As a former CrowdStrike employee this is the best explanation I have heard and is 100% accurate.

While this is technically what crashed machines it isn't the worst part. CS Falcon has a way to control the staging of updates across your environment. businesses who don't want to go out of business have a N-1 or greater staging policy and only test systems get the latest updates immediately. My work for example has a test group at N staging, a small group of noncritical systems at N-1, and the rest of our computers at N-2. This broken update IGNORED our staging policies and went to ALL machine at the same time. CS informed us after our business was brought down that this is by design and some updates bypass policies. So in the end, CS caused untold millions of dollars in damages not just because they pushed a bad update, but because they pushed an update that ignored their customers' staging policies which would have prevented this type of widespread damage. Unbelievable.

The company I work at got bought by a bigger one. They required us to install Crowdstrike on all servers. We found a memory leak, that Crowdstrike still hasn't fixed after 6 months so I have refused to install it until then. I was on vacation when I saw all URGENT emails from other divisions. Thank you Crowdstrike for not fixing your memory leaks, it saved my vacation. =P

When I was in high school I had a teacher that had a way of explaining things to you that temporarily elevated you to a fraction of his level of understanding. Today I got to experience that again. Thank you Dave! 🤯

"Agile, ambitious and aggressive" the sarcasm with which this phase was uttered, wonderful.

I am a network systems engineer that had to deal with this for 14 hours that day. This was one of the most informative videos I have ever seen. You helped simplify Windows OS in 15 minutes in a way that hours of reading hasn't. Something about real world scenarios to tag the concept with in my memory really helps. Thanks!

for some reason dave's explanation was waaay easier to understand than every other video about this

Dear God! I’ve been out of the IT world for 15 years now, and I still understood his explanations. I’m VERY IMPRESSED by Dave’s clear and concise presentation and astounded by the fact that I remembered enough of this “stuff” to finish some of his sentences! Until today, I was convinced that a benevolent universe had purged all that out of my head to make room for important stuff (like cocktail recipes).

3 days ago no one outside of IT had ever heard of Crowdstrike. Now the entire world knows the name. Reputation destroyed in an instant.

I work in IT. Crowdstrike sales has been calling me trying to get us to switch to them. I don't think they'll be calling us for a bit.

I just learned more about system functions in 5 minutes then I would’ve imagined. What a clear breakdown on things.

What a great explanation! No bull crap. No conspiracy theories. No badmouthing. Just plain facts. Even me… who rarely uses a computer anymore understands, and follows Dave’s explanation and walks away a little more knowledgeable. Thanks Dave😊

The most funny thing is that CEO of Crowdstrike was a CTO at McAfee... during their worldwide faceplant.

Hi Dave, I’m also a retired Windows developer. It was fun listening to you talk about all those old system components that used to be part of our daily life experience. I was impressed that I remembered enough to understand what you were talking about! Thanks a lot for your explanation. I confess that I feel kind of angry at the CrowdStrike developers for taking such liberties with the kernel code. Seems kind of arrogant. No doubt someone thought they were being super clever by defining their code as something required to run when the kernel starts up. Imagine if the CrowdStrike developer had just arranged a meeting with a Windows kernel expert at Microsoft to discuss what they were planning to do. A whole lot of suffering could have been avoided.

This is by far the best explanation of the problem I have seen. Way better than any media outlet. Really great job Dave. Thanks for this

What I've learned so far is that every OS has a big boss and that big boss ensures everyone follows the rules and as soon as someone gets out of line the big boss shuts the party down before the looting begins. In all seriousness this is a great video. Subbed!

This ladies and gentleman is what an expert sounds like. 👍

"They have a bug they don't protect against" is the key line. CrowdStrike added kernel drivers, but did not make them robust enough. Kernel code, especially when running such complex functionality, should be able to take more abuse from user code without causing a BugCheck. Very disappointing. Great explanation!

I love that you get right to the point, you don't waste time on useless background, and go full speed ahead with just the information. Thank you!

Rarely do you encounter a technical subject presented in a manner that effortlessly transcends a wide range of listeners' understanding or experience levels. This video conveys core concepts in an easy-to-understand and memorable way. Dave achieves this without forced analogies or a condescending tone. I learned something today that I will retain. Thanks, Dave, for the great content! 💯

Love that while stuck at the airport Dave opened his MacBook. A fair amount of dry humor in this vid.

Just love it when the deeper technicalities are explained for the most of us to at least get a sense of the problem. No magic, just machinery

We are worried about getting p0wned so we install a kernel driver, mark it as critical, and then let a suplier with a history of screwups push updates to it whenever they like with no testing or controls. Good job. Good job.

Extremely well and clearly described, Dave. As a former kernel developer (at Tandem Computers), we didn't allow such back doors, but then we were being deployed as a 24x7 hardware/software fault-tolerant server system and did not have millions using our systems, developing third-party drivers (or attacking them). Yes. Multiple failures at Crowdstrike. Someone wrote that driver code without the requisite error checking, no one caught it in reviews/inspections (if they do that, and if they don't...don't even want to go there), no one in QA thought to test for it or ran the test, someone in the release chain submitted that file (or failed to substitute the correct one if the default is an all zeroes file), etc. I don't expect today's developers/QA to think like we did (what could be corrupted if the processor/driver/adapter/etc fails between this instruction and the next and how can I prevent that corruption). Too time consuming and non-agile. But...apparently no one considers the consequences of not doing so and the damage to customers and the company it causes, or the bean-counters dismiss it as too unlikely and worth the risk.

I appreciate your straight forward, no nonsense delivery that is organized in a logical and understandable format.

Crowdstrike - good name for a company which hit masses throughout the world with its product.

My professor would fail us if we didn’t write crazy number of code to test our data structures. NOW I can appreciate why he made us do it. ❤

being in IT for 30 years, your video is precise, easy to follow and on point. Well done.

As a predomainantly IBM Mainframe Sysprog (retired) I am heartened that I actually understood everything explained in this hugely informative explanation. Thank you!

This is THE BEST explanation of the Crowdstrike-related outage!! In fact, so many other videos are not even explanations but mere rehashing of 'what' went wrong, instead of 'how' & 'why' it went wrong...

Hi Dave, thanks for the explanation and bringing back some good old memories. I joined the Windows NT dev team in '93 and was at MSFT until 2011 so I'm sure we crossed paths. For all the talk about AI etc., kernel mode is still kernel mode, pointers are still pointers, and all drivers - I've written my share - should be developed with extreme care by people who understand that every line of code could cause a blue screen and heartache. "Move fast and break things" won't cut it.

I browsed KZbin trying to find a good explanation about the Crowstrike outage. I found this one to be the best... Thanking the author for such a great explanation. Excellent job

I'm a network engineer for a company that has about 3000 computers. Since running EDR from another company, I have never seen so many blue screens. I was against using any EDR and would be happy to keep using app locker, but our insurance company forced us into this junk software. My aversion to using software like this was what happens if the company gets hacked that makes the software and sends out ransom to everyone at once. I always referenced solar winds for being against this type of software.

I've been a professional software developer for 25 years, and I started out on my C64 when I was 8 years old, moved on to low level DOS 3d graphics programming and later into desktop business software and the web. Your explanations make perfect sense and I'm extremely impressed with the depth of your knowledge. I'll tip my virtual hat to you, sir.

Finally an "Air Crash Investigation" style explanation of what actually happened. I now understand WHAT, WHY and HOW. Thank you, Dave!

You're obviously a skilled and experienced technical powerhouse, but the writing style (sarcasm, wit, technical aptitude combination) and delivery make this more than just a "system dump" of data the viewer has to try and digest. Instead, we're treated to a bit of entertainment as we debug. Thank you for the package deal.

Could listen to Dave explain IT all day. A natural teacher!

This was incredibly precise and VERY easy to understand. Fortunately my employer doesn't use Crowdstrike so I got to sit back and watch some of my friends scramble. Thank you for putting this out.

Dave's wardrobe coordinator deserves a raise. We'll played. 👏

Our engineer dodged this one by not signing up for CS and keeping Sophos. CS charges about $30k extra for content filtering, which Sophos includes. We have computers all over the world so this would have hit us hard not being able to get to all those remote users and sites.

As a .NET developer whose work does not involve much around system functions, but higher level abstractions. I appreciate this breakdown of what's happening at the lower levels. Very clear and concise.

HI Dave, I've taught operating systems for a long time at university level, so I know exactly what you're talking about. Your explanation here is excellent, short, clear and to the point, not even a little stumble or hesitation. Congrats, it was a pleasure to watch the video. I'm impressed. As a comment, I can't understand why they don't seem to have a robust test environment where they can test these updates to the hilt, the corrupted file is _also_ part of the software.

If we don't sugar coat it, it's a kernel-level remote backdoor running unsigned code. You can't make it any worse. CrowdStrike is not the only one. Ubuntu live patch at least betatests patches on free users first. Then we have Intel ME. WiFi cards running unaudited binary blobs (which is why you often can't boot from it). You are not in control and this will repeat.

Thanks Dave, found myself to be on the spectrum just a few years ago, at 53. Changed everything! Thanks for your extremely lucid, helpful and complete lessons on this channel! 🙏🏻

From 40 years in the SW business as programmer, tech doc, project facilitator, I say: you make this difficult stuff understandable and digestible for everybody. Nice job! Thanks!

Old school BSOD t-shirt is awesome!

"It's a fair bet that update 291 will never be needed or used again" Dave you're a legend 😂🤣

WIth 47 years in Systems Administration and Systems Programming, in Windows, Unix/Linux, and embedded systems, I've seen a lot of things go awry over this period of time, but this Crowdstrike Falcon situation was one of the most scary from the standpoint of having such a huge impact on IT services across the planet. Your description of the situation was perfect...technically spot-on, but also explained in such a way that it was understandable by just about anyone with any concept of the need to control access to device drivers, memory managers, and resource schedulers through kernel services. Very skillfully crafted, as well as calmly stated and with a subtle injection of humor that made it very engaging to listen to through the end...even for a crusty old IT guy like myself. It all goes back to the early days of computers that had "Priviliged Mode" and "User Mode" to enable multi-tasking (so that multiple user-mode programs couldn't step on each other or the operating system) and timesharing (creating virtual environments for multiple users that isolate them from the hardware). Even my old PDP 8/e system has a "Timeshare and Memory Expansion" board in it that adds "User Mode" that traps the execution of certain instructions (HALT, for example, as well as JMP, JSR(Jump to Subroutine), IOT (I/O Transfer) instructions, and of course, the instructions that change between user-mode and privileged mode). When such instructions are encountered when in User Mode, the instruction is not executed, and an interrupt is triggered, which turns on Privileged Mode, and vectors to a interrupt service routine that emulates the execution of the instruction(s) that triggered the interrupt, then sets the mode back to User Mode, and returns to the user program. It has a consequence of slowing down the system a bit, as the CPU has to emulate the instruction(s) that triggered the trap( for example, an instruction that checks the status of a Serial I/O board to see if a character is ready to be transferred), but it was worth it because of the ability to isolate user programs from the hardware. That's early 1970's computing technology. Even then, there were folks that figured out how to trick the system to be able to subvert the protections and crash the primitive multi-user timeshared systems that ran on the PDP 8/e (TSS/8). Such features existed in various forms in computers long before the PDP 8/e came out, dating back to the 1950's. Just change the names from "Privileged Mode" to Ring 0, and "User Mode" to Ring 1, and the concepts are much the same. It's a bit more complicated today, with all the stuff like multiple CPUs, look-ahead, caching, user and kernel memory spaces, and speculative execution, but distilled down to the base functionality, very similar. Crowdstrike is a widely-deployed solution, as it instantly became clear with outages in a huge number of systems that directly affected the public. The place I work for uses it, and we had a number of servers BSOD as a result of the update. The fix was simple as you described, except that a few had Bitlocker set up, which added an additional layer of complexity, but fortunately, the keys were all printed, and locked up the ubiquitous very beefy and heavily fire-rated IT Department safe. It caused some downtime of a number of applications, and certainly hassles for IT to get things back up and running as quickly as possible, but it was caught very quickly and the agents shut down on other machines before it could spread across all of the servers and end-user systems. The worry I have about all of this is that bad actors will inevitably go after the Crowdstrike kernel driver with Ghidra and other such tools and will figure out the instruction set of the p-Code interpreter, as well as finding ways to trick any security/validation wrappers put around p-Code submissions to validate them, and thusly could write their own p-Code routines to wreak havoc on systems that use Crowdstrike. Depending on what kinds of operations that the p-Code engine can perform, the consequences of someone putting together a user-mode program that loads a malicious p-Code program into the engine that causes irreparable damage would make the incident that occurred look tame in comparison. To me this says that Crowdstrike had better get cracking on A) fixing their release chain so faulty updates have much less chance (e.g., very closely approaching zero) of slipping through; B) seriously harden the methodology by which updates are validated to make forging any kind of update extraordinarily difficult, and C) completely revamping the p-Code instruction set such that any "old" p-Code routines fed to it will be trapped, as well as substantially hardening the p-Code's execution validation methodologies (e.g., making sure that the p-Code isn't trying to do something that could lead to system instability or kernel panic). If they don't do all of these things quickly I suspect a lot of customers are going to flee to other platforms out of knee-jerk reaction, which is rather sad, and won't necessarily eliminate the risks, as just about every behavioral detection engine must run in kernel mode, making such solutions potentially vulnerable. Crowdstrike's methodology is overall quite sound, and their methods of detection and analysis of emergent threats is very effective. Their "front-end" is pretty amazing, and has discovered quite a number of emergent threats and pushed out emergency updates that prevented our machines from being compromised. Perhaps engineering got so wrapped up in the threat identification and analysis aspect of Crowdstrike that the computer agent didn't get as much continuous attention that it should have received. Having a p-Code module of all zeroes cause a kernel panic just screams of problems in the p-Code interpreter. No matter what the situation is that allowed this serious problem to occur, it is yet another example of how a borked (I use this word frequently, nice to hear someone else use it!) update (either accidental or supply-chain induced as with Solar Winds) can have massive consequences. It just goes to show just how our world-wide computing infrastructure is perhaps a bit more tenuous than one might believe, and can suffer major difficulties as a result of something innocuous, or worse, maliciously crafted. The scary part is that there are lots of independent and state-sponsored actors out there that will spend lots of money and enormous amounts of distributed time and talent to come up with a way to cause such a situation to occur with who-knows-what piece of software (I'm not necessarily saying Crowdstrike...it could be anything) that could have even worse ramifications than this Crowdstrike incident. That day will inevitably come, and when it does, I sure hope I am retired from working in IT, as it will be a very, very unpleasant time for the world at large, and even worse for anyone who is working in systems administration. Thank you, Dave, for your great channel. Even this jaded old systems guy who has been around the block way too many times learns something and frequently gets a good chuckle from your subtly-injected humor. God Bless.

People like Dave make KZbin actually useful, love it please keep these videos coming

As someone who has dozens of windows kernel drivers in the field. I can totally understand how this happened and it's not forgivable.

Dave, as a layperson I really appreciated your video. While I did not understand all the language, I found your explanation thorough and informative. I now have a better understanding of why the Crowdstrike crash was so disruptive. Thank you.

well, sometimes people get confy and forgets that "with great power comes great responsability", thanks for the video Dave

You crack me up, Dave. 😂 The blue screen of death shirt, the offhand reference to using a MacBook (at 0:40) to investigate. Brilliant. Of course it wouldn't be the same without your skill and technical insight to follow up with. I always enjoy your hearing your perspective and learning from your expertise. Keep up the good work.

Dave - this was an insanely clear, concise, and thorough explanation, which is only possible in part to your depth of experience (and in part to your eloquence, wit and dry humor, which I relate to). Thank you!

Unless there was an active zero day in the wild, and a dangerous one, this should not have gone live without test time at each location on test systems designed to act similar to live systems. To fast track this (especially on a Friday) without a significant and imminent threat is in my opinion reckless.

I haven't heard talk like this in almost 40 years! Thanks for the memories! 😁

I dont know much about IT and programming but man.. your explanation was perfect for a novice like me. Thank you Dave. Also as a deaf person i am thankful that you spoke in calm and clear sentences because that helped the subtitles to work nearly perfectly so thank you again.

I am really amazed how you can have the ability to explain such deep subject in such a clear way. First time I've encounter this channel and I am now subscribed to it. Really good work!!

What an educational pleasure listening to an expert explain a technical matter in such an understandable way.

I loved the way how you balanced the need for CrowdStrike to ship the updates swiftly by circumventing the WHQL and underscoring the importance of rigorous testing to ensure the delivered updates doesn’t compromise the integrity and stability of the underlying operating system and kernel. “With great power comes great responsibility” - Software that lives in ring 0 aka kernel mode should deal the changes in a sensitive way to prevent such instances in future. Thank you so much for the great video, as always I’m little late to the party, KZbin algorithm recommended me this video after 2months of it’s release, I wish I would have watched this video in July’24.😅😊

I've been waiting for a decent explanation of this issue. Duly provided by Dave. Thank you, Sir.

Booting into safe-mose works great if you don't have BitLocker full disk encryption activated like most enterprises. If you didn't print out a hardcopy of the key to enter when you try to boot into safe-mode and your AD servers were also impacted, you better hope you have accessible backups of that data or a lot of information is going to be lost.

A little over 10 years ago I was working on a project in the corporate offices of a major bank trying to upgrade from Windows XP to Windows 7 when the geniuses in charge of software deployment decided to force an uninstall of a password vault that tied into the Windows login. The problem was the uninstall process required a reboot and connection to the network for the new software to install. RIP the over 30% of workers that were working from home. I figured out pretty quickly how to fix the problem by using Safe Mode with the Command Prompt to edit the registry but then the geniuses in charge of IT security decided to disable Safe Mode on every system. The ineptitude of that place was astounding.

the clarity you bring to your subjects is beyond impressive!

Aren't you the guy that created the task manager?! It's amazing that you chose to use your time to create quality informative content. I'm subscribing immediately!

accurate summary. the source of the zeroed file is either a crash during writeout during the build process (full disk/stopped vm scenario likely) or a cdn corruption. both would have been caught by the inclusion of a checksum/manifest pair to validate the payloads were intact. the moment the driver decided to bypass certification and dynamically include contents to speed up the process they should have known they needed to supplant it with a checksum manifest but chose not to for unknown reasons. this is sadly a VERY common outcome in cdn mapped content due a variety of corruption vectors and the trust modern software has in network integrity is rather poorly misplaced. always verify your content is intact regardless of how small/large

Ironically I was also worked at a company hit by NoPetya and other attacks that actually used drivers to destroy the boot loader and attempt to encrypt the data drives (while technically masking searching for financial data). Crowdstrike in their early days swooped in and I spent days on the ground with their Senior engineers taking apart the malware and hacking together methods to recover it. Now almost a decade later I work at Microsoft and Crowdstrike does a driver based corruption of the boot process, and I spent Friday and Saturday identifying, tracing, and fixing that aftermath.

It's crazy the press is calling it a "Microsoft outage". I run networks of WIndows servers and workstations and none of them had any problem. We don't use crowdstrike and none of us ever heard of it until last week.

I've read a bunch of stuff about this issue over the last few days and this video is, by far, the best and most understandable explanation of exactly what happened.

As someone with a computer science major and worked on software design, your definitions of kernel and user modes and how they were different and how they work were great... Better than my professors i had in college...

Thank you for the technical dive. Nobody else seemed to really offer the reason, outside of "bad update".

Dave’s explanation of the CrowdStrike IT outage was highly informative. By focusing on the role of the kernel mode driver, he sheds light on the depth and complexity of the issue. This serves as a crucial reminder of the importance of every component in our security infrastructure and the significant consequences when things fail.

Dave - this was brilliant. Simple - direct, easy to understand, and your outlining of the solution was amazing. Well done. Good job. Thanks. It just shows that our media (newspapers, TV, online commentators), do not really communicate, and their focus is more of sensationalist news - anything that sells their channell. You have done the most amazing job of succinctly explaining exactly what went wrong and how to fix it. Your explanation is so brilliant, you deserve an award of some kind, for such excellent communication, and understanding. You should be on TV, you are much better than the people who talk about tech on TV, you actually know what you are talking about, and know it very very well. Thank you.

CrowdStrike seems a perfect vehicle for State actor to gain back door access with or without MS knowledge.

In the military, we had similar issues with colonel panics.

I grew up with computers, I basically learned how to read on MS-DOS back in the Windows 3.1 era. So when I found your channel I had to subscribe because learning about Windows and everything makes me so happy. I know this have absolutely no relationship to your video, I just wanted to share and tell you a "thank you" for making this channel and taking your time to explain stuff.

As an Amiga user, I was very happy to watch this guru meditation.

Funny how defence against potential distributed threats created a single point of failure across such heterogenic deployment

Retired worked in the IT Field for 25 years. Wanted to know what really happened in detail with CrowdStrike ??? Very Good Technical information . Thank You.

Great explanation Dave. I'm retired as well and spent the majority of my career developing microprocessors at Motorola and AMD. I would bet at this point that CrowdStrike has at least 4 lawyers for every engineer looking into this with another group of spin doctors looking at how to disclose what happened. It's not a business to be in if you have a weak stomach.

I'm not even a programmer, but between you and Steve Gibson, I feel like an engineer. This is by far the most clear and in-depth explanation of what happened (based on the current knowledge) that I have heard. Thank you!

It has been a decade since I did development at this level. I have no idea if I will ever return to the field. Why am I mesmerized into keep watching this video? Dave, I think you offered a clearer presentation than any of my university CS professors.

Not sure if editing or not but you speak w/o hesitation and look at the camera always . That gives me confidence you are worthy of a subscription.

I made BSoD T-shirts back in the day (mid 90's) and wore one to COMDEX LV one year. The front had a small pocket logo "BSoD The OS of Choice." and the back was a graphics driver BSoD in the classic hex dump version. It went over not so well visiting the Microsoft booth...but it seemed everyone else liked it. I still have a handful of them left over and periodically wear them when working on my cars.

I've been a heavy PC user forever and started with MS-DOS and IBM-DOS in 1985, 8086 etc. I've never written a line of code beyond a complicated batch file. Yet I actually followed you thru your entire presentation. I'm not that smart. You are that good.

This explanation makes sense, and seems knowledgeable. I've been a systems programmer for 46 years, and I've done kernel programming on various operating systems, including windows.

Excellent explanation and overview of kernel mode and rings 0 and 1. I am retired also. I was a C/C++ UNIX/Linux and some Windows programmer. It is refreshing to hear someone who worked on the bleeding edge and knows his stuff explain this problem so completely well. Thanks Dave!

"Borked" I have not heard that term in a LONG time. Thank you

Crowdstrike: Run our software and we guarantee no one will access your system.

I had figured it was a kernel level driver error, just didn't realize how the definition updates go through. We're really trusting AV and Cybersecurity companies to not muck this up like Crowdstrike did!

I must admit I couldn't understand most of the terms... but no doubt you Sir must definitely have a LOT of experience! Please keep educating people with your videos. Even if some of us are tottaly beginners it's inspiring

the level of misinformation about windows in the past days is appalling, thanks for stepping in to bring more clarity into the matter :)

Wow, nice, thanks. As a developer for IBM starting way back in PC DOS 1.0, I understood everything you presented and appreciate your time in explaining not only what happened but how to fix it.

This is one of my favorite tech channels on KZbin. Excellent work, as always.

I've been building/repairing/tweaking PC and Mac hardware since 1997, and your flavor or style of explaining is right on for me. I know so little when it comes right down to it, and I admire your expertise. I'd like to pledge a bit of my mindspace to learning and disseminating any knowledge you'd like to share by subscribing to this channel and watching as often as I can. Thank you, for helping to never waste a day - and keep on keeping on!

The really crazy part (to me) is that the CrowdStrike Falcon sensor driver happily accepted the all zeros file as valid! This means it does no validation at all of this file which means malware can use it to jump from "runs as user, very limited access" to "full kernel access, GAME OVER" - kind of ironic given that is an EDR. Yes, the "driver" should obviously check all data as Dave mentions because mistakes can always happen but in this specifica case it should have trivially been rejected, this is just insane and lazy. At an absolute minimum the driver needs to use cryptographic secure algorithm to check all files beore using them, the failure to do so is massive hole and warrants a pretty high CVE/CVSS bug-entry. So we have both a sloppy and unsafe "driver" plus "oops, we managed to push a file with all zeros".

"It crashes, because it has to" - I feel that the Matrix would have been more complete had they worked this line into the story. Preferably spoken by Morpheus or maybe even Cypher in a serious, deliberate, and credible manner. There's so much to unpack with this line...

You made that look simple. I've seen people scrambling to fix and talk as if they are piloting the star trek enterprise. This is straight to the point.

This was quite the fun and profitable time for IT field techs. From the time it happened through the weekend and Monday, there was enough business that I could stay busy all day and all night through that time. I turned down more business than I accepted. There are still businesses that have yet to address this on all their machines and the fact is, it is incredibly easy to fix. Some businesses that used network drives had to do a couple extra steps like running diskpart then list vol to see which drive would be the correct drive but even with that, it was only a few minutes per device to fix.

if only my college professors taught in this easy going and comfortable way, I would have become a better CS graduate who still had a job! Thanks Dave, you are a gem!