longer encrypted.
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 19 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
3.3 Recovering Data from a Failed or Non-bootable Hard Drive (without decrypting). In the event that the Windows operating system, the MBR (Master Boot Record) or the SafeBoot File System is corrupted, the following steps should be taken to access the hard drive and recover the data to a network drive or a removable media device (e.g., USB thumb drive, external hard drive).
NOTE: This procedure only give you the ability to recover data from the drive. It will not allow you to troubleshoot issues or repair any errors. To repair a drive, see section 3.3.
You will need the following items for this process:
• SafeBoot WinTechv5 CD Rom (Modified for SafeBoot)
• CD Rom Drive
• Removable media device or network share access
• Machine configuration file for machine that needs to be recovered (on a removable media device or Network Drive)
Step # Action Expected Result
1 Submit a TT to GLO/Encrypt-Client queue using profile: SB KeyRequest Profile.
Regional Administrator received TT and exports *.sbd file to a secure network location
2 Navigate to the machine configuration file in the location the Regional SafeBoot Administrator exported it to. Cut & Paste this to a removable media device or a secure network location.
Configuration file is copied to appropriate location.
3 Insert SafeBoot WinTechv5 disc into the CD ROM drive of the business computer you need to recover. Also connect the removable media device, if needed, and restart the business computer.
Business computer will boot to the CD and will be booted to a SafeBoot screen and you will be prompted to start Network support.
4 Click Yes to start network support. The Network Profiles window is displayed.
5 Ensure “Dynamic IP Address” is selected and click OK.
Network drivers are loaded and the PE Network Configurator window appears
6 Click on Network Drives button Network Drives window appears
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 20 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
7 Map any network drives that you will need to access during the recovery. (Location of the configuration file or secured area you plan to copy data to.) If you are using only a removable media device, you do not need to map any drives.
To map a drive:
• Select letter to map drive to by selecting drop down arrow
• Enter path (i.e. \\sever\share) • Enter domain and user Name (i.e.
AM\AB1234) • Enter password • Click Map Drive
Repeat these steps for multiple drives you will need to map.
Mapped drives appear in the bottom section of the window
8 After mapping all drives needed, click on the “X” in upper right corner to close the window.
Window closes and PE Network Configurator window appears again
9 Click OK
Settings are applied and specified drives are mapped. PE Network Configurator window disappears.
10 Click on the Yellow GO button in the bottom left corner of the screen and select “Programs”
Menu appears
11
Select “SafeBoot WinTech” from the menu
WinTech dialog appears showing the physical drives available to mount (NOTE: if you have a removable hard drive attached, you will see it in this list also – this hard drive does NOT need to be mounted)
12 Choose the hard drive you wish to mount (usually C: or D:) by highlighting it and clicking on Next. (Repeat steps 11-16 for each drive you need to mount).
You will be prompted to browse to the location of the machine key (this is the machine configuration file provided in Step #1).
13 Click Browse and navigate to the network hard drive you mapped or the removable media device to locate the exported business computer’s configuration file.
*.SBD file is located
14 Highlight file and click on Open WinTech dialog appears with path to business computer’s configuration file.
15 Click Next Select business computer window appears
16 Highlight business computer you are wanting to recover and click Finish
Message appears that the hard drive is now ready
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 21 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
Step # Action Expected Result
17 Click OK SafeBoot WinTech screen appears
18 Click on the Yellow GO button in the bottom left corner of the screen an select Programs
Menu appears
19 Select “A43 File Management Utility” Utility Opens
20
Click on hard drive you mounted on left side of windows
You should see data on right side of window – this data is now available to be recovered. (If no data is revealed on the right side, then the drive did not get mounted. Contact your Regional SafeBoot Administrator for further troubleshooting).
21 Copy data to a network drive or to a removable media device as needed.
Data is recovered.
22 IMPORTANT: MUST DO THIS! Click on Removable media device or shared drive that contains the *.SBD file and delete *.SBD file. Remove all other instances of the SDB file (transfer share, email message etc.) from where the SDB file originated.
*.SBD file is deleted.
23 Close A43 File Management Utility Utility Closes
24 Click on the Yellow GO button in the bottom left corner of the screen and select “Shut Down”/”Shut Down”. Remove CD from drive and removable media device from business computer, if connected.
Machine shuts down.
25 Submit TT to GLO/Encrypt using <profile name> to remove the business computer from the SafeBoot server
Business computer is removed from the
SafeBoot server.
26 IMPORTANT: Reimage or dispose of business computer properly.
Business computer HDD is reimaged or reformatted.
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 22 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
3.4 Bind User Tool This is a configuration of the SafeBoot package installer that allows a Local Support User to bind (add) a user to a machine with or without their windows password. This can only be used if the machine is already encrypted and Windows is up and running.
Step # Action Expected Result
1
NOTE: Bind User cannot be run on a machine that is not fully encrypted. Run the SB: Bind User Tool from ISIT
Installation begins and you are prompted to enter credentials for the user you need to bind to the machine
2
If Then Result
End User is an existing SafeBoot User or if the End User is at the desk during the installation
Have End User enter their User name and password and click OK
End User is a new SafeBoot user and is not physically present to enter password.
Enter User name, click check box to “Bind UserID without a Password” and click OK
User is successfully bound to the machine
3
Click OK
If Then
User is an existing SafeBoot User or if the user is at the desk during the installation
Have End User log in with their User name and password to ensure they can log in
End User is a new SafeBoot user and is not physically present to enter password.
End User will need to contact the service desk to get their temporary SafeBoot Password and have the service desk walk them thru logging in
If you are using a printed copy of this document, please check that the version number is consistent with the current version number in the EIS Electronic Library.
ELI LILLY AND COMPANY
SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Title: GITCS-OSI-055 SafeBoot Mobile Data Security Client Support for Local Desktop Support Teams
Page 23 of 24 Version 2.0
Owner: Christina Payton Confidential Last Save Date: 26-Sep-2007
4. TRAINING
Training on this procedure includes reading this document and understanding the contents therein. If this reading is included as a part of your training curriculum, please utilize the electronic training acknowledgement process to record the training. If the electronic training acknowledgement process is not available, complete a hardcopy training acknowledgement form and forward it to the local Training Coordinator. Retain a copy of the training acknowledgement form for your records