From proff Thu Sep 26 16:45:24 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id QAA12237 for best-of-security; Thu, 26 Sep 1996 16:45:24 +1000 Received: (sendmail@localhost) by suburbia.net (8.7.4/Proff-950810) id QAA10804 for ; Thu, 26 Sep 1996 16:42:57 +1000 Received: from geech.gnu.ai.mit.edu(128.52.46.34) via SMTP by suburbia.net, id smtpd06541aaa; Thu Sep 26 05:37:29 1996 Received: by geech.gnu.ai.mit.edu (8.6.12/8.6.12GNU) id BAA12450 for meditation-list; Thu, 26 Sep 1996 01:08:07 -0400 Received: from discovery.mhri.edu.au by geech.gnu.ai.mit.edu (8.6.12/8.6.12GNU) with ESMTP id BAA12447 for ; Thu, 26 Sep 1996 01:07:59 -0400 Received: (from mda@localhost) by discovery.mhri.edu.au (950413.SGI.8.6.12/950213.SGI.AUTOCF) id PAA02574; Thu, 26 Sep 1996 15:09:34 +1000 From: "Matthew Aldous" Message-Id: <9609261509.ZM2572@discovery.mhri.edu.au> Date: Thu, 26 Sep 1996 15:09:34 -0400 X-Files: The Truth Is Out There X-Disclaimer: Comments contained do not necessarily represent those of my employer X-Copyright: Portions of this message may be subject to copyright. (C) 1996 Matthew Aldous X-Warning: Comments contained may be devoid of fact or truth. X-URL: http://www.mhri.edu.au X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail) To: meditation@gnu.ai.mit.edu Subject: D:\support\deptools\I386\Rollback.exe Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Approved: proff@suburbia.net Subject: Warning! NT 4.0 utility wipes system configuration From: wex@tinbergen.media.mit.edu (Graystreak) Approved: proff@suburbia.net Forwarded-by: Logan Sanders NT users beware! Retail copies of both the Workstation and Server versions of Windows NT 4.0 shipped with an undocumented system-wiping utility. The file Rollback.exe erases key components of the system registry, disabling the operating system. Microsoft Corp. officials say that once the file has been executed, the changes cannot be undone and require a complete reinstallation of the operating system. At least one incident of accidental erasure has occurred and Microsoft is mulling over how to inform customers of the problem. This undocumented feature could do the most damage to NT4.0 Server users because it erases critical-security and user-account information. Without an up-to-date backup, network administrators will have to recreate all of the users' account and password profiles. Microsoft this week sent out an E-mail warning to its channel partners. It stated that after running the utility "the next thing the customer knows, they are staring at the set-up screen and are completely down." Rollback.exe was designed to allow OEMs to test NT with their hardware and software configurations, and then return systems to their pre-installation state. The file is located in the support\deptools\I386\ directory of the NT CD-ROM and is not installed on the system by default. But the lack of any online documentation or escape route once the program has begun has put curious users at risk. Microsoft officials say that more than 150,000 copies of NT Server 4.0 have been sold since its release in late July. Microsoft has posted an entry in its online Knowledgebase, but has not determined how it will notify customers and OEMs. -- ------------------------------------------------------------------------------- "System Administration: It's a dirty job, but someone said I had to do it." Matthew Aldous : 019339629 : mda@mhri.edu.au : Mental Health Research Institute -------------------------------------------------------------------------------