RE: [mssms] RE: Emory IT accidentally deploys Windows 7 to everything

[Mote, Todd]

RBA can help further here too.  if folks can’t see the all systems collection, 
they can’t deploy to it either…

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Matt Wilkinson
Sent: Monday, May 19, 2014 7:34 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: Emory IT accidentally deploys Windows 7 to everything

In 2012/SP1/R2 you do have to go through several screens to deploy a required 
OSD TS. Picking the All systems Computer collection is probably what happened. 
I  only have access to test collections. I only deploy available applications 
for testing.

From: Bruce Hethcote [mailto:bruce.hethc...@1e.com]
Sent: 19 May 2014 12:29
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Emory IT accidentally deploys Windows 7 to everything

+1  It’s easy enough to put a condition at the beginning that would prevent a 
desktop OS TS from executing on a server OS.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Wallace
Sent: Saturday, May 17, 2014 10:39 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Emory IT accidentally deploys Windows 7 to everything

Or I guess that people could use the features which exist in the product such 
as security scopes and security roles.

They could also do things like run a check via WMI or TSVs that a system is 
valid to have the TS run on it.

On 17 May 2014, at 15:35, "Miller, Todd" 
<todd-mil...@uiowa.edu<mailto:todd-mil...@uiowa.edu>> wrote:
This happens enough that you have to start wondering if the software could be 
improved in some way to help prevent it.

Maybe there should be alerts or limits or a wizard that summarizes any change 
that affects a deployment or target collection.

Like when you click OK, maybe there would be a "This change will result in NNNN 
systems receiving Package/Application "YYYYYYYY" with a mandatory time of 
12:20AM" or something like that.

The trouble is, you would need to do that every time you modify a collection 
too and that takes some computational time. - maybe that is computer in the 
background and you get this warning when you enable the deployment? Wouldn't it 
be nice if there was an option to create all deployments as disabled and then 
you had to enable them, and when enabling them you could see or were told how 
many systems are affected.

You could also automatically disable advertisements when the underlying 
collection query was modified.  So the advertisement would need to be reenabled 
after reviewing how that change affected the deployment.

You know how your DVR shows what programs are going to be recorded over the 
next couple of days/weeks?  Wouldn't it be great if SCCM showed a list like 
that of pending packages,  deadlines, the target collection, the number of 
affected machines, and the time?

With these kinds of events, there definitely is an established need to make the 
SCCM product harder to make unintentional blunders and easier to see what it is 
doing/going to do and when.

Often with these kinds of things there is a long chain of events that lead to 
an unanticipated result.  The worst part is that those machines that were 
ruined over night, SCCM probably "knew" it was going to happen all day long and 
could have warned the Admin if there was just a interface that computed what 
advertisements were pending, how many machines are affected etc....  I 
certainly would get more use from something like that than being able to manage 
iOS/MacOS/Linux/AntiVirus definitions/Android Apps/etc.  Maybe SCCM v.Next can 
focus on doing core competencies better rather than extending the product into 
areas few care about.

I dunno, I just don't think all or even half the blame falls on the guy that 
clicked "OK."   I certainly feel a great deal of empathy for him.  While this 
has never happened to me, it has sometimes been a recurring theme in bad 
dreams/nightmares.



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] on 
behalf of JONES, RICK J [rj7...@att.com<mailto:rj7...@att.com>]
Sent: Friday, May 16, 2014 5:33 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Emory IT accidentally deploys Windows 7 to everything
EVERY person in IT has an OCM (Oh Crap Moment) that they remember or changed 
them.  If a new tech haven't had their OCM yet, I tend to lock down access and 
not trust because the OCM has a higher chance of happen in my environment.

And yes, I had my OCM, it changed how I add logging and build a back out to my 
scripts.

Rick J. Jones
Wireless from AT&T
Domestic Desktop Application Management
D: (425) 288-6240
C: (206) 419-1104
________________________________
From: Murray, Mike<mailto:mmur...@csuchico.edu>
Sent: ‎5/‎16/‎2014 4:22 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Emory IT accidentally deploys Windows 7 to everything
Wow.... ouch. So there's an opening at Emory?

-----Original Message-----
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of William Jackson
Sent: Friday, May 16, 2014 12:32 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Emory IT accidentally deploys Windows 7 to everything

I'm thankful that I do not work over there.

"A Windows 7 deployment image was accidentally sent to all Windows machines, 
including laptops, desktops, and even servers. This image started with a 
repartition / reformat set of tasks. As soon as the accident was discovered, 
the SCCM server was powered off – however, by that time, the SCCM server itself 
had been repartitioned and reformatted."

http://it.emory.edu/windows7-incident/

William


________________________________
Notice: This UI Health Care e-mail (including attachments) is covered by the 
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and 
may be legally privileged.  If you are not the intended recipient, you are 
hereby notified that any retention, dissemination, distribution, or copying of 
this communication is strictly prohibited.  Please reply to the sender that you 
have received the message in error, then delete it.  Thank you.
________________________________



________________________________


DISCLAIMER: This is a PRIVATE AND CONFIDENTIAL message for the ordinary user of 
this email address. If you are not the intended recipient, please delete 
without copying and kindly advise us by e-mail of the mistake in delivery. 
NOTE: Regardless of content, this e-mail shall not operate to bind 1E to any 
order or other contract unless pursuant to explicit written agreement or 
government initiative expressly permitting the use of e-mail for such purpose.

_____________________________________________________________________
This email has been scanned by the MessageLabs Email Security System on behalf
of Leeds College of Building.
For more information please visit http://www.symanteccloud.com
_____________________________________________________________________


_____________________________________________________________________
This email has been scanned by the MessageLabs Email Security System on behalf
of Leeds College of Building.
For more information please visit http://www.symanteccloud.com
_____________________________________________________________________