------------------------------ Date: Mon, 23 Sep 1996 18:54:51 -0400 From: wex@tinbergen.media.mit.edu (Graystreak) Subject: Warning! NT 4.0 utility wipes system configuration Forwarded-by: Logan Sanders NT users beware! Retail copies of both the Workstation and Server versions of Windows NT 4.0 shipped with an undocumented system-wiping utility. The file Rollback.exe erases key components of the system registry, disabling the operating system. Microsoft Corp. officials say that once the file has been executed, the changes cannot be undone and require a complete reinstallation of the operating system. At least one incident of accidental erasure has occurred and Microsoft is mulling over how to inform customers of the problem. This undocumented feature could do the most damage to NT4.0 Server users because it erases critical-security and user-account information. Without an up-to-date backup, network administrators will have to recreate all of the users' account and password profiles. Microsoft this week sent out an E-mail warning to its channel partners. It stated that after running the utility "the next thing the customer knows, they are staring at the set-up screen and are completely down." Rollback.exe was designed to allow OEMs to test NT with their hardware and software configurations, and then return systems to their pre-installation state. The file is located in the support\deptools\I386\ directory of the NT CD-ROM and is not installed on the system by default. But the lack of any online documentation or escape route once the program has begun has put curious users at risk. Microsoft officials say that more than 150,000 copies of NT Server 4.0 have been sold since its release in late July. Microsoft has posted an entry in its online Knowledgebase, but has not determined how it will notify customers and OEMs.