Skip to main content
Matrix42 Self-Service Help Center

Performing emergency recovery

Performing emergency recovery

This section details the emergency recovery process. Emergency recovery may be needed in one of the following situations:

Situation Solution
Remote recovery: You have forgotten your password or lost/misplaced your smart card. In this case you can recover the system via either the Helpdesk option (for details, see Helpdesk) or the recovery CD or USB stick (for details, see Recovery via CD or USB stick).
On-site: The boot code/pre-boot system is damaged/cannot boot to Windows after the system has been reinstalled On-site: The boot code/pre-boot system is damaged/cannot boot to Windows after the system has been reinstalled

The prerequisite for on-site emergency recovery is a valid ERI file! If you have not created one to a secure location (i.e. USB stick or CD) then this section is useless to you – your data is LOST!

For details about generating an ERI file, see Creating an ERI file.

Recovery via the Help Desk option

HelpDesk scenarios

The PBA component has built-in functionality to help you start the computer in the following emergency scenarios:

  • Defective smart card readers, lost/forgotten/broken smart cards (via PBA HelpDesk). PBA HelpDesk will help you start the system a predefined number of times without a smartcard or a smart card reader (after successful authentication via the HelpDesk). For details, see Scenario 1.
  • Forgotten Windows credentials (via PBA HelpDesk). PBA HelpDesk will help you start the system a predefined number of times without a smart card or a smart card reader (after successful authentication via the HelpDesk). For details, see Scenario 1.
  • Forgotten/blocked smart card PIN (cards issued via Third-Party). For details, see Scenario 2.
  • For smart Card PIN change refer to Change PIN of your Smart Card.

Challenge and response

The methodology behind the PBA HelpDesk is called ‘challenge and response’ - the user must relay a ‘challenge sequence’ to a HelpDesk administrator and in return receives a “response sequence” that authorizes PBA to set a specific recovery procedure in motion.

This process offers you the following:

  • A more secure challenge–response process than in previous versions while still being 50% shorter. This is known as ‘Strong’ in the PBA admin GUI.
  • A very short challenge–response process that offers a compromise between speed and security. This is known as ‘Comfort’ in the PBA admin GUI.
  • Compatibility to HelpDesk keys generated in previous generations of the HelpDesk application.

The HelpDesk feature only applies if the following criteria are met:

  • You have access to this form of remote assistance.
  • The HelpDesk application has been installed, HelpDesk keys have been exported from it, and these keys have been correctly imported into PBA either during or after installation.
  • The following procedure only describes the process as seen by the user. For further information about the HelpDesk application what both sides of the challenge–response process involves, refer to the Matrix42 Console Manual, description “Using Helpdesk”.

Scenario 1: Misplaced/lost/stolen smart card reader/smart card – forgotten/compromised User ID-password (disable PBA)

This section will guide you through the HelpDesk procedure to be used if you have problems with the smart card reader, mislaid or lost your smart card, or have forgotten your user ID/password. Both you and the HelpDesk administrator share one or more secrets for the purpose of identification. As to how the secret is administrated and stored is up to the parties involved and is not part of this guide or the Matrix42 Full Disk Encryption product. If you use smart card authentication, after this process is implemented, the computer will be able to boot without a smart card – but only a limited number of times. This means that the system security status is set to ‘transparent encryption’. This is a much weaker security status! Re-implement smart card authentication as soon as possible. Follow these steps to help you through the HelpDesk process:

  • Click the Helpdesk button (or press the Alt+H keys) in the PBA logon dialog for remote assistance:

clipboard_e20472fa3b66cb43e9cf0f6ef045dedf5.png

  • The following dialog appears:

clipboard_ee2bbd3f8dd38e4683d63e0813ff5b623.png

  • Select Deactivate pre-boot authentication.
  • If Deactivate pre-boot authentication is not active (greyed-out) then you have not imported HelpDesk keys into PBA. Helpdesk keys cannot be imported into PBA while Matrix42 Full Disk Encryption is in this state. Either you have to wait until smart card authentication can take place or use an ERD to bypass PBA (see Emergency recovery via boot CD or USB stick for details).
  • Click Next.
  • The HelpDesk contact details dialog appears:

clipboard_eb788dbd0d3bec922c8b9dcc8af31a6f0.png

  • Contact the HelpDesk using the information provided in the dialog. Identify and authenticate yourself to the HelpDesk administrator. After successful authentication, click Next.
  • The Request ID dialog appears:

clipboard_e09532c55028f5c3fcd8c4f59b020ee8e.png

  • Relay the Request ID sequence (fields a & b) to the HelpDesk administrator.
  • Once the sequence has been relayed to the HelpDesk, click Next.

The Request ID has a specific sequence to it. Should the user relay the sequence incorrectly to the HelpDesk administrator, or the HelpDesk administrator enter the sequence incorrectly in the HelpDesk application on their side, the computer will ‘beep’, alerting the user and the HelpDesk administrator that the sequence must be clarified. The cause of an incorrect entry usually applies to the characters entered into each field. The letters B, D, O, Y have been removed from the challenge–response process because they can be confused with another letter or number. If one of these characters is entered the computer will beep.

  • Read and relay the request ID carefully! For example, a ‘1’ can look like an ‘I’.
  • The Challenge sequence dialog appears:

clipboard_eb17803799fe2ad97453c41b279cf5deb.png

  • Relay the Challenge sequence (fields a & b) to the HelpDesk administrator and then click Next.

The Challenge sequence has a specific sequence to it. If you relay the sequence incorrectly, the HelpDesk administrator will ask you to clarify the sequence (as stated above). Once the sequence has been successfully relayed to the HelpDesk, the HelpDesk administrator may query you as to when, if possible, you can next authenticate yourself via the smart card and will set the number of reboots (without a smart card – transparent mode) accordingly.

  • The Response sequence dialog appears.
  • The HelpDesk administrator will relay the response sequence to you field-by-field (a to n).

clipboard_e1052e86be18254db2e937f201552b9ea.png

  • Enter the sequence carefully. Once the sequence is entered click Finish to complete the process. You are now able to start the computer and bypass PBA for a limited number of reboots.
  • If you cannot authenticate within the reboot limit set by the HelpDesk, then the HelpDesk process must be repeated.

Scenario 2: Forgotten/compromised/blocked smart card PIN (PIN reset with PUK)

This section will guide you through the HelpDesk procedure to be used if you have forgotten or lost your smartcard, or if the smart card PIN has been blocked. It is possible to reset the smart card PIN only if the following conditions have been met:

  •  The smart card issued by third-party.
  • PUK to reset the PIN.

Follow these steps in the PBA logon dialog:

  • Click the Helpdesk button (or press the Alt+H keys) in the PBA logon dialog for remote assistance:

clipboard_e682dddb406bd61d720415f85f07e7839.png

  • The following dialog appears:

clipboard_ebd38471b9cd21d81d4abae04297c25f1.png

  • Select Reset PIN of your smart card (you have PUK) and click Next.
  • The PUK detail dialog appears:

clipboard_e0d24f6c3097c0f2152863fdd83955d00.png

  • 1Enter the PUK.
  • Enter the New PIN and confirm it.
  • Click OK.

Change PIN of your Smart Card

This section will guide you to change smart card pin in PBA dialog. Follow these steps in the PBA logon dialog:

  • Click the Helpdesk button (or press the Alt+H keys) in the PBA logon dialog for remote assistance:

clipboard_e253013ee9adb789b331781bf6b276336.png

  • The following dialog appears:

clipboard_e98a7d35d41ff28edb0667408d926d437.png

  • Select Change PIN of your smartcard and click Next.
  • The PIN detail dialog appears:

clipboard_e4371d6df27fc775e5f29023791ff7e5d.png

  • Enter the PIN.
  • Enter the New PIN and confirm it.
  • Click OK.

Emergency recovery via boot CD or USB stick

In an emergency in which the computer will not start properly, or the PBA is damaged, you can access the hard disk using a customized boot media that contains the emergency recovery application. This is referred to as the ERD.

There are two types of emergency recovery application supplied with Matrix42 Full Disk Encryption:

  • pe_erd_w32.exe – This is a GUI-based recovery application. This is the recommended application as it provides a full feature set for the administrator.
  • pe_erd_console.exe – This is a command line-based recovery application created to provide only certain functions for scripted, remote recovery.

The emergency recovery console (command line)

The command line console has been developed to help administrators perform basic, scripted recovery tasks from within the WinPE environment.

Parameter Details

eripath

The path of ERI file. Note: If the ERI path contains spaces, it must be enclosed in quotation marks.

Eripwd

The ERI file password. Note: If the ERI password contains spaces, it must be enclosed in quotation marks.

partition

The partition to be decrypted.

/H

Display information in the command prompt about each parameter listed here.

/L

Load keys to memory for all encrypted partitions.

/injectkey

Inject the encryption keys from an ERI file. An automatic comparison takes place to add only the keys of any partition that has been encrypted by a previous FDE installation but is unavailable in the new one.

/tpmoff

Deactivate TPM protection.

/tpmon

Configure activation of TPM protection for next boot.

/tpmrebind

Deactivate TPM protection and configure reactivation for next boot.

  • To decrypt a specific partition, use:
pe_erd_console.exe  eripath=f:\fde.eri  eripwd=12345678 partition=d
pe_erd_console.exe  eripath=f:\fde.eri  eripwd=12345678 /L
  • The command prompt will return if the partition is decrypted successfully.
  • If unsuccessful an error will appear followed by the help information in the command prompt.
  • To inject the encryption keys in the ERI file (to re-enable the partitions encrypted by a previous FDE installation), use:
pe_erd_console.exe eripath=A:\fde.eri eripwd=12345678 /injectkey
  • Start the emergency recovery application (GUI). 
  • If you have stored your ERI file(s) on removable storage media (i.e. USB stick), then insert the media into the computer before starting from the ERD.
  • The first step in performing an emergency recovery with the ERD, is to open the recovery application:
  • Insert the ERD into the CD/DVD drive, start the computer, and allow the computer to boot from the CD. The ERD interface will of course, differ according to which ERD you are using: the WinPE CD only has a command line interface.
  • The Matrix42 Recovery application should start automatically, but if not, use the command prompt to navigate to the directory: X:\Program Files\FDE\
  • Enter pe_erd_w32.exe <press Enter>. Go to step 4.
  • If the computer does not boot from the CD, then it is likely that the device is not set as the primary boot device in the BIOS. If so, change the BIOS settings accordingly, or possibly start the computer from a ‘one-time boot menu’.
  • Open the menu entry Go>Programs> Matrix42 ERD (ENG).
  • The emergency recovery application will start by scanning the Matrix42 Full Disk Encryption configuration on the computer:

clipboard_e29c348a689b2bf9d77d91c94510ccc5d.png

  • The application gathers information about the hard disk as well as information about the PBA and FDE components. The scan may last for a minute so please be patient.
  • Once the scan is complete, the main window appears:

clipboard_e32572c05500ce49196db2e4855916429.png

The main window enables you to select and perform the operations necessary for recovery. This window has the following functionality:

  • Menu commands: The heart of the recovery application. See Menu commands for details.
  • Workbench:  This area allows you to choose a topic/node in the left-hand pane to display the information about that node in the right-hand pane. It is possible to right-click each node and select a command specific to that node from the context sensitive menu However, the Workbench area is used mainly to display information specific to a node in the right-hand pane. For further details about each node, refer to the end of this section. For details about the workbench nodes visible for standard hard disks, see Workbench for standard hard disks.

Before proceeding with any recovery task you must first authenticate yourself via one of the following methods:

  • Load the ERI file. For details, see Load ERI.
  • Enter the encryption keys manually (software FDE). For details, refer to Enter the encryption key manually.
  • The following commands are the heart of the recovery application.
Menu command Details

File

 Open ERI file
This option opens an explorer window to locate and load the ERI (.eri) file.

Load ERI file from cache
This option loads the cached, and encrypted, ERI (.eri) information directly from the hard disk.

End
Exit the application.

Partition

Repair VBR
This option restores a damaged VBR sector of a partition using one of the methods: Generate new VBR (creates a new VBR sector using a template) or Use VBR backup (uses a backup of a VBR sector from the same partition).

Decrypt drive
This option decrypts the drive selected in the left-hand pane of the window. Refer to Decrypt a drive for details.

InputKey
This option allows you to input keys manually.

Key Injection
Inject the encryption keys from an ERI file, the automatic comparison takes place to add only the keys of the any partition that has been encrypted by a previous FDE installation but is unavailable in the new one. See Enter the encryption key from ERI file for details. 

BootChain

Repair UEFI (only for UEFI systems)
This option changes the boot order so that the Secure Boot Manager becomes the first one in the list of loaders.   

Repair MBR (only for BIOS systems)
This option allows you to repair the Master Boot Record. See Repair MBR for details.

Restore original MBR (only for BIOS systems)
This option is available only after successful ERI authentication. This option searches for backed-up MBR file and once found it will extract the MBR and overwrite the Matrix42 MBR with the ‘old’ one. Refer to Restore original MBR for details.

Set Active Partition
This option allows you to set the active partition. For details, see Set active partition.

Disable PBA load check
This option disables the security measure, which checks whether the Secure Boot Manager loaded the system (if the system was loaded by any other loader, BSOD occurs). If the system disk is encrypted decrypt it before disabling PBA load check. (To decrypt, load ERI file, select the system disk from the list and click Partition > Decrypt drive).

Administration

Set admin-password
This option allows you to set the Control Center administration password. For details, see Set the administration password.

Collect log files
This option allows to collect the log files of the recovery application. The WinPE log files are necessary for the support to investigate issues with a recovery process.

TPM

Activate
Activate TPM functionality in Matrix42 Full Disk Encryption. A restart is necessary to complete this function.

Deactivate
Deactivate TPM functionality in Matrix42 Full Disk Encryption.

Rebind
This deactivates and re-activates the TPM in one command.

For details about TPM usage, see Chapter 3 ‘Trusted Platform Module’.

Help

About
This displays version and copyright information.

Workbench for standard hard disks

Each node in the left-hand pane has a self-explanatory label. When selected, the details about that node are displayed in the right-hand pane:

  • Logical drives

clipboard_e095d73b055a3000b935304e95ba46218.png

The Logical Drive node displays the internal partitions/hard disks on the computer. The hard disk/partition icon can change according to the hard disk state:

Icon Meaning
clipboard_e6322ebf6c825edd82aa00e6816ff39cd.png Partition is encrypted and the disk encryption key (DEK) is available.
clipboard_e8453368cd9cf5e48490c909e57c0008c.png Partition is encrypted but the disk encryption key (DEK) is not available.
clipboard_ec040d388b727c6d3cf7b7d75afbb9231.png Hard disk is currently unlocked.
clipboard_ee19cc7d037781744cb8f279564cbf829.png The hard disk has a problem or is in an undefined state. This icon appears if the Matrix42 Full Disk Encryption is not yet installed.

The following information is displayed when a partition/hard disk is selected:

Attribute Values

Partitionsize

The size of the selected partition.

Filesystem

The format of the selected partition.

Volume Label

The name of the partition (if any).

Physical Drive

The index of the physical hard disk. The primary hard disk is indicated by the value 0. Any other value indicates a secondary hard disk.

Startsector

The sector on the hard disk that is first used to store data.

Number of Sectors

The total number of sectors on the selected partition.

Partitiontype

The file system used in the partition. 07h means NTFS, 95 is our own proprietary partition, and 0E is FAT32.

Stalled Sector

The sector on the hard disk that is last used to store data.

Algorithm

The algorithm is used to encrypt the partition. An algorithm will only be recognized if the partition was encrypted using Matrix42 Full Disk Encryption.

Flags

This is a bitmap that indicates if the drive is encrypted, partly encrypted or plain (last bit is set) and how it is encrypted.

For instance, 601 means the drive is CBC encrypted.

Encrypted

0= partition is not encrypted

1= partition is encrypted

  • Security Boot Manager

This node displays the following boot manager information:

Attribute Values

FDE-Partition                            

This entry is visible twice in the list. The first entry states whether an FDE partition is available, the second if it is active (i.e. encrypted).

KEK-Information

This entry indicates if the structure where the keys are stored exists.

FDE Bootstrap

This entry indicates if the section where the FDE boot code is stored exists.

PBA Bootstrap

This entry indicates if the boot sector of the 95 Partition (Linux boot loader) exists.

PBA loader

This entry indicates if the 16-bit code is executed after the Linux PBA was finished.

Real-Mode-PBA

This entry indicates if the bootcode that starts Windows exists.

16Bit-Algorithms

This entry indicates if the 16-bitimplementation of the encryption algorithms exists.

  • Security Boot System PBA

This node displays the following PBA component information:

Attribute Values
Security Boot System PBA A short message to inform whether the PBA components are installed.
  • ERD State

clipboard_ec6ad9b314c289662467862e1ea11e3a6.png

This node displays information about the encryption algorithms loaded into the environment as well as if an ERI file has been successfully loaded into the emergency recovery application. The following information is available:

Attribute Values

NBFDENC.sys

This entry indicates if the 32-Bit encryption driver for full-disk encryption exists.

AES.sys, Blowfish.sys, DESX.sys, DES.sys

These entries state whether each of the encryption components has been loaded by the emergency recovery application.

ERI File

This entry states whether the ERI file has been loaded into the emergency recovery application.

Load ERI

Once the application is started, the next task you must perform is to load the ERI file into the emergency recovery application. The ERI file can be loaded from computer or emergency recovery information (ERI) can be loaded from cache.

Without loading an ERI file, none of the recovery functions are active.

Loading ERI file from computer

clipboard_e5202ac65797c30c6273f889f4a17852b.png

  • The file explorer should automatically open the directory in which the relevant ERI file(s) are stored – providing that the creation of the ERD was performed according to Creating a WinPE emergency recovery boot CD or USB flash drive. If not, then use the following path: <ERD>\Programs\FIS\ERI\
  • Select the correct ERI file and click Open. If you have stored the ERI file(s) on removable storage media (i.e. USB stick), then locate them there.
  • If you protected the ERI file with a password during its creation, then you would now be prompted to enter the password.
  • Once the password is entered, click OK.
  • If the password is valid, the ERI file is loaded into the emergency recovery application.
  • The main window reappears, confirming that the ERI file has been loaded:

clipboard_e951ea50fa6e6aec844c088a1aecb792a.png

Loading ERI from cache

ERI can be loaded from cache if the Cache emergency recovery information on disk option was checked before disk encryption. ERI file password is required.

  • Start the emergency recovery CD as stated in Start the emergency recovery application (GUI).
  • Select the menu command File | Load ERI from Cache.
  • The Enter ERI Password dialog appears.
  • Enter the password defined for the ERI file.
  • Only the English keyboard layout is supported.
  • Click OK.
Further tasks

Now that the ERI file is loaded you can continue to repair/recover the computer using the following methods:

Entering the encryption key manually

If there is no ERI file available for the damaged computer, you have the option to enter the encryption keys manually. The keys used to encrypt each partition of the hard disk must be entered before you can use the emergency recovery application to decrypt any drive. Follow these steps to enter the encryption key(s):

  • To activate all the recovery options in the recovery application, open an arbitrary ERI file via the Menu option File > Open ERI file (refer to Load ERI). It does not matter which ERI file is used – it can belong to any computer. If prompted, enter the password for the ERI file.
  • Select the partition to decrypt from the Logical drives node in the left-hand pane of the main window. Subsequently, select the option Enter Key from the Partition menu:

clipboard_e7d2440758d067354c4adf1ba0e4efa88.png

  • The Enter disk key dialog appears.

clipboard_e4fab4803366ab69b506efb4af9196fa8.png

This dialog allows you to enter the encryption parameters set for the drive/partition in question.

The following options are available:

GUI element Details

Algorithm

Here you must select the algorithm that was used to encrypt the drive.

Key length

Some encryption algorithms support different key lengths. Use the slider to define the correct key length for the selected algorithm and partition.

Key input

Enter the encryption key password used for the partition into this field. Check Enter key in clear to make the password entry visible.

  • Once the information is entered, click OK. If the information is correct, it is loaded into the emergency recovery application.
  • The ERD main window reappears. Repeat steps 2 and 3 for every encrypted partition you need to decrypt.
  • Drive decryption can now be performed (see next section).

Decrypting a drive

This procedure can be used when you have either not decrypted the hard disk(s) before removing Matrix42 Full Disk Encryption or if the decryption of a hard disk was interrupted (due to power failure) and needs to be continued.

This procedure assumes that either a valid ERI file has been loaded or that the encryption key has been entered manually, and that the drive node has been selected.

 Follow these steps to decrypt a partition/hard disk via the ERD:

  • Make sure that you have loaded the correct ERI file via the Menu option File > Open ERI file (see Load ERI).
  • Select the respective drive from the tree in the left-hand pane.
  • Select the Decrypt drive option from the Partition menu.

clipboard_ebdef96a483c5a53f8ee1826447953d50.png

  • The Decrypt drive dialog appears.

clipboard_e8701ac0c026c5ddbaa015df961aefb9f.png

  • From the Drive combo box, select a drive for decryption.
  • Check the Decrypt only used sectors option to decrypt only those sectors of the selected drive that contain data. Leave this option unchecked to decrypt every sector (this will take longer).
  • Click OK to begin the decryption.

Any loss of power during the decryption process may cause data corruption. The decryption of a hard disk may take some considerable time depending on the size of the disk and the speed of the computer.

Entering the encryption key from ERI file

Inject the encryption keys from an ERI file, the automatic comparison takes place to add only the keys of the any partition that has been encrypted by a previous FDE installation but is unavailable in the new one.

This procedure assumes that either a valid ERI file has been loaded or that the encryption key has been entered manually, and that the drive node has been selected.

  • Make sure that you have loaded the correct ERI file via the Menu option File > Open ERI file (see Load ERI).
  • Select the Key Injection option from the Partition menu

clipboard_e5b042cf4092817b53ffabbee4ebd1cca.png

  • The success message appears if encryption keys are encrypted.
  • Click OK to close the message.

Decrypting a drive in a silent mode

To enable the decryption of a partition without using a graphical user interface you can use the emergency recovery console (pe_erd_console.exe) from within the WinPE 2.x boot CDs. This section details the console and the commands/options open to you.

Follow these steps to decrypt a drive from the ERD:

  • Once you have booted the target computer using the WinPE ERD, open a command prompt window.
  • Use the following commands to decrypt drives/partitions (case insensitive):
pe_erd_console.exe eripath=<?> eripwd=<?> partition=<?>
  • The following options are available:
Option Details

ERIPATH

The path to the ERI file

ERIPWD

The password for the ERI file

PARTITION

The letter of the partition/hard disk to be decrypted

/H

Help – information about each option available in the console

/L

Load keys to memory

For example:

pe_erd_console.exe eripwd=87654321 eripath=f:\fde.eri partition=d
pe_erd_console.exe eripwd=87654321 eripath=f:\fde.eri /L

During and until the decryption process is finished, a series of dots will appear in the command prompt. Depending on how large the partition is, the number of dots may scroll the command prompt – this is normal! If the decryption is finished successfully, the message ‘Hard disk was successfully decrypted’ appears. If the decryption is unsuccessful an error message will appear.

Repairing MBR

It may be necessary to update the MBR if your computer does not start after the installation of a third-party application. The most likely cause is that the installer has modified the MBR.

Follow these steps to update the MBR:

  • Make sure that you have loaded the correct ERI file via the Menu option File > Open ERI file (see Load ERI).
  • In the main window select the Menu option BootChain > Repair MBR. The Repair MBR dialog appears:

clipboard_ed33265e9ac462971705769aa89269a21.png

  • Click OK to start the procedure.
  • Once complete, the dialog will close automatically with no further prompting or interaction.

Restoring original MBR

This option replaces the Matrix42 MBR with the original MBR archived by Matrix42 during installation. Follow these steps to replace the Matrix42 MBR:

  • Make sure that you have loaded the correct ERI file via the Menu option File > Open ERI file (see Load ERI).
  • In the main window select the Menu option BootChain > Restore Original MBR.
  • The MBR repair dialog appears:

clipboard_e8b200dfe42890834104e95372f664cff.png

  • Once complete, the dialog will close automatically with no further prompting or interaction.

Setting active partition

This option allows the user to set an active partition for the MBR. The active partition becomes the boot sector for the MBR to load the boot program. Follow these steps to set active partition:

  • Make sure that you have loaded the correct ERI file via the Menu option File > Open ERI file (see Load ERI).
  • In the main window select the Menu option BootChain > Set active partition. The Set active partition dialog appears:

clipboard_e965aa52bd4ff600da4caed018e73839c.png

  • Select the partition and click Set active.
  • The selected partition becomes the active partition for the MBR.

Setting the administration password

Use this feature to set the Control Center administration password.

  • In the main window select the menu option Administration > Set admin password.
  • The Set admin password dialog appears.
  • Enter and confirm a new password.
  • Click OK.
  • Once the password has been changed close the emergency recovery application (File > Exit).
  • Click GO > Shut down > Restart to end this procedure and to restart the computer. Windows should boot as normal.
  • Was this article helpful?