[WARNING] Don't allow customers to update to Win 11 right now!

[Sky-Knight]

It is PRO, Sorry play again.
View attachment 13912

KB5016691 isn't the update that supposedly broke things.

But, the screen shot does clearly report a preview update as a normal CU... When the web link for the update clearly announces it as a preview. https://support.microsoft.com/en-us...-preview-59097044-915a-49a0-8870-49823236adbd

So that's a separate issue... and one I haven't seen before.

 

[Porthos]

But, the screen shot does clearly report a preview update as a normal CU...

An end user who checks updates manually would see this and install it since there is no indication to the unknowing that it is a preview anymore.

 

[britechguy]

it since there is no indication to the unknowing that it is a preview anymore.

Correction, "There is no indication that it is a preview."

If it's not shown as an optional update, or with some clear identification that it's not just another update I should apply, how should I know?

There is nothing shown in this screen shot you previously posted:

That would make the most sophisticated user think that this is anything other than an update that is being held for user consent before the install takes place. Feature Updates behave in precisely this way.

I'd look at the above and activate that button based on what I know of Windows and have no hesitation about doing so.

 

[Porthos]

Correction, "There is no indication that it is a preview."

That is what I said.

An end user who checks updates manually would see this and install it since there is no indication to the unknowing that it is a preview anymore.

 

[britechguy]

@Porthos,

You included "to the unknowing." It's not, "to the unknowing," but to virtually anyone. I don't know of anyone, including techs, who'd look at that and think, "Oh, that's a preview."

That was the only point I was trying to make, not that you were wrong, but that the limitation of "to the unknowing" does not apply.

 

[callthatgirl]

I've had 3 calls for bit locker recovery keys, none of which I setup for clients. I give them the link to get the key.
2 personal, 1 business.

 

[ell]

ok, so this update is really becoming a thing, I just got another call today for another victim being locked out on reboot after update

 

[timeshifter]

I had one call for a key a week ago.

 

[ell]

Yes, they often are... Not so much that the events aren't happening. They very much are! But they are happening because people refuse to learn how to care for their systems properly. I don't profess to be a master, but it's often all too odd that my supported gear simply never manifests this behavior. Also... sensationalism is PCGamer's hallmark...

As for what to do as techs... here...

$ckey = (Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword
Write-Host $ckey

There's my bit for king and country, run this on every machine that comes through your hands, copy the output, print it out for the owner and tell them to keep it in a safe place.

Even better, get them using cloud backed storage as their primary storage and a format c: isn't the end of the world anyway. Might have to blog this up to ride this wave of stupid in the media. It's trivial to get that key from a working system, people just need to do it.

Is this a command to run from command prompt in bitlocker recovery to recover the key?

 

[britechguy]

Is this a command to run from command prompt in bitlocker recovery to recover the key?

No, it's a command to be run in PowerShell just to get the key in the first place (much like logging in to an MS Account). It's presumed that if you're logged in to a machine that's got Bitlocker enabled (and probably logged in with the MS-Account-linked Win account that owns it, I haven't tested with a different admin account) that you're authorized to snag the key.

Then you log it on paper somewhere and lock it up.

 

[lcoughey]

I may be able to recover some with my data recovery equipment, depending on the underlying setup.

 

[Sky-Knight]

@britechguy is correct, the above bit of powershell simply returns the recovery key of the C volume. If the drive has more volumes you'll need to run it more for each volume. But the change you need to make should be fairly obvious.

But yes, every machine that crosses your bench, run that, get the keys stuff them into your invoice or something so the client has it.

Also, in the past there was a clear designation of the updates in that space as optional, or preview. The check for updates button at the top is the only "safe" thing to touch in that entire UI. But yes, it seems now we have to magically know that. Which is more than a little annoying.

So apparently Microsoft has moved beyond assuming only power users push that check for updates button and onto only power users bother to look at the update window to that category. It's going to make instructing users on remote repairs that much harder.

 

[britechguy]

the above bit of powershell simply returns the recovery key of the C volume. If the drive has more volumes you'll need to run it more for each volume. But the change you need to make should be fairly obvious.

Who can run this and have it work? And by that, I mean can anyone with an admin account (I'd hope standard users can't, but I'm not even about to try that) run it and get the info back, or must you be logged in with the MS-Account-linked Windows user account to which the BitLocker Key is linked?

 

[Markverhyden]

This. End users really need to be warned more about this.

Yep. I'm sure if someone challenged M$ they would point out it's somewhere in the EULA. Something that no eu ever reads.

 

[Sky-Knight]

Who can run this and have it work? And by that, I mean can anyone with an admin account (I'd hope standard users can't, but I'm not even about to try that) run it and get the info back, or must you be logged in with the MS-Account-linked Windows user account to which the BitLocker Key is linked?

The Get-BitLockerVolume command requires admin rights.

So it must be run inside an elevated powershell.