Emory University SCCM Server Accidentally Reformats All Computers Campus-wide 564
acidradio writes: "Somehow the SCCM application and image deployment server at Emory University in Atlanta accidentally started to repartition, reformat then install a new image of Windows 7 onto all university-managed computers. By the time this was discovered the SCCM server had managed to repartition and reformat itself. This was likely an accident. But what if it weren't? Could this have shed light on a possibly huge vulnerability in large enterprise organizations that rely heavily on automated software deployment packages like SCCM?"
Sounds like IT incompetence (Score:5, Insightful)
An...accident..? (Score:5, Insightful)
Knowing that people have been running various kinds of centralized update services, perhaps across multiple OSes, and spanning several years now, listening to a story about an update server literally going rogue and nuking everything attached to it, and then for the coup de grace, basically committing suicide at the end by reformatting itself, does not sound like an accident.
If it truly was, I'd hate to see what the hell purposeful intent looks like.
Re:Sounds like IT incompetence (Score:5, Insightful)
Assuming it was just a mistake and not malicious ...
Probably not. This shit happens, and that person who did it will never do something like this again. Have you ever made a massive, expensive mistake?
I have, I was 19 years old and cost my company nearly a million dollars due to a silly misconfiguration. After I discovered it, corrected the error and notified my boss, I spent most of the night throwing up. The next morning, after everyone in the company (only 15 people or so) knew what happened, and I walked through the halls on the way to the meeting with the owner and my boss, I thought I'd pass out. As I walked into the Owner's office I didn't even bother to sit down, expecting a fairly short conversation. I was asked to sit down while my boss had this very stern look on his face. So I did, cost them that much money, I can do what they ask.
The owner than proceeded to tell me the story of how, when working for a certain Germany car company doing CICS programming, he made a mistake that screwed up a production line and cost the company several million dollars. He knew exactly how I felt, and he knew that it would never happen again because I had already punished myself more than he possibly could.
If they fire the person who did this, they just wasted the whole event. The person learned their lesson and will be extremely cautious in the future. Firing them now just means someone else will get to reap the benefits of this experience, and thats pretty stupid.
People make mistakes, and in this case the software is at least partially responsible. The SCCM server should have aborted during the preflight checks when it realized it was going to take itself out in the process. The best thing this IT department can do is for the manager/director to keep the specific employe's name under wraps, stop shit from flowing down hill from above and move on. Nothing will benefit anyone if all of Emory treats the person responsible as if he deserves to pay for all the time lost in repairing the damage, he simply can't.
The hard lesson has been learned by everyone, nothing else will make anyone any better off.
Backups (Score:4, Insightful)
Bad news most likely on this front. I have worked University IT, and I can guarantee they are going to have problems.
For one, no matter how many layers of backups you have, when you are working with a bunch of 90 year old academics, they will always find a way to miss every single one.
And more grievous, Universities tend to have important data that absolutely cannot be backed up in any normal way. Data that is legally obligated to stay on one specific computer in one specific room and never leave; under penalty of legal action.
Re:Sounds like IT incompetence (Score:4, Insightful)
Or he could just be an incompetent shit.
Don't get me wrong, I've made mistakes myself, perhaps not quite to the same level. Hopefully he is someone who can take a lesson but there are many who can't.
Re:Sounds like IT incompetence (Score:5, Insightful)
Have you ever made a massive, expensive mistake?
Glances woefully down at wedding ring...
The person learned their lesson and will be extremely cautious in the future.
Thinks back on previous three weddings...
Only a good manager could tell the difference (Score:5, Insightful)
It sounds like the commenter above was teachable - he no doubt learned his lesson.
It also sounds like the company's owner knew he could learn this lesson. That's the mark of a great manager.
Whether the Emory staffer responsible for this mistake is teachable or not, I hope his boss can tell the difference. Some folks aren't teachable, some are. If the Emory boss is worth his paycheck, he should be able to tell.
"Somehow"??? (Score:4, Insightful)
"Somehow" makes it sound mysterious and inexplicable. I'd be willing to bet that the truth is far less sensational. I could see a student tech assistant doing something like this on a dare, or a low-skilled admin just clicking OK one too many times, without actually reading the warning message.
Re:Surprisingly Infrequent (Score:4, Insightful)
We use SCCM extensively at my office, and yes, it's entirely possible to tell it to reimage every single computer. You just need to target the deployment at "All Systems" and make it mandatory. My guess is that some admin picked the wrong collection, which is fairly easy to do in SCCM 2007 (2012 has Collection folders, which helps with that), and there's no warning messages -- just a summary of "this deployment is going to these devices, click Finish to do it." Of course, most other mass management tools assume that the admins know what they're doing, so they don't have much in the way of guard rails either.
One of the more obnoxious elements of SCCM is that there's no real way to recall a command you send out; clients pick up policy at periodic intervals, and without manual intervention, they'll just grab the policy and do what it says even if you kill the server in question. You can block deployments by taking down distribution points (if the clients can't grab content, they won't run the deployment), but you still have to be fairly quick about it to stop it.
What we do to prevent these sorts of disasters is implement process around the use of the ConfigMgr console and ensure only the people who know how to use it actually use it. To prevent an OS reimaging incident, our OS deployments go through a static set of collections by process and are always optional (requiring a manual touch, either at PXE boot or in the UI) except for a specific set of collections that are segregated in their own folder and have names and descriptions with scary words that make it clear what's going to happen. For instance, in our "Clean Reimage" folder, we have a collection that says, "Windows 7 Reimage (Clean, PXE, Forced)" with a description to the effect of, "*** A computer placed in this collection will be REIMAGED and LOSE ALL LOCAL DATA. Local state is NOT preserved or transferred. ***" If we were a larger IT organization, we'd probably use SCCM's role-based security to limit access to clean reimages to a specific group of people.
Re:Not so sensational... (Score:4, Insightful)
That doesn't matter so much because things are changing at such a glacial speed. It may as well be 1999 for the small amount of 64 bit, multithreaded stuff that uses network capability well which is out there. If you defrosted a Sun sparc user from back then and put them on a Win8 machine they would be disappointed.
Re:Sounds like IT incompetence (Score:4, Insightful)
People make mistakes. Everybody makes them, everybody does it all the time, and they do it even when they should know better, when the consequences are high, and when they've received training specifically aimed at avoiding those particular mistakes.
Aviation, process and other industries know this by now, after many, many hard-earned lessons. They know you have to design your interfaces under the assumption that people will screw up, push the wrong button, or misread the situation. The general software industry, on the other hand, seems amazingly resilient against accepting this simple fact.
Re:Only a good manager could tell the difference (Score:4, Insightful)
I used to work for a company called "Gteko". Don't bother looking them up - they were acquired several years ago. They sold bundled software (OEM) to a handful of companies, all of them huge. One of those was AOL. This is over a decade ago.
The incident in question took place after I left, so I don't know the specifics. The bottom line is, they screwed up a server deployment that affected the AOL front page for all AOL customers. After that was finally fixed, the company's CEO, expecting pretty much to be shown the door, walked into a meeting with several AOL high execs.
The meeting started with the following sentence:
"Let's see how we can make sure this never happens again"
Even when it's something less "close" to you than an employee, it is sometimes worth it to not terminate someone who made a mistake, even a serious one.
My current employer, Akamai, has a motto effectively saying: It's okay to screw up, so long as that screwup results in a procedure that will prevent anyone from making the same mistake again.
Shachar
Re:Cool (Score:5, Insightful)