Do you run without windows recovery environment?
Posted by gardnerlabs@reddit | sysadmin | View on Reddit | 10 comments
Just curious on folks opinions of this.
We don’t deploy out the recovery environment and just rely on rebuilds/reimaging of workstations and servers if they go sideways.
Is this poor practice? I’ve always been on the side of if a system is acting naughty you just replace it, but not sure if I am missing something meaningful in doing this.
If it’s relevant, our workstations and servers are imaged via MECM. Some teams build manually because they prefer to have pets, so those likely have winre installed.
themanbow@reddit
Given the recently-discovered Yellow Key BitLocker vulnerability, some people may consider not having a WinRE partition on their deployments.
Onoitsu2@reddit
Yeah, no WinRE on the system, because you simply don't want an end user having that kind of access to the workstation. IT has to come in and boot from recovery media if Windows borks badly enough. All data should be on OneDrive/SharePoint folder syncing, if it does go belly up.
thezemo@reddit
If the os gets so bad it needs to be recovered we just swap hard drives with pre imaged ones. Then when staff log in they sign into one drive and all files are back. Not much actually installed software these days.
Pocket-Flapjack@reddit
I run without WinRE - same logic, if it breaks then rebuild.
Xibby@reddit
We’re all in on InTune and Autopilot. OneDrive backing up files. Users working outside of OneDirive redirected folders better be committing and pushing to Git or otherwise securing their data because that’s the company policy.
Complain all you want if you leave your laptop on the top of your car and it gets run over. You’ll get back what’s in OneDrive and what you can pull from Git.
Anything else falls under Wuityerbitchin.
wanderinggoat@reddit
The users learnt that restarting the machine fixes all problems so they keep doing it until the problem is fixed
Why yes they do want to repair windows...
missed_sla@reddit
WinRE isn't worth the time in the age of cloud sync and automated deployment. Nuke and pave all the way.
hkeycurrentuser@reddit
If problem solving takes longer than a few hours, then the end user is not productive and is wasting time. F12 build gets the user up and running. (Actually swap to other machine)
Offending unit is F12'd and goes back into use elsewhere.
You're not there to be the technical super hero. You're there to help the company be productive.
NoTime4YourBullshit@reddit
I used to just not bother with it. But then Microsoft fucked up a patch a couple of years ago (surprise, surprise) that would fail if the recovery partition wasn’t present. I don’t remember the details; only that we needed BitLocker keys for basically every workstation.
LeadingFamous@reddit
Most companies I’ve worked for disable it. Idk how it is now but in the past it’d fail more times than actually recover.