If your CoreImage PC is impacted by the CrowdStrike-induced Blue Screen (BSOD) failure, and you are unable to come onsite to Michigan Medicine, please follow the steps below to restore functionality.

1. If possible, connect your device to a network that can access the Internet via an Ethernet cable. This likely means connecting your device directly to your modem/router with an Ethernet cable as shown here:
   
   
   
2. Make sure your device is plugged into AC power, similar to the following.
   
   
   
3. Reboot the device three times just to ensure it is still exhibiting the BSOD behavior.  If so, proceed.
   
   
4. Reboot the device until you see the Automatic Repair screen, and then click on Advanced Options. The screen will look similar to the following.
   
   
   
5. If you already see the Automatic Repair screen shown above, then skip to step 7; otherwise, execute the following:  When you see the spinning circle as shown in the following screenshot, hold down the device's power button until the device turns off. Then turn it back on. Do this two times. On the third attempt, let the device boot as normal. It should eventually go to the Advanced Repair screen where you can click Advanced Options.  If so, skip to step 7.
   
   
   
6. If your device never boots to the Automatic Repair screen despite following the procedure in step 5, then you can follow another process: Make sure your device is plugged into AC power and plug-in an Ethernet cord attached directly to your modem/router. Once you have the device on power and connected to your modem/router via an Ethernet cable, then perform at least three reboots, waiting 5 minutes between each one. If you’re able to log in after that, then your device has been fixed. If you’re still getting the Recovery or Automatic Repair screens, then HITS needs to swap or rebuild your device.
   
   
   
7. Once in the Advanced Options, click Troubleshoot.
   
   
   
8. Click Advanced options.
   
   
   
9. Click Command Prompt.
   
   
   
10.  Follow the BitLocker Recovery process.
    
    1. Get the first segment of the BitLocker Recovery Key ID. HITS needs this set of numbers and letters to retrieve the Recovery Key.
       
       
       
    2. Contact HITS for the Recovery Key
       1. If you’re already working with an HITS Support Technician, then you should send them the first segment of the Recovery Key ID, and they will send you the Recovery Key.
       2. If you’re not already working with an HITS Support Technician, then please submit a ticket and include the first segment of the Recovery Key ID. Submit a Ticket - Michigan Medicine - Help Center (service-now.com)
          
          
    3. HITS will provide the BitLocker Recovery Key to you.  Validate each segment as you enter it. Once you've confirmed the entire string of numbers matches what you were given, click Continue.
       
       
       
11. At the command prompt, enter the following commands.
    
    
    1. Change directories to where the CrowdStrike file is.
       1. Type cd /d C:\windows\system32\drivers\crowdstrike
       2. Hit enter.
          
          
    2. Check for the presence of the file.
       1. Type dir C-00000291* and hit enter.
          1. Note that there is a space between dir and C.
          2. There are five zeros in front of 291.
          3. Make sure to include the * at the end of the command.
       2. You should see the following file in the output:  C-00000291-00000000-00000029.sys
       3. If you do not see that file in the output, validate that you are in the correct directory.
           
    3. Delete the file
       1. Type del C-00000291* and hit enter.
          1. As before, note that there is a space between dir and C.
          2. There are five zeros in front of 291.
          3. Make sure to include the * at the end of the command.
       2. Nothing will be displayed on the screen indicating it was successful.  This is normal.
          
          
    4. Check for the presence of the file.
       1. Type dir C-00000291* and hit enter.
       2. You should no longer see the file in the output.  If you do, attempt entering the delete command again (see previous step).
          
          
    5. Close the command prompt.
       1. Type exit and hit enter.
          
          
12. Make sure your device is plugged into AC power and there are no USB Drive or USB Bluetooth device is plugged in.
    
    
13. Click Continue to reboot. Upon a successful boot up, verify that you can log into the device.
    
    
    
14. If the device shows the Automatic Repair or Recovery screens again, try another reboot. If these persist (i.e., Windows never boots up to the normal login screen), then update the ticket saying that you are still having issues. You may need a rebuild or new device.