Fortunately I only dealt with maybe 35 pc's and a few servers (hooray for idrac and ilo modules!).
We recovered really fast from Crowdstrike in the area of servers and applications. But the remote workforce not so well. Those that leave their laptops running and VPN connected overnight were just fine because we were able to push out the GPO changes needed to disable Crowdstrike and the pre-staged deployment and remotely reboot the machines. The other group that shutdown had the updates pre-staged didn't get the GPO so at boot the new code went into effect, and they got into boot loops. We set up a emergency response SMS and reply message if people were having issues where we would text the person a time to join a tech call to work with them to bring their laptop back from the brink.
That is one of those "You couldn't make this sh_t up!!" moments.
Yeah.... I found it easier for the remotes I couldn't get to simply to hit the trouble shooting menu at boot, drop to a dos prompt, then go to the system32\drivers\crowdstrike directory and delete the 2 files. Much easier then having them go into safe mode and what not. I only had 3 or 4 of those so it was good. The majority of people that didn't get it client wise had their computers off at the time the update was pushed out then removed so they were outside the window of patching at that time.
That works unless you use bitlocker. On the enterprise side the key needed to be pulled from the vault and applied before getting into the directory.
Yeah I know... Fortunately none of the bitlocker enabled systems had an issue.
The water main in the road burst, I had to drink beer
Well that's my excuse
Somebody had to support them w/a nod and tap of the glass. 
TBH, I’m feeling rather good about being unemployed right now. 
Not wrong, some one didn’t bother to do their regression testing properly and YOLO’d it!
My laptop stays on 24x7 unless I'm actively traveling.
Ugh. This was pretty much me at 0030 in a hotel room working remotely to finish up prep for a client server migration. BSOD and I had to get the BDE key using my phone. Their mobile screen format made that almost impossible. Took several tries. I almost grabbed my tablet but finally got it. I have them all on a USB stick at the house but of course I don't have that in my backpack. I now have them stashed on my phone. Hindsight is 20/20.
I was finally able to get into CLI at recovery and renamed the CS directory.
I've always hated and distrusted CS and have asked corp security for a special carve out group for field engineers. Losing a laptop in the middle of a critical client migration just isn't cool guys. I can't say who the client was, but let's just say it's a University in a big state and Starts with T & ends with M.
I haven’t been a windows server engineer since 2013, but WTF happened to organisations staying at N-1 for patching and updates?
This CS Charlie Foxtrot is the exact scenario that proves why this is a sensible risk mitigation strategy.
Highly recommend macrium reflect with alternate boot installed so you can directly boot to restore image backup. Takes space on alternate partition or disk or usb but it restores to exact state machine was at time of backup.
