Sysadmin

7640 readers

22 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago

MODERATORS

[email protected]

How to Bypass Bitlocker for Crowdstrike BSoD (fix) (lemmy.blahaj.zone)

submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

Took me a few hours to figure this out, figured I'd pass it along. Forgive formatting, I'm on mobile.

How to Bypass Bitlocker for Crowdstrike BSoD

Only use this if the Bitlocker key is lost.

From the Bitlocker screen, select Skip This Drive. A command prompt will appear.

Type bcdedit /set {default} safeboot network and press Enter.

Type Exit to exit the command prompt, then select Shut Down

Hardwire the device to the network

Navigate to C:\Windows\System32\Drivers\Crowdstrike and delete C:\windows\system32\drivers\crowdstrike\c-00000291-*.sys

Win+R to open the Run menu, then type msconfig and press Enter

Go to Boot

Uncheck the box for SafeBoot

You will receive a warning about Bitlocker. Proceed.

Click OK and you will be prompted to restart. Do so.

Have the user login

Test their access to files

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 9 points 3 months ago

No, that's not what it means.

If the device is wired to the LAN, the admin logon authenticates the user with the domain server, and thus decrypts the files using the credentials that are stored server-side.

If the drive would be fully encrypted, you'd have to enter a password each time you boot the machine. That can be done, but is really not all that practical, especially not when working with a domain server / remote admin.

For a private computer, you can have a look at Veracrypt (FOSS) if you want to have a fully encrypted drive.