Microsoft’s CrowdStrike Recovery Tool
The new Microsoft CrowdStike recovery tool comes with two distinct repair options and includes options to help those using Windows clients, servers and operating systems hosted virtually on Hyper-V.
Option one is the recommended route from Microsoft and enables recovery by using the Windows PE recovery environment. “This option quickly and directly recovers systems and does not require local admin privileges,” Microsoft said. The tool does this by way of USB to access the computer drive and delete the corrupt file automatically. Microsoft concedes that it’s not entirely automatic for some users; if BitLocker encryption is in use, then the recovery key will need to be entered manually, for example.
The second option, Microsoft said, “may enable recovery on BitLocker-enabled devices without requiring the entry of BitLocker recovery keys.” Although ‘may’ could be doing a lot of heavy lifting here. This attempts recovery from safe mode, requires an account with local admin rights and should only be used with devices “using TPM-only protectors, devices that are not encrypted, or situations where the BitLocker recovery key is unknown.”
There are some prerequisites when it comes to creating the recovery boot media that admins need to be aware of:
- A Windows 64-bit client with at least 8GB of free space from which the tool can be run to create the bootable USB drive.
- Administrative privileges on the Windows client
- A USB drive with a minimum 1GB and maximum of 32GB. All existing data on this USB will be wiped and will be formatted automatically to FAT32.
Microsoft has warned users that they should test the recovery tool on multiple devices prior to using it broadly in a live operating environment.
The full instructions for all options can be found here.
