Emory University SCCM Server Accidentally Reformats All Computers Campus-wide

acidradio writes: "Somehow the SCCM application and image deployment server at Emory University in Atlanta accidentally started to repartition, reformat then install a new image of Windows 7 onto all university-managed computers. By the time this was discovered the SCCM server had managed to repartition and reformat itself. This was likely an accident. But what if it weren't? Could this have shed light on a possibly huge vulnerability in large enterprise organizations that rely heavily on automated software deployment packages like SCCM?"

Surprisingly Infrequent

[crow]

I think the big surprise here is that this doesn't happen more often.

Consider how many corporations, universities, and such have huge PC deployments with automated updates. I've seen updates that drop all the PCs off the network, but I've never seen one where everything is wiped.

I'm also surprised that I haven't heard of malware that accidentally wiped a network of 100K or more machines when someone sent the wrong command.

Or maybe the news here is that it was in a more open environment where people hear about it. If a publicly traded company wiped a thousand PCs at its headquarters, you bet they would try to keep it quiet.

Re:Cool

[Anonymous Coward]

Unfortunately, SCCM [wikipedia.org] also supports Linux and Mac OSX clients. I wonder whether it tried to install Windows 7 on them also? Users would be really pissed to discover their Mac/Linux box was now lurching under Windows...

Re:Sounds like IT incompetence

[jd2112]

SCCM is pretty good. It makes my desktop techs jobs significantly easier to deploy assets company wide. In this case, it sounds like someone pressed some buttons without being 100% clear as to what was going on. Unfortunate someone will not be working in IT ever again.

Or perhaps someone decided that having a testing environment for deployment packages was an unnecessary expense combined with personnel who aren't properly trained. Just think how much money they saved by eliminating training and a test environment!

Re: Sounds like IT incompetence

[Aethedor]

Your story isn't about you messing up. It's about your boss failing hard at proper risk management. He's the one who should be fired for allowing a process in the company in which one person could do so much damage. Unfortunately, this happens still too often. Companies in which the mistake of one single person, the error of one single machine or the failure of one single process starts a chain reaction which causes heavy damage. Just take a look a look at the company you work for. I'm sure everybody can point out a machine or a person that will cause serious problems if that machine or person is not available for a certain amount of time.

Re:Maybe

[Anonymous Coward]

A desperate attempt to delay taking finals?

No, finals were from 1 May to 9 May; graduation ceremonies were on Monday, two days before this incident began.

I'd like to point out that this had essentially no effect on the academic part of the university; the computers involved
belonged mostly to the libraries and administrative offices. Here in the Math/CS department, I didn't even hear about
this until today (we run our own servers, mostly Linux and (gasp) Solaris).

Re:Cool

[mikael]

That's what some universities actually do. They have a custom built dual-boot OS partition image (Linux + Windows) will all the standard applications that have been licensed and required for lab use (Mathematica, Microsoft Word, Firefox, Opera). This image gets stomped onto the drive of every idle system every night. So even if some spyware installs itself overnight, it gets overwritten.