RE: [NTSysADM] A Windows 7 image was deployed to EVERYTHING.

[Steven M. Caesare]

Indeed, but that's a result, not a root cause.

-sc



-----Original Message-----
From: listsad...@lists.myitforum.com on behalf of Melvin Backus
Sent: Mon 5/19/2014 10:05 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] A Windows 7 image was deployed to EVERYTHING.
 
I think it can safely be assumed (yes I know) that a deployment server should 
never overwrite itself as part of a deployment.  

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.


-----Original Message-----
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Steven M. Caesare
Sent: Monday, May 19, 2014 9:15 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] A Windows 7 image was deployed to EVERYTHING.

How does one know if process refinement is necessary when you don't know the 
root cause of the issue (yet)?

-sc



-----Original Message-----
From: listsad...@lists.myitforum.com on behalf of Ken Schaefer
Sent: Sun 5/18/2014 10:17 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] A Windows 7 image was deployed to EVERYTHING.

Personally, I don't think any of these things will help.

When creating a change record, the exact steps to be followed are documented. 
If someone either:

a)      Creates the wrong documentation, and it's approved by CAB

b)      Creates the right documentation, but someone either fat fingers or 
doesn't read the doco
Then creating these extra steps is just process inflation.

I don't think adding more steps or manual checks to process is the right 
answer. Especially in a world where business is clamouring for more agility and 
speed, rather than more bureaucracy in the name of risk management.

If you look at the stuff coming out of CEB or Gartner, we need things like 
leaner processes, cross-skilled teams better able to understand implications 
across multiple towers, orchestration/automation tied to process and bunch of 
other things I don't remember off the top-of-my-head.

Cheers
Ken

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of CESAR.ABREG0
Sent: Monday, 19 May 2014 12:07 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] A Windows 7 image was deployed to EVERYTHING.

Verify the number of clients in collection before using to deploy a TS to it? 
Verify that the dynamic collection being use contains the intended clients? 
Verify that the 'all system' collection is not a target?
There could be more but a couple of that I can think of.

Most this situations happen by human errors and inexperienced as well. I think 
HP consulting did it at a bank a couple of years ago and some that colleagues 
have shared with me that happened in a USA government branch. I've been doing 
imaging over 10 years and I never do mandatory deployments to populated 
collections, only to empty ones and I add clients manually or have a process to 
do so.

This got me thinking of steps that can be taken or be part of a TS to prevent 
this type of situation up to an extend, can't never be prevented completely.

1. Put a step that verify DCs and other critical infrastructure systems and 
have human click yes before moving forward or fail if no response.
2. Creat web service/orchestrator to send email or a type of notification to a 
group before continuing. Automated.
3. What I've used in the past. Create an empty collection, deploy TS to it as 
mandatory, add required systems manually or by script from a list. Limit who 
can add systems and the type of client, like no DCs or SCCM systems.

Cesar A.
Meaning is NOT in words, but inside people! Dr. Myles Munroe My iPad takes half 
the blame for misspells.

On May 18, 2014, at 5:31 PM, Ken Schaefer 
<k...@kj.net.au<mailto:k...@kj.net.au>> wrote:
I'm assuming someone clicked the wrong button (i.e. "Finished", when they 
should've clicked "Cancel"). How does "process verification" (how do you define 
this?) help?

Cheers
Ken

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rankin, James R
Sent: Monday, 19 May 2014 2:59 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] A Windows 7 image was deployed to EVERYTHING.

I think I may use this as an example in an article about the importance of 
process verification.
Sent from my (new!) BlackBerry, which may make me an antiques dealer, but it's 
reliable as hell for email delivery :-) ________________________________
From: "Andrew S. Baker" <asbz...@gmail.com<mailto:asbz...@gmail.com>>
Sender: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>
Date: Sun, 18 May 2014 12:55:37 -0400
To: ntsysadm<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
ReplyTo: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] A Windows 7 image was deployed to EVERYTHING.

Automation leads to relaxation...
...unless something goes horribly wrong.






ASB
http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>
Providing Virtual CIO Services (IT Operations & Information Security) for the 
SMB market.




On Fri, May 16, 2014 at 10:40 PM, Richard Stovall 
<rich...@gmail.com<mailto:rich...@gmail.com>> wrote:

Wowzers. That's just incredible.
On May 16, 2014 8:14 PM, "Kennedy, Jim" 
<kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>> wrote:
So SCCM sent win 7 to everything, including servers.

http://it.emory.edu/windows7-incident/

<<winmail.dat>>