Topic:
This article clarifies how Microsoft's MBR2GPT tool CANNOT be used on devices that have already been protected using SecureDoc, and its use should not be attempted.
Context: Microsoft's MBR2GPT.EXE tool can convert a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Pre-installation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
Product Version Affected:
All SD versions
Environment:
All Windows devices running SecureDoc, whether using SecureDoc "on top" of Bitlocker (SDOT), SecureDoc Software Enryption (SWE) or SecureDoc's management of Hardware Encryption (HWE) on a disk drive currently running in MBR mode.
NOTE: WinMagic is currently exploring whether MBR2GPT.EXE can be run safely on SecureDoc-managed devices that utilize Bitlocker's own authentication and do not use the SecureDoc Pre-boot. Until this evaluation is completed, all SecureDoc customers are recommended to avoid the use of MBR2GPT.EXE unless they are prepared to follow the process of decrypting and removing SecureDoc first, as outlined below.
Steps to follow:
This article applies ONLY if wishing to migrate a SecureDoc-protected device from Master Boot Record (MBR) mode to GUID Partition Table (GPT) mode using MBR2GPT.EXE
1 - Decrypt the disk drive (disk decryption is described in other Knowledge Base articles)
2 - Remove the SecureDoc Boot Logon (described in other Knowledge Base articles)
3 - Reboot the computer
4 - Uninstall the SecureDoc software
6 - Reboot the computer
- You may need to send the now-decrypted device record to the Recycle Bin. When SecureDoc is reinstalled, a new
device record will be created for the new instance of SecureDoc on that device.
7 - Run MBR2GPT.EXE according to Microsoft's best practices (as documented in Microsoft's web resources).
8 - Reinstall SecureDoc