Before we blame the IT staff, let me give this some perspective. (I have nine years experience as a teacher & tech director in a public K-12 US school.)
First, I'm reasonably confident in saying that, if proper Group Policy was implemented and user restrictions put in place, this never would have happened. Second, this is a HUGE school district with over 50 schools. They can certainly afford a public liaison (who was speaking on behalf of the district in the local broadcast), and I'm sure they have a large IT staff...I'm guessing in the neighborhood of 20-30 employees. Though public school districts would pay less than Microsoft right next door, given the sheer numbers there must be at least a few people on that staff that know how to accomplish this and as well of its value in preventing this sort of mess from happening.
With that in mind, here's what I've concluded: There is likely someone with leadership authority who told IT staff to let students manage their own laptops and have admin privileges. Given the size of the district, the directive either came from the district technology committee, or directly from the superintendent, school board, or both. All it would take is a number of parents to ignorantly complain to a "friend on the board" that "Johnny's laptop is broken - he can't install the programs he needs to do his homework" for the school board to direct the superintendent to "fix the issue." Likely this was a top-down order; I simply cannot imagine a tech staff that large to be that incompetent on their own.
What bothers me about this is how they're going about trying to fix the problem. If I had a worst-case mass-deployment of a virus at my school, I would just recall all the equipment, reimage everything, and redeploy a week later. I would issue a directive to all the staff that the equipment is down for one week to be cleaned, and make due without it. It's either one week of downtime or months of unreliability. If teachers would know that they have the option of either the problem being fixed in a week or the problem being "managed" over months, they would all take the week's downtime in a heartbeat.
One other question I have for those here: have you ever encountered a Windows virus that, as they claim, just "spreads on the network" without user initiation of the virus by clicking on an executable, script, or loading an infected webpage? I think the much more likely scenario is that this virus is being spread through usb flash disks, but I'm not sure whether that explanation was too technical for staff to understand.