Microsoft recovery tool to Fix CrowdStrike Issues

While everyone on the internet was thanking Microsoft for an early weekend, the global software and tech provider Microsoft took some extra hours to release their urgent recovery tool. The tool comes as a fix to the issues triggered by the CrowdStrike update.

The latest tech news filled the office spaces with horror making around 8.5 million devices out of order as the CrowdStrike update stirred up the Blue Screen of Death errors. Consequently, the IT professionals had to log out a day ahead of their actual weekend. However, Microsoft is here with its new and quick recovery tool to help IT admins repair their Windows. The recovery tool is downloadable and comes with two repair options.

The tool creates a bootable USB drive for access to crashed machines. The tool is designed in such a way as to auto-remove the CrowdStrike file. This allows the device to boot up again and saves time by eliminating the requisite for manual intervention like entering Safe Mode.

The company has outlined separate recovery steps for Windows Virtual Machines powered by Azure. It has also released recovery steps for all Windows 10 and 11 in their support sites.

Microsoft Recovery Tool to Fix CrowdStrike Issues: Repair Options

1. Recover from WinPE – Produces boot media to help facilitate the device repair.
2. Recover from safe mode – Produces boot media to help the impacted devices boot into safe mode. After that, the user can log in using an account with local admin privileges and run the redress.

Among the two options, Microsoft prefers the former to the latter. Recovering from WinPE is observed to be quick and safe. It directly recovers systems without any local admin privileges. The only requirement is that, if the disk is encrypted with BitLocker, the tool will ask for the BitLocker recovery key and remove the CrowdStrike update. If a third-party disk encryption solution is used, you are to refer to vendor guidance to determine options to recover the drive.

Contrary to this, the Recover from safe mode may enable recovery on BitLocker-enabled devices without requiring the entry of BitLocker recovery keys. But you should have access to an account with local administrator rights on the device. For the same reason, this option is advisable while using devices that are not encrypted, devices with TPM-only protectors, or in situations where the BitLocker recovery key is anonymous.

Prerequisites to create the boot media

For creating the bootable USB drive, a Windows 64-bit client with a minimum of 8GB of free space is needed. Administrative privileges on the Windows client from the prerequisite mentioned above. A USB drive with at least 1GB and a maximum of 32 GB.

1. Instructions to generate the WinPE recovery media

• Follow these steps to create recovery media on the 64-bit Windows client.
• Download the signed Microsoft Recovery Tool from the Microsoft Download Center.
• From the downloaded solution, extract the PowerShell script.
• Run “MsftRecoveryToolForCSv2.ps1“ from an elevated PowerShell prompt.
• Media creation will take a few minutes to complete.
• Choose one of the two options mentioned above for recovery.
• Select a directory that contains driver files to import into the recovery image. Microsoft recommends to select “N” to skip this step. The tool will import any SYS and INI recursively under the specified directory.
• Select the option to generate an ISO or USB drive and specify the drive letter.

Prerequisites for using the boot media

If you are using TPM-only protectors and the safe boot option, then the recovery key is not required. Instead, if you are using TPM+PIN protectors, then you may need the recovery key.

1.1. Instructions while using Recovery from WinPE media

• Insert the USB key into a crippled device.
• Reboot the device.
• Press F12 during restart (you may also follow the manufacturer-specific instructions for booting to BIOS).
• From the BIOS boot menu, choose Boot from USB.
• The tool will run.
• If BitLocker is enabled, the user will be prompted for the BitLocker recovery key including the dashes. For third-party device encryption solutions, follow any steps provided by the vendor to gain access to the drive.
• Remove the USB drive and reboot the device normally.

2. Microsoft recovery tool to Fix CrowdStrike Issues: Instructions while using Safe Boot media

• If you prefer to repair an impacted device without using the BitLocker recovery key and if you have access to the local administrator, then you may follow these steps:
• Insert the USB key into the impacted device and reboot.
• During restart, press F12.
• Choose Boot from USB and continue.
• The tool runs and the prompt appears, “This tool will configure this machine to boot in safe mode. WARNING: In some cases, you may need to enter a BitLocker recovery key after running.”
• Press any key to continue.
• The following message appears: “Your PC is configured to boot to Safe Mode now.” Press any key to continue.

• The machine reboots into safe mode.
• The user runs repair. cmd from the root of the media/USB drive.
• The following message appears: “This tool will remove impacted files and restore normal boot configuration. WARNING: You may need BitLocker recovery key in some cases. WARNING: This script must be run in an elevated command prompt.” Press any key to continue.
• The user repair will run and the normal boot flow will be restored.
• Once successful, the user will see the following message: “Success. System will now reboot.”
• Press any key to reboot the device.