Servers weren't much of a problem, they're mostly virtual and could be just restored from a backup. The several hundred workstations were a problem. They needed a physical touch. All are encrypted with BitLocker, requiring passkeys stored in AD. Over half are laptops. Most of those don't have wired ethernet ports, and an account with local admin rights hasn't logged in since the day they were imaged. Throw in a proper LAPS config, where randomly generated passwords of three dozen characters in length are also stored in AD...
... Yeah, today was a bad day.
That's what she said.