[WARNING] Don't allow customers to update to Win 11 right now!

E

ell

Well-Known Member
Reaction score
381
Just got a call from a user who did a windows udate that upgraded her to win 11, and on reboot she was presented with bitlocker key requirement. She followed instructions to get her MSFT recovery key and there was her laptop listed but no key assigned! I told her to be sure she didn't have more than one MSFT acct, she was adamant there was no other. Way to go MSFT, heres the info: https://www.pcgamer.com/latest-windows-security-update-is-locking-users-out-of-their-pcs/
 
You would have better titled this, "Don't allow customers to update Win 11 right now."

The issue has nothing to do with "updating to" (AKA upgrading to) Windows 11, but a Windows 11 security patch.

And I don't think that end users have any ability to stop security patch updates.
 
She told me it happened to her upgrading to win 11, but maybe that wasn't the case.
 
Guaranteed it wasn't the case.

Also... magically... exactly zero of the Windows 11 machines that I've linked to personal MS accounts maintained for each of my clients have had this issue.

They all have recovery keys in the appropriate accounts under the specific device AND they've taken the August update without complaint.

So once again Rob's stuff is magic for reasons beyond comprehension I guess.

I have recently deployed a powershell script that pulls the recovery key daily and stuffs it into my RMM too... just because.
 
ell said:
She told me it happened to her upgrading to win 11, but maybe that wasn't the case.
Click to expand...

Which might possibly be the case. I was simply going on the article you gave the link to, which does not identify an in-place upgrade to Windows 11 as causing this issue. I doubt it does, per se, but whenever those patches are applied, which can be (but need not be) a part of an in-place upgrade the problem could ensue.

I've gotten in the habit when doing in-place upgrades of choosing the option not to fetch updates during the process. That started out because of slow connections and the fact that everything needed to just do the upgrade is a part of the install media. I then let Windows Update do its thing immediately afterward (and tend to have walked away long before that process completes in many cases).

Yet another reason that, on personal machines I turn device encryption OFF. (Whether that's BitLocker or otherwise).
 
Sky-Knight said:
So once again Rob's stuff is magic for reasons beyond comprehension I guess.
Click to expand...

Really? And that article's author is a liar, too, in addition to others in the tech press?

I'm not arguing the point about being able to find the BitLocker key if you have access to the correct MS Account. But the issue with people being locked out has clearly occurred.
 
britechguy said:
Really? And that article's author is a liar, too, in addition to others in the tech press?

I'm not arguing the point about being able to find the BitLocker key if you have access to the correct MS Account. But the issue with people being locked out has clearly occurred.
Click to expand...

Yes, they often are... Not so much that the events aren't happening. They very much are! But they are happening because people refuse to learn how to care for their systems properly. I don't profess to be a master, but it's often all too odd that my supported gear simply never manifests this behavior. Also... sensationalism is PCGamer's hallmark...

As for what to do as techs... here...

Code: 
$ckey = (Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword
Write-Host $ckey

There's my bit for king and country, run this on every machine that comes through your hands, copy the output, print it out for the owner and tell them to keep it in a safe place.

Even better, get them using cloud backed storage as their primary storage and a format c: isn't the end of the world anyway. Might have to blog this up to ride this wave of stupid in the media. It's trivial to get that key from a working system, people just need to do it.
 
This has been discussed ad nauseam. The home version of Windows creates a BitLocker encrypted drive ONLY if the user has linked a Microsoft Account. The end-user has the wrong one. We have had several techs on here INSIST that the client doesn't have an account or only had one account only for said tech to have to eat crow because they finally discover the correct account. If Bitlocker or Device Encryption as it is called on Home was that broken there would be verified reports of it. This is not magic. The end user simply forgot the account or was never told of the account by whoever set it up.

 
Article published on Monday 8-22 on a "latest update" causing some trouble or other... when the last update push for Windows anything was 8-9 almost TWO WEEKS prior.

Must be a seriously slow news day.

Oh... wait... the "referenced article" was published July 19th! Which was again almost two weeks after patch Tuesday for July... Which references KB5014668 which is a PREVIEW UPDATE that never saw any actual production equipment anywhere ever unless its operator was a complete idiot.

I'm calling this what it is...

FAKE NEWS!
 
Sky-Knight said:
Article published on Monday 8-22 on a "latest update" causing some trouble or other... when the last update push for Windows anything was 8-9 almost TWO WEEKS prior.

Must be a seriously slow news day.

Oh... wait... the "referenced article" was published July 19th! Which was again almost two weeks after patch Tuesday for July... Which references KB5014668 which is a PREVIEW UPDATE that never saw any actual production equipment anywhere ever unless its operator was a complete idiot.

I'm calling this what it is...

FAKE NEWS!
Click to expand...
Sometimes it takes a while for a flawed update to bork systems. There have definitely been victims but it is so far statistically small. Which frankly parallels almost any update. There are too many combinations of hardware and/or software for an update to not bork something.
 
nlinecomputers said:
Sometimes it takes a while for a flawed update to bork systems. There have definitely been victims but it is so far statistically small. Which frankly parallels almost any update. There are too many combinations of hardware and/or software for an update to not bork something.
Click to expand...
Sure, but with all the variables in play there's no way to know any specific update cause the fault from outside Microsoft anyway. We don't have the telemetry, and I for one am not stupid enough to blame a BETA UPDATE that was never shoved to production for anything.

This is straight up fake. There are production updates that break things certainly, but this case? This case is click bait fake news BS on the part of the morons at PC Gamer.
 
I have to chime in here.

"Refusing" to take care of a system. Sounds a bit harsh...

Does Microsoft warn the user that by singing in to the device that it will encrypt all data and "please insert USB to save the recovery key?" It's been a while since I setup Windows in an environment that supports encyption, but I think that prompt simply isnt there...which means MS should better educate customers.
 
NviGate Systems said:
I have to chime in here.

"Refusing" to take care of a system. Sounds a bit harsh...

Does Microsoft warn the user that by singing in to the device that it will encrypt all data and "please insert USB to save the recovery key?" It's been a while since I setup Windows in an environment that supports encyption, but I think that prompt simply isnt there...which means MS should better educate customers.
Click to expand...
This. End users really need to be warned more about this.
 
I wasn't trying to plug a fake page (my bad) its just what came up in my seaching to see if this was a recognised new wrinkle in windows updates
 
NviGate Systems said:
I have to chime in here.

"Refusing" to take care of a system. Sounds a bit harsh...

Does Microsoft warn the user that by singing in to the device that it will encrypt all data and "please insert USB to save the recovery key?" It's been a while since I setup Windows in an environment that supports encyption, but I think that prompt simply isnt there...which means MS should better educate customers.
Click to expand...
Yes... they do. It's on the page with a litany of other things though, and few bother to read. Also yes, it's harsh... because this has been operational reality since the gen8 Intel's launched. It's long past time to get with the program. I'm not saying I like it, just calling it what it is.

@britechguy OF COURSE THEY DID, because the issue was found in a bloody TEST UPDATE from LAST MONTH that NEVER SAW PRODUCTION and what got push on the 9th was the FIXED UPDATE that never broke anything. The test units functioned as intended, the issue was caught before pushed to production equipment.

Again, if you got the busted update you're getting beta updates, and specifically in this case had to manually enroll in the test channels to do it.

I suppose the fixed update might have caused a few issues on some systems... I wouldn't know. All I know is nothing in my fleet has had a problem.
 
Sky-Knight said:
Again, if you got the busted update you're getting beta updates, and specifically in this case had to manually enroll in the test channels to do it.
Click to expand...
Some who happen to do updates manually will see an update that was not auto-installed. It is the beta preview update. They do not call it a preview anymore. The following is the current beta preview for Win 11.
1661631425097.png
 
Porthos said:
Some who happen to do updates manually will see an update that was not auto-installed. It is the beta preview update. They do not call it a preview anymore. The following is the current beta preview for Win 11.
View attachment 13911
Click to expand...
It's does say preview, but only if you're on PRO.

And yeah, the games Microsoft is playing with the Home edition machines to essentially put them into permanent beta status is highly annoying.

Best bet is to simply never push buttons on that screen if you're on Home, let the automatic nature of things run its course. Those of us that know better can avoid that entire section of window easily enough to get machines current, but not too current.

But yes, manually updating a system is one of the first ways you can "enroll" yourself to be a beta tester. Because Microsoft knows that normal users simply don't care about updates. So pushing that button flags that machine as in use by a power user, or one managed by an IT pro and therefore... ready to test with "minimal impact".

P.S. Win10 does this crap too... always driven me nuts.
 
I am neither a Microsoft fanboy, nor a ranting critic.

MS F*^Ked up this time, pure and simple. It's happened before, it will happen again. It's not "fake news" and trying to defend it makes the person doing so look foolish.
 
You must log in or register to reply here.

Similar threads

Galdorf
Win 11 updates keeps breaking things many customers switched to Mac or Linux
Replies
19
Views
1K
britechguy
britechguy
Appletax
Thinking About Switching From Legion 5 Pro To MacBook Pro M1 Pro
2 3
Replies
41
Views
4K
Sky-Knight
Sky-Knight
Porthos
Microsoft 365 apps say farewell to Internet Explorer 11 and Windows 10 sunsets Microsoft Edge Legacy
Replies
5
Views
4K
HankArnold
HankArnold
J
[SOLVED] Seems like a classic Win 7 to 10 upgrade slowdown - SSD fix
Replies
7
Views
1K
mikeroq
mikeroq
Blue Banana
Windows 10 Screen Flickering
Replies
12
Views
2K
Krynn72
Krynn72
Back
Top