fwd-NT4.0 file warning

[Elisabeth Roche]

>Return-path: <owner-ntsecurity at iss.net>
>Date: Tue, 17 Sep 1996 15:34:03 +0000 (UT)
>From: Tom Sheldon <Tsheldon at msn.com>
>Subject: [NTSEC] This just in people
>Sender: owner-ntsecurity at iss.net
>To: Windows NT Security Mailing List <ntsecurity at iss.net>
>Errors-to: majordomo-errors at iss.net
>Reply-to: Tom Sheldon <Tsheldon at msn.com>
>
>Forwarded from a Microsoft Western Region Systems Engineer - 
>>
>>An OEM utility known as ROLLBACK.EXE was inadvertently included on the retail 
>
>>NT 4.0 CD-ROM.  I experienced this tool a couple of weeks ago just before an 
>>NT 4.0 demonstration.  I ran it - expecting to be prompted for parameters, 
>>etc.  It promptly removed my registry settings and effectively trashed my NT 
>>installation.  
>>
>>Why did I run it at all?  Because it had no documentation and I was curious. 
>>Some of your customers might do the same.
>>Bottom line is this - DO NOT RUN ROLLBACK.EXE !  It won't ask for 
>>confirmation, and cannot be aborted or recovered.
>>Please inform your customers of this.  This tool is not a bug or a virus - it 
>
>>is a pre-installation tool specifically for OEM's and should not be used by 
>>end-users.  Expect a bulletin on this from PSS in the near future.
>>Thanks for listening!
>>
>>***********
>>Warning:  Utility On NT 4.0 CD Deletes Registry Settings  
>>Inadvertently, an OEM Pre-installation Kit tool, ROLLBACK.EXE was included on 
>
>>the retail CD of both NTW and NTS 4.0.  This tool removes the critical 
>>components of the Registry from an existing installation of NT and 'rolls it 
>>back' to the beginning of GUI mode setup.  THERE IS NO RECOVERY FROM THE USE 
>>OF THIS TOOL.  All Registry entries added by any BackOffice server 
>>application [and others] are removed along w/ all security and accounts 
>>information.  Thus, only a complete backup immediately prior to usage will 
>>recover the customer.  Data files are intact along w/ file ACLs but that is 
>>all. 
>>Since ROLLBACK has no Help file, has no cmd line help, and in fact has no 
>>documentation of any kind on the CD, it is a prime candidate for 'curious 
>>experimentation' on the part of the customer.  Unfortunately, simply 
>>double-clicking on the EXE or giving the command from the console causes 
>>execution without any warning.  The next thing the customer knows, they are 
>>staring at the Setup screen and are completely down.
>>An article is being rushed thru, Program Management for NT is aware and will 
>>respond, we are assessing posting a warning to all electronic services and 
>>will inform you all when we have more information.  In the interim, 
>>[hopefully more information will be available by COB Friday] please make your 
>
>>units aware of this problem.  TAMs should as well inform their Premier 
>>customers and ask them to further disseminate the information as required to 
>>prevent any customer down-time.
>
>