Vous êtes sur la page 1sur 65

Module 2

Troubleshooting Startup Issues


Module Overview

• Overview of the Windows 10 Startup Recovery


Environment
• Troubleshooting Startup Settings
• Troubleshooting Operating System Service Issues
• Recovering BitLocker-Protected Drives
Lesson 1: Overview of the Windows 10 Startup
Recovery Environment

• Windows 10 Startup Architecture


• Windows Startup and Recovery Options
• Recovery Tools Available in Windows RE
• Practice: Using the Windows RE Tools
• Overview of System Restore
• Practice: Using System Restore
Windows 10 Startup Architecture

Native Windows core,


Windows 10
UEFI or Kernel,
OS Loader
BIOS Antimalware

Third-party Windows
drivers logon
Windows 10 Startup Architecture

The boot loader architecture has three main components:

• The Windows Boot Manager (BOOTMGR).


This file resides in the root directory of the volume marked
as active in Disk Management. This drive has no drive
letter.
• The Windows OS Loader (Winload.exe). This file resides
in the Windows\System32 folder on the volume where
Windows is installed.
• The Windows Resume Loader (Winresume.exe). This
file is also in the Windows\System32 folder.
Windows 10 Startup Architecture

Windows Boot Manager


As the computer starts, BOOTMGR loads first, and then reads
the Boot Configuration Data (BCD). BCD is a database of
startup configuration information that the hard disk stores in a
format similar to the registry.
BOOTMGR replaces much of the functionality of the NT Loader
(NTLDR) bootstrap loader that the Microsoft Windows XP and
earlier versions of the Windows operating system use.
BOOTMGR is a separate entity, and it is unaware of other
startup operations in the Windows operating system.
BOOTMGR switches the processor into 32-bit or 64-bit
protected mode, prompts the user for which operating system
to load (if multiple operating systems are installed), and starts
NTLDR if you have Windows XP or an earlier version of the
Windows operating system installed.
Windows 10 Startup Architecture
Windows OS Loader
Winload.exe is the operating system boot loader that Windows
Boot Manager invokes. Winload.exe loads the operating
system kernel (ntoskrnl.exe) and (BOOT_START) device drivers,
which, combined with BOOTMGR, makes it functionally
equivalent to NTLDR. Winload.exe initializes memory, loads
drivers that should start, and then transfers control to the
kernel.
Windows Resume Loader
If the BCD contains information about a current hibernation
image, BOOTMGR passes that information to Winresume.exe.
BOOTMGR exits and Winresume.exe then starts.
Winresume.exe reads the hibernation
image file, and uses it to return the operating system to its pre-
hibernation running state.
Windows 10 Startup Architecture
Windows Startup Process
1. The UEFI or BIOS performs a power-on self-test (POST).
From a startup perspective, the BIOS enables the computer to
access peripherals such as hard disks, keyboards, and the
computer display, prior to loading the operating system.
2. The computer uses information in the UEFI or BIOS to locate
an installed hard disk, which should contain an MBR. The
computer calls and loads BOOTMGR, which then locates an
active drive partition on sector 0 of the discovered hard disk.
3. BOOTMGR reads the BCD file from the active partition,
gathers information about the machine’s installed operating
systems, and then displays a boot menu, if necessary.
4. BOOTMGR either transfers control to winload.exe or calls
winresume.exe for a resume operation. If winload.exe selects
an earlier operating system, such as Windows XP Professional,
then BOOTMGR transfers control to NTLDR.
Windows 10 Startup Architecture

5. Otherwise, winload.exe initializes memory and loads


drivers that are set to begin at startup. These drivers (that have
a start value of 0 configured in the registry, and are called
BOOT_START drivers), are
for fundamental hardware components such as disk controllers
and peripheral bus drivers. Winload.exe then transfers control
to the operating system kernel, ntoskrnl.exe.
6. The kernel initializes, and then higher-level drivers load
(except BOOT_START and services). During this phase, you will
see the screen switch to graphical mode as the session
manager (Smss.exe) initializes the Windows subsystem.
7. The Windows operating system loads the Winlogon
service, which displays the sign-in screen. Once the user signs
in to the computer, Windows Explorer loads.
Windows Secure Boot

Secure Boot is a Windows 10 feature on UEFI-based devices that can


help to increase the security of your device by helping to prevent
unauthorized software from running on your device during the
startup process. Secure Boot verifies that each piece of software has
a valid digital signature. This verification applies to the operating
system itself. With Secure Boot on a device, the device checks each
piece of software against databases of known good signatures
maintained in the firmware. The firmware will only run software that
it deems to be safe by using this process.
The Windows 10 Secure Boot process requires firmware based on
UEFI. The Secure Boot process utilizes UEFI to prevent unknown or
potentially unwanted operating-system boot loaders (such as
firmware rootkits) from launching between the system’s firmware
start and the Windows 10 operating system start.
Secure Boot is mandatory for Windows 10, and it greatly increases
the integrity of the startup process.
Windows Startup and Recovery Options

Windows 10 provides a number of startup recovery


tools:
• Windows RE
• Automatic failover to startup recovery
• Advanced startup settings
Windows Startup and Recovery Options
Windows RE
Windows RE is a recovery platform based on the Windows
Preinstallation Environment (Windows PE). Windows RE provides
two main functions:
• Diagnose and repair startup problems automatically.
• Provide a centralized platform for additional advanced recovery
tools.
Accessing Windows RE
To access Windows RE:
1. Insert the Windows 10 DVD, and then start the computer.
2. When prompted, run the Windows 10 DVD Setup program.
3. After you configure language and keyboard settings, select the
Repair your computer option, which
scans the computer for Windows installations, and then presents
you with a Choose an option menu. Click Troubleshoot.
Windows Startup and Recovery Options
Automatic failover
Windows 10 provides an on-disk version of Windows RE. A
computer that runs Windows 10 can fail over automatically to the
on-disk Windows RE if it detects a startup failure.
During startup, Windows OS Loader sets a status flag that
indicates when the startup process begins.
Winload.exe clears this flag before it displays the Windows sign in
screen. If startup fails, the loader does not clear the flag.
Consequently, the next time the computer starts, Windows OS
Loader detects the flag, assumes that a startup failure has
occurred, and then launches Windows RE instead of Windows 10.
• The advantage of automatic failover to Windows RE Startup
Repair is that you might not need to check the problematic
computer when a startup problem occurs.
Advanced startup settings
Windows 10 provides advanced startup settings that
you can use to start the operating system in advanced
troubleshooting modes. These include:
• Enable debugging
• Enable boot logging
• Enable low-resolution video
• Enable Safe Mode
• Enable Safe Mode with Networking
• Enable Safe Mode with Command Prompt
• Disable driver signature enforcement
• Disable early launch anti-malware protection
• Disable automatic restart after failure
Recovery Tools Available in Windows RE

Windows RE provides access to six


recovery tools:
• Reset this PC
• System Restore
• System Image Recovery
• Startup Repair
• Command Prompt
• Go back to the previous build

Use Startup Repair first, then try System Restore


before attempting any of the more invasive
recovery tools listed
Reset this PC
When you select this option, Windows 10 reinstalls. However,
before you start, you must choose from the following two options:
• Keep my files. If you select this option, then during Windows 10
reinstallation Reset this PC removes all settings and all applications
that did not come with the operating system; however, it retains
your personal files. Reset this PC also preserves system settings,
such as computer name and domain membership. After the reset
process, when you sign in, you see a list of the applications on the
desktop that were removed during the reset process.
• Remove everything. If you select this option, you must then
choose between two additional options:
o Just remove my files. Use this option if you intend to keep your
computer, but want to reset it to its factory defaults.
o Fully clean the drive. Choose this option if you want to wipe
the drive entirely (for example, in order to recycle the computer).
This process can take much longer.
System Restore
Windows 10 also provides System Restore capabilities that you can
access from the System Tools folder. If you have a system failure or
another significant problem with your computer, you can use
System Restore to return your computer to an earlier state.

The primary benefit of System Restore is that it restores your


system to a workable state without reinstalling the operating
system or causing data loss. Additionally, if the computer does not
start
successfully, you can use System Restore by starting Windows RE
from the product DVD. System Restore is a preferable method of
recovering from startup problems. You should attempt to use it
before considering either Refresh your PC or Reset your PC.
Consider that using System Restore might resolve a startup issue,
but the computer could require additional configuration to bring it
back to the correct state following recovery.
System Image Recovery

The System Image Recovery tool replaces your computer’s


current operating system with a complete computer backup
that you created previously, and which you stored as a system
image.

You can use this tool only if you have made a recovery drive of
your computer. You should use this tool only if other methods
of recovery are unsuccessful, because this recovery method is
intrusive and overwrites everything on the computer.
Startup Repair

The Startup Repair tool in Windows RE provides a simple and


effective way for you to resolve most common startup problems. The
following sections describe the Startup Repair tool functions:
• Replace or Repair Disk Metadata. Disk metadata consists of
several components, including the boot sector and the MBR. If these
files are missing or corrupt, the startup process fails. If you suspect
that an issue has damaged or deleted these files, use Startup Repair
to check for problems with the disk metadata. Automatic Repair then
checks, and if necessary, repairs the disk metadata automatically.
Damage to the disk metadata often occurs because of unsuccessful
attempts to install multiple operating systems on a single computer.
Another possible cause of metadata corruption is a virus.
• Repair Boot Configuration Settings. Windows XP and earlier
Windows operating system versions stored the boot configuration
information in Boot.ini, a simple text file. However, Windows 10 uses
a configuration store that is in the C:\Boot folder.
Startup Repair
If the boot configuration data is damaged or deleted, the
operating system fails to start. The Startup Repair tool then
checks, and if necessary, rebuilds the BCD by scanning for
Windows installations on
the local hard disks, and then storing the necessary BCD.
• Resolve Incompatible Driver Issues. Installing a new hardware
device and its associated device driver often causes Windows
operating systems to start incorrectly.
The Automatic Repair tool performs device driver checks as part of
its analysis of your computer. If Automatic Repair detects a driver
problem. It uses System Restore points to attempt a resolution by
rolling back the configuration to a known working state.

Note: Even if you do not create restore points manually in


Windows 10, installing a new device driver automatically causes
Windows 10 to create a restore point prior to the installation.
Command Prompt
Windows 10 uses the Command Prompt window from the Windows
RE tool.The Command Prompt tool is more powerful than the
Recovery Console command-line interface from earlier Windows
operating system versions.
• Resolve problems with a service or device driver. If a computer
runs Windows 10 and experiences problems with a device driver or a
Windows service, use the Windows RE Command Prompt window to
attempt a resolution. For example, if a device driver fails to start, use
a command prompt to install a replacement driver or disable the
existing driver from the registry. If the Netlogon service fails to start,
at the command prompt, type Net Start Netlogon. You also can use
the SC tool (SC.exe) command-line tool or the Windows PowerShell
start-service and stop-service cmdlets to start and stop services.
• Recover missing files. The Windows RE Command Prompt tool
enables you to copy missing files to your computer’s hard disk from
original source media, such as the Windows 10 product DVD or USB
flash drive.
Command Prompt
Access and configure the BCD. Windows 10 uses a BCD store to retain
information about the operating systems that you install on the local
computer. You can access this information by using the command-line tool
BCDEdit.exe at the command prompt. You also can reconfigure the store, if
necessary. For example, you can reconfigure the default operating system
on a dual-boot computer with the BCDEdit.exe /default id command.
• Repair the boot sector and MBR. If the boot sector or MBR on the local
hard disk is damaged or missing, a computer that runs Windows 10 will fail
to start successfully. You can launch the Bootrec.exe program at the
command prompt to resolve problems with the disk metadata.
• Run diagnostic and troubleshooting tools. The Command Prompt tool
provides access to many programs that you can access from Windows 10
during normal operations. These programs include several troubleshooting
and diagnostics tools, such as the registry editor (Regedit.exe), a disk and
partition management tool (Diskpart.exe), and several networking
configuration tools (Net.exe, Ipconfig.exe, and Netcfg.exe). Another option
is to load Task Manager (Taskmgr.exe), which you can use to determine
which programs and services are running currently.
Practice: Using the Windows RE Tools

In this practice, you will:


• Launch Windows RE
• Use the Command Prompt tool
• Use Startup Repair
• Start Windows normally
• Examine a Startup Repair log file
Overview of System Restore

• System Restore takes snapshots of your computer


system, and then saves them as restore points
• You can use System Restore to:
• Perform driver rollback
• Protect against accidental program deletion
• Roll back the computer’s entire configuration
Overview of System Restore

• After you enable System Restore points, Windows 10


creates them automatically when the following actions
occur:
• You install a new application or driver.
• You uninstall certain programs.
• You install updates.
Windows 10 also creates System Restore points:
• Manually, whenever you choose to create them.
• Automatically, once daily.
• Automatically, if you choose to use System Restore to
restore to a previous point in time.
Overview of System Restore

Perform driver rollbacks


You might use System Restore when you install a device driver that
results in a computer that is unstable, or that fails to operate entirely.
Earlier Windows operating systems had a mechanism for driver
rollback, but it required the computer to start successfully from safe
mode. With Windows 10 computers, you can use System Restore to roll
back drivers by accessing the System Restore points, even when the
computer does not start successfully.
Protect against accidental deletion of programs
System Restore also provides protection against accidental deletion of
programs. When you add or remove programs, System Restore creates
restore points, and keeps copies of application programs (file
names with an .exe or .dll extension). If you accidentally delete an
executable (.exe) file, you can use System Restore to recover the file by
selecting a recent restore point prior to when you deleted the program.
Practice: Using System Restore

In this practice, you will:


• Create a restore point
• Start a computer in Windows RE
• Launch System Restore
Lesson 2: Troubleshooting Startup Settings

• Windows 10 BCD Store


• Configuring the BCD Configuration Settings
• Practice: Using Command-Line Tools to Access
the BCD Store
• Configuring Environments with the System
Configuration Tool
• Advanced Startup Options in Windows 10
• Practice: Using Advanced Startup Options
Windows 10 BCD Store

• The BCD store is an extensible database of objects


and elements that can include information about:
• The hibernation image
• Windows 10 startup options
• Alternate startup options for Windows operating
systems
• The BCD store is stored as a registry hive
• For BIOS-based systems, the BCD registry file is
located in the active partition\Boot directory
Process
During startup, the boot sector loads BOOTMGR, which in turn
accesses the BCD store, and then uses that information to display a
startup menu to the user (if multiple boot options exist), and to load
the operating system.
These parameters were previously in the Boot.ini file (in BIOS–based
operating systems) or in the nonvolatile random access memory
(NVRAM) entries in operating systems based on an Extensible
Firmware Interface (EFI).
However, Windows 10 replaces the boot.ini file and NVRAM entries
with the BCD store. The store is more versatile than boot.ini, and it can
apply to computer platforms that do not use BIOS to start the
computer. You also can apply the BCD store to firmware models, such
as computers that are based on EFI.
Windows 10 stores the BCD as a registry hive. For BIOS–based systems,
the BCD registry file is in the active partition \Boot directory. For EFI–
based systems, the BCD registry file is on the EFI system partition
Configuring the BCD Configuration Settings

• Use the BCDEdit command-line tool to make


changes to the BCD store, such as removing
entries from the list of displayed Windows
operating systems
• You can use other tools to modify the BCD:
• Startup and recovery
• Msconfig.exe
• BootRec.exe
MSConfig.exe
o Safe boot. Enables you to select:
• Safe boot: Minimal. On startup, Windows Explorer opens in safe
mode, which means it runs only critical system services.
Networking is disabled.
• Safe boot: Alternate shell. On startup, this option opens a
Command Prompt window in safe mode, and runs only critical
system services. Networking and Windows Explorer are disabled.
• Safe boot: Active Directory repair. On startup, this option opens
Windows Explorer in safe mode, and runs only critical system
services and Active Directory Domain Services (AD DS). Safe
boot performs no functions on a client operating system.
• Safe boot: Network. On startup, this option opens Windows
Explorer in safe mode, and runs only critical system services.
Networking is enabled.
MSConfig.exe

o No GUI boot. Does not display the Windows Welcome


screen when starting.
o Boot log. Records startup information into a log file.
o Base video. Uses a generic video display adapter
driver..
• o Advanced options:
Debug. Enables kernel-mode debugging for device
driver development.
Number of processors. Limits the number of
processors used on a multiprocessor system.
Maximum memory. Artificially limits the available
random access memory (RAM).
BCD.EXE

• BCDEdit.exe. You can use BCDEdit.exe to change the BCD. This


advanced tool is for administrators and information
technology (IT) professionals only.
• The BCDEdit tool currently enables you to:
o Add entries to an existing BCD store.
o Modify existing entries in a BCD store.
o Delete entries from a BCD store.
o Export entries to a BCD store.
o Import entries from a BCD store.
o List currently active settings.
o Query a particular type of entry.
o Apply a global change (to all entries).
o Change the default time-out value.
BootRec.exe

BootRec.exe. You use BootRec.exe with the /rebuildbcd


option to rebuild the BCD.
You must run Bootrec.exe in Windows RE. If rebuilding
the BCD does not resolve the startup issue, you can
export and delete the BCD, and then run this option
again. By doing this, you ensure that the BCD rebuilds
completely.
Practice: Using Command-Line Tools to Access
the BCD Store

In this practice, you will:


• Access advanced startup options
• Open the Command Prompt tool
• Work with the boot store
• Restart the Windows operating system normally
Configuring Environments with the System
Configuration Tool
Configuring Environments with the System
Configuration Tool 2 of 4
Configuring Environments with the System
Configuration Tool 3 of 4
Configuring Environments with the System
Configuration Tool 4 of 4
Advanced Startup Options in Windows 10

Windows 10 provides the following advanced


startup options:
• Enable debugging
• Enable boot logging
• Enable low-resolution video
• Enable Safe Mode
• Enable Safe Mode with Networking
• Enable Safe Mode with Command Prompt
• Disable driver signature enforcement
• Disable early launch anti-malware protection
• Disable automatic restart after failure
Practice: Using Advanced Startup Options

In this practice, you will:


• Load the System Configuration tool
• Enable Safe boot, and then restart
• Sign in to Safe Mode
• Revert to normal startup
• Access startup settings
Lab A: Troubleshooting Startup Issues

• Exercise 1: Resolving a Startup Issue (1)


• Exercise 2: Resolving a Startup Issue (2)

Logon Information
Virtual machines: 10982B-LON-DC1
10982B-LON-CL1
User name: Adatum\Administrator
Password: Pa$$w0rd

Estimated Time: 45 minutes


Lab Scenario

A number of users have reported problems


starting up their computers. You must investigate
these problems and attempt resolutions.
Lab Review

• What was your approach to the first scenario?


How did your approach differ from the class?
• What was your approach to the second scenario?
How did your approach differ from the class?
Lesson 3: Troubleshooting Operating System
Service Issues

• Operating System Services


• Identifying Failed Services
• Disabling Services
Operating System Services

Operating system services:


• Load and run in the background without user
intervention
• Support application requests, for example, when
an application needs to open a file, it relies on a
system service to retrieve that file from the disk
• Can make calls to device drivers when a request is
sent to a physical device
Identifying Failed Services

Windows 10 provides a number of ways of locating


service-related problems:
• Event Viewer
• Log files
• Stop codes
• Action Center
Disabling Services

Depending on the circumstances, you can disable a


service in one of the following ways:
• Safe mode
• Command Prompt
• System Configuration tool
Lesson 4: Recovering BitLocker-Protected Drives

• Overview of BitLocker
• BitLocker and TPMs
• Recovering a BitLocker-Encrypted Drive
• Practice: Encrypting a Partition by Using BitLocker
• BitLocker To Go
Overview of BitLocker

• BitLocker encrypts the computer’s operating


system and data that is stored on the operating
system volume
• Provides offline data protection
• Protects all other applications installed on the
encrypted volume
• Includes system integrity verification
• Verifies integrity of early boot components and
boot configuration data
• Ensures the integrity of the startup process
Overview of BitLocker
BitLocker performs two functions that provide both offline data
protection and system-integrity verification:
• It encrypts all data that is stored on the Windows operating system
volume (and configured data
volumes). This includes the Windows operating system, hibernation
files and paging files, applications, and data that applications use.
•BitLocker also provides an umbrella protection for non-Microsoft
applications, which benefits the applications automatically when they
are installed on the encrypted volume.
•It is configured, by default, to use a TPM to help ensure the integrity
of early startup components by ensuring that no modifications have
been made to the trusted boot path, such as BIOS, boot sector, and
boot manager. Once the TPM has verified that there are no changes,
it releases the decryption key to the Windows OS Loader. If TPM
does detect changes, it locks any BitLocker-protected volumes, so
they remain protected even if someone tampers with the computer
when the operating system is not running.
BitLocker and TPMs

BitLocker uses the TPM to verify the integrity of the


startup process by:
• Providing a method to verify that early boot file
integrity has been maintained
• Enhancing protection to mitigate offline software-
based attacks
• Locking the system when it is tampered with
BitLocker uses a TPM to verify the integrity of the
startup process

•Providing a method to verify that early boot file integrity


has been maintained, and to help ensure that there has
been no adverse modification of those files, such as with
boot sector viruses or root kits.
• Enhancing protection to mitigate offline software-based
attacks. Any alternative software that might start the
system does not have access to the decryption keys for the
Windows operating system volume.
• Locking the system when it is tampered with. If anyone
has tampered with monitored files, the system does not
start. This alerts the user to the tampering because the
system fails to start as usual. In the event that system
lockout occurs, BitLocker offers a simple recovery process.
Recovering a BitLocker-Encrypted Drive

• When a BitLocker-enabled computer starts:


• BitLocker checks the operating system for conditions indicating a
security risk, if a condition is detected:
• BitLocker enters recovery mode and keeps the system drive locked
• The user must enter the correct recovery password to continue

• The BitLocker recovery password is:


• A 48-digit password used to unlock a system in recovery mode
• Unique to a particular BitLocker encryption
• Can be stored in AD DS
• If stored in AD DS, search for it by using either the drive label or the
computer’s password
Scenarios where recovery is likely

• There are a number of situations where BitLocker


recovery might become necessary, including:
• Switching the computer's encrypted hard drive to
another computer.
• Making the BitLocker-encrypted drive subordinate to
another computer to recover its data.
• Turning the computer off during the encryption process.
• Updating the computer’s firmware.
• Changing the device boot order in the computer’s BIOS.
Data recovery agent support

• BitLocker for Windows 10 provides data recovery agent


support for all protected volumes. This provides users
with the ability to recover data from any BitLocker and
BitLocker To Go device when data is inaccessible. This
technology assists in the recovery of corporate data on a
portable drive using the key created by the enterprise.
• Data recovery agent support allows you to dictate that
all BitLocker-protected volumes (such as operating
system, fixed, and new portable volumes), are encrypted
with an appropriate data recovery agent. The data
recovery agent is a new key protector that is written to
each data volume so that authorized IT administrators
will always have access to BitLocker-protected volumes.
Practice: Encrypting a Partition by Using BitLocker

In this practice, you will:


• Configure required GPO settings
• Enable BitLocker
• Complete the process for configuring BitLocker
BitLocker To Go

• BitLocker To Go provides enhanced protection


against data theft and exposure by extending
BitLocker to removable storage devices
• When securing a removable drive, you can
choose to unlock the drive with either:
• A password
• A smart card
BitLocker To Go
• In Windows 10, users can encrypt their removable media by
opening File Explorer, right-clicking their removable media drive,
and clicking Turn On BitLocker. They must then choose a
method to unlock the drive. The unlock options include:
• Password: This is a combination of letters, symbols, and
numbers the user will enter to unlock the drive.
• Smart card: In most cases, a user’s organization issues the
smart card, and a user enters a smart card PIN to unlock the
drive.
After choosing the unlock method, users must print or save their
recovery key as well. You can store this 48-digit key in AD DS, so
that you can access it if another unlock method fails, such as
when users forget their passwords. Finally, users must confirm
their unlock selections to begin encryption.
BitLocker To Go
When you insert a BitLocker-protected removable media
drive into your computer, Windows will detect that the drive
is encrypted automatically, and then will prompt you to
unlock it.

• Note: If a user forgets the passphrase for the device, he or


she can use the I forgot my passphrase option from the
BitLocker Unlock Wizard to recover it. Clicking this option
displays a recovery password ID that the user supplies to
an administrator, who then uses the password ID to obtain
the device’s recovery password. This recovery password can
be stored in AD DS and recovered with the BitLocker
Recovery Password tool.
Lab B: Recovering BitLocker-Encrypted Drives

• Exercise 1: Recovering a BitLocker-Encrypted Drive


• Exercise 2: Creating a New BitLocker Password

Logon Information
Virtual machines: 10982B-LON-DC1
10982B-LON-CL1
User name: Adatum\Administrator
Password: Pa$$w0rd

Estimated Time: 45 minutes


Lab Scenario

A user contacts the help desk explaining that he


cannot start his computer. You identify the
problem as relating to BitLocker. You must visit the
user’s computer and attempt to recover the hard
drive so that the user can start his computer. After
recovery, you must provide new BitLocker keys
and passwords.
Lab Review

• What was your approach to the first scenario?


How did your approach differ from the class?
Module Review and Takeaways

• Review Questions