Fun Friday: Which Common Sysadmin Tool have you seen do the Most Damage?

any automation tool ...lol
 

Format or rm -r /

ah yes.. adduser newmanager

Apply an update to all the production Vms without test, for more fun apply it during the weekend.

Lack of knowledge, the wrong click in the Disk managements especially with Veeam and Direct San and bye bye the production.

“In the old days” I managed to kill a OS/2 server with “rm -r” only. Just started it from the wrong directory At these times this was the whole environment…

So, I don’t need a special tool for this…. 

 😂😂😂😂😂

Not so much a tool but reading documentation I have seen be one of the most dangerous.  If you have the docs and design - follow them!!  That way I don’t have to fix things later. 

i was a beginner, i typed "exit" on a domino server, like to exit the cmd lol the server shut down LMAO

or how about forgetting ctrl+al+ins (The VMware VM console combination on Windows VMs for ctrl+alt+del) on some linux systems is ‘reboot’ system ….been burned a few times with that one

I learned this the hard way also.

psexec and having to clean up other people’s messes.

as root from the root directory:

rm -rf * &; exit

@MicoolPaul wants us to mention a tool, and I think some of us deviated! To be honest, all tools can be taken over by bad actors and this is why we need to run or allow these tools to run with administrative privilege. By default, standard users shouldn't be able to run these tools. 

I would say any of the configuration management tools (such as Ansible, Puppet etc) if you do not know what you are doing. Therefore, I agree with @Cragdoo above, anything automation and PowerShell is as well :) 

Powershell and Pipe |
Can lead to unwanted changes if you are not careful 😂

It’s one of the great community things, you go in asking a question and people then give you additional perspectives and stories! I don’t always reply to everyone but I love seeing the life lessons learned!

Good shouts on automation…

Definitely! Especially when filters are used which are believed to be a safety net but the logic isn’t as strict as the writer thinks it is!

So far the themes are automation and scripting!

Definitely this can if not careful with inputs. 😂

Shutting down a (wrong) ESXi host without reading the message that there are still VMs running.

Related to what you said but unrelated to the original topic:

A client I used to deal with infrequently had ESXi servers going offline unexpectedly. They were in a managed datacentre and the technicians kept on powering off some of their servers when OTHER customers’ servers needed reboots mistakenly.

The latest time this happened the client (quite rightly) got very irate and demanded to know what happened this time and why they couldn’t tell their servers apart. Their support team claimed that a cable must’ve leaned on the server’s power button whilst they were working on another server in the rack. If true it makes you question what the cabling looks like in that place!

Right! I guess all of us have seen such cabling in different server locations 

RDP in some internal sysadmin’s hands who woke up to update something on servers because that day got inspired… 

Right! When you also think about RDP-manager with stored authentication credentials to be able to double-click a server to connect without entering anything. 

mimikatz ftw 

I recommend not to leave the possibility to cache credentials on Windwos or Windows server in AD domain it is strongly recommended to implement a set of GPO to prevent this kind of attacks. 

Preventing Mimikatz Attacks. Mimikatz is playing a vital role in… | by Panagiotis Gkatziroulis | Blue Team | Medium

running ansible playbook on bad target, obivoulsly veeam backup save my ass .Thanks to instant recovery nobody notices the failure. Since this i wrote more sanity check in my code