I
Intune_Support_Team
As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, we have released a USB tool to help IT Admins expedite the repair process. The signed Microsoft Recovery Tool can be found in the Microsoft Download Center: https://go.microsoft.com/fwlink/?linkid=2280386. The steps to use the tool are detailed below.
Prerequisites
Instructions
To generate the USB repair solution, from the 64-bit Windows client in prerequisite #1 above, execute the following steps:
To repair an impacted device using the BitLocker recovery key from prerequisite #4 above:
For more information on the issue impacting Windows clients and servers running the CrowdStrike Falcon agent, please see:
Please note this tool does not use Microsoft Intune, but we're sharing as a Support tip to help customers. Let us know if you have any questions by replying to this post or reaching out to @IntuneSuppTeam on X. We’ll continue to provide updates to this post as needed.
Continue reading...
Prerequisites
- A Windows 64-bit client with at least 8GB of free space from which the tool can be run to create the bootable USB drive.
- Administrative privileges on the Windows client from prerequisite #1.
- USB drive with (1GB). All existing data on this USB will be wiped.
- BitLocker recovery key for each BitLocker-enabled impacted device on which the generated USB device will be used.
Instructions
To generate the USB repair solution, from the 64-bit Windows client in prerequisite #1 above, execute the following steps:
- Download the signed Microsoft Recovery Tool from the Microsoft Download Center.
- Extract the PowerShell script from the downloaded solution.
- Run MsftRecoveryToolForCS.ps1 from an elevated PowerShell prompt.
- ADK download and install will start, may take several minutes to complete.
- You will be prompted to optionally select a driver directory for image import. We recommend you select “N” to skip this step. Some devices may need specific keyboard and/or mass storage drivers, however “N” is sufficient for most devices. NOTE: The tool will import any SYS and INI recursively under the specified directory.
- Insert the USB drive when prompted and provide the drive letter.
- Once the USB creation is complete, remove the USB from the Windows client.
To repair an impacted device using the BitLocker recovery key from prerequisite #4 above:
- Insert the USB key into an impacted device.
- Reboot the device.
- During restart, press F12 (or follow manufacturer-specific instructions for booting to BIOS).
- From the BIOS boot menu, choose Boot from USB and continue.
- The tool will run.
- If BitLocker is enabled, the user will be prompted for the BitLocker recovery key. Include the dashes in for the BitLocker recovery key when entering. The recovery key options are provided here.
- The tool will run the issue-remediation scripts as recommended by CrowdStrike.
- Once complete, reboot the device normally.
For more information on the issue impacting Windows clients and servers running the CrowdStrike Falcon agent, please see:
- A wide variety of Windows information is available at aka.ms/WRH
- Recovery steps are available here
- For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status
- Additional details from CrowdStrike are available here: Statement on Falcon Content Update for Windows Hosts - CrowdStrike Blog
Please note this tool does not use Microsoft Intune, but we're sharing as a Support tip to help customers. Let us know if you have any questions by replying to this post or reaching out to @IntuneSuppTeam on X. We’ll continue to provide updates to this post as needed.
Continue reading...