• 0

How does Deep Freeze work?

Asked by Post-It Note,

 Share

Question

Mentor

Post-It Note

Posted
Posted

Deep Freeze ( http://www.faronics.com/CANADA/product.asp ) is a program that prevents changes to a hard drive. You can do whatever you want to the drive, but when you restart it will return the disk to its original state.

It does this without partitioning, taking up extra space, or having another hard drive to image across. Anyone have any ideas or theories on how it works? I'm going to install the trial and see what I can find out.

Link to comment
https://www.neowin.net/forum/topic/214696-how-does-deep-freeze-work/
Share on other sites

47 answers to this question

Recommended Posts

  • 0
Mentor

mzkhadir

Posted
Posted

ThawSpace

Deep Freeze Professional has the ability to designate a portion the hard drive as ?thawed? for permanent storage. ThawSpace can be set anywhere from 16MB to 2GB. Save documents and favourite Internet sites by mapping My Documents and Favourites to ThawSpace.

  • 0
Mentor

Post-It Note

Posted
  • Author
Posted

I'm just going to say that it's a secret how it works, so going through the website is not very helpful in finding out how it works. I'm looking for how YOU think it works.

Anyways, I've installed it and started testing it out by deleting things. (of course I imaged my drive beforehand.)

  • 0
Mentor

Post-It Note

Posted
  • Author
Posted

I've delete an entire Software regedit key, and I managed to right click->delete my recycle bin. :o. Now let me restart...

Yup.. No problems. I'm going to thaw, make a really big file, freeze, and see what happens when I delete it.

  • 0
Experienced

Another_Paul

Posted
Posted

Deepfreeze is awesome for public/school computers! I have been using it for several years without any hitches. Standard will "freeze" your whole hard drive preventing any changes you after rebooting. If you have multiple harddrives you can pick and choose which ones to be "frozen". Professional will let you have a Thawed folder that will allow changes to remain the same. But the catch is that you have to buy a minimal of 10 copies of Professional instead of just one.

It's only like a 5 meg install, I have no idea how they do it! Maybe something keeps track of all the changes and reverts to the original state after it reboots.

  • 0
Grand Master

John Veteran

Posted
  • Veteran
Posted

It installs its own disk driver for each of your hard drives I noticed. I believe this is key... But I haven't been able to crack it yet. Uninstalling the driver doesn't work :(

I was able to stop the DeepFreeze process by gaining SYSTEM priviledges through a very sneaky method :shifty: (which is now blocked with SP2 :pinch:)

As much as I played with it, I couldn't break it :/ Though I'd like to try again sometime...

  • 0
Experienced

The Burning Rom

Posted
Posted

I'm not sure how it works, but I know the program itself is a pain in the arse to work with. I worked at a college that had it running on around 800 student computers. And it can get quite annoying. One of the newer versions goes into what we called "hardening" mode...where the icon in the taskbar disappears after the machine has been on for a certain period of time. Sometimes it takes 3 or 4 reboots to get it back too :angry:

What mzkhadir was talking about..."thaw space"...is a new feature of deepfreeze which allows you to designate a "partition" for deep freeze to create, which allows you to save files in, and reboot without loosing them. The only downside is when deepfreeze is uninstalled, you also wave bye bye to your thawspace and the files it contained. I sure hope they changed that in the newest version.

It's a program I'd avoid if I could. But in some situtuations (like at the college), it's one of those things that you just have to deal with.

  • 0
Mentor

Callaway

Posted
Posted

It's a fantastic program for Windows. We use the console/enterprise version in our public labs extensively at UNLV. Essentially, as long as a user can't boot to a floppy or cd-rom (lockdown the bios), it's flawless.

Want to delete Windows directory? No problem.

Want to download a few trojans? No problem.

Want to download a virus that will infect the MBR? No problem.

Soon as the workstation reboots, reverts back to the previous settings. You can set up multiple passwords, onetime passwords, mainteanance times, and if you have the console installed, you can remotely thaw/freeze workstations with a click of the mouse (or run programs / install updates).

It kicks @SS!

If you need help, send me a /pm. I would encourage ALL Windows system admins to invest in Deep Freeze.

  • 0
Mentor

Callaway

Posted
Posted
I'm not sure how it works, but I know the program itself is a pain in the arse to work with. I worked at a college that had it running on around 800 student computers. And it can get quite annoying. One of the newer versions goes into what we called "hardening" mode...where the icon in the taskbar disappears after the machine has been on for a certain period of time. Sometimes it takes 3 or 4 reboots to get it back too :angry:

What mzkhadir was talking about..."thaw space"...is a new feature of deepfreeze which allows you to designate a "partition" for deep freeze to create, which allows you to save files in, and reboot without loosing them. The only downside is when deepfreeze is uninstalled, you also wave bye bye to your thawspace and the files it contained. I sure hope they changed that in the newest version.

It's a program I'd avoid if I could. But in some situtuations (like at the college), it's one of those things that you just have to deal with.

No offense, but you don't know wth you're talking about. The thawspace has been around since for years, and you don't even need it. All it is is a temporary partition which is created before Windows loads where changes can be made that will not be erased. It's much easier and faster for the workstation to simply create a logical partition and set that drive letter as unthawed or not frozen.

As for the icon, you can choose to have the icon show in thawed / frozen or not at all. Most admins will set it to display when the workstation is thawed, so that a quick peek at the desktop will tell them somoene forgot to lock the station down.

  • 0
Mentor

Callaway

Posted
Posted
Hmm, There has to be someflaws, somewhere.

Nope...none. Unless you can boot to a floppy or cd-rom, forget it.

We also use corporate edition of Ghost, which needs to rewrite the MBR in order to boot to the boot partition. If the workstation is still frozen, nopers....DF erases the changes and boots Windows.

One downside to the product is you can only make changes in thawed mode. So if you need to make a change, thaw, reboot, make changes, freeze, hope things are good...if not, thaw, reboot, make changes, freeze, etc.

One recommendation to admins, don't store the workstation file, configuration files, or console settings on the local workstation (depends on what version you're running). Quite easy to pull the passwords out of the files.

  • 0
Contributor

ultraviolet7

Posted
Posted
Unless you can boot to a floppy or cd-rom, forget it.

i consider this a fairly big flaw but not one that is the fault of the makers of deepfreeze. gaining access to booting from those divices is a rather trivial matter on most computers even if it is set not to boot from them and locked with a password. i don't really know anyway that deepfreeze would be able to stop this though since their drivers only can take over once the OS has booted.

  • 0
Veteran

pmh

Posted
Posted
Nope...none. Unless you can boot to a floppy or cd-rom, forget it.

We also use corporate edition of Ghost, which needs to rewrite the MBR in order to boot to the boot partition. If the workstation is still frozen, nopers....DF erases the changes and boots Windows.

One downside to the product is you can only make changes in thawed mode. So if you need to make a change, thaw, reboot, make changes, freeze, hope things are good...if not, thaw, reboot, make changes, freeze, etc.

One recommendation to admins, don't store the workstation file, configuration files, or console settings on the local workstation (depends on what version you're running). Quite easy to pull the passwords out of the files.

I don't care how carefully the code was debugged, I bet that there is some screw up in there. Just because no one has found it yet doesn't mean it doesn't exsist.

  • 0
Collaborator

genghis

Posted
Posted (edited)

this pice of software is like ah bad habit u just cant kick

i found the only way of getting rid of this is a complete low level format of your hard disk.

imagine tinking u have formated to reinstall windows only to reboot and find that nuting has changed.

or pc crashing on u while ur working on end of semester report and have to reboot!!!!! report vanishes !!!!!!!!!

i have been there!

on the up side if u have trial version software, install but dont activate

then freeze .

now everytime u reboot and run it, it'll be like first time...counter resets to zero.

Edited by genghis
  • 0
Collaborator

xTrinity

Posted
Posted (edited)

How to kill DeepFreeze:

I did this many times, temporarily disabling DeepFreeze to put files on the computer and then restoring it. It does NOT use an image of your drive. I'm not surely exactly how it operates, but its not an image. I believe it tracks every write to the harddrive and reverses it. That explains how this method works.

Win9x:

Use floppy to boot into DOS. Goto DeepFreeze folder and rename/delete it. Restart computer and volia! DeepFreeze is gone. Do anything you need want to the computer, and the changes stay. Boot back into DOS, restore the DeepFreeze folder and volia! DeepFreeze will forever restore the computer to the state in which you modified it to.

This proves that DeepFreeze does not use images or any kind of backup.

WinXP/2k:

A bit harder since WinXP/2k has no native DOS. You will need to use the Windows install disc to get into the DOS recovery mode thingy. Then do the above and it will work fine.

Although this only works if the sys admin is an idiot. Who in their right mind would install DeepFreeze and then allow someone to boot with a floppy or CD? As long as you can boot into DOS, you can remove DeepFreeze. If you cannot boot into DOS, there's no way to remove DeepFreeze. A smart sys admin would password the BIOS and boot only the harddrive. Of course, not everyone is that bright :p

EDIT: DeepFreeze is written in an extremely low level assembly. It makes direct calls to the processor and memory, bypassing Windows altogether. Have fun with SoftIce on this. There's a reason why this software is thousands of dollars :). But if you want to try, tokens are the key.

Edited by xTrinity
  • 0
Mentor

+orgitnized Subscriber¹

Posted
  • Subscriber¹
Posted

Very similar to Fortres Clean Slate and they both have their flaws.

Deep Freeze and Clean Slate both have incompatibilities with software, especially installers. And NO, it DOES NOT matter whether or not a thaw space is used, or the software is enabled or disabled.

I have it and have used it at a few schools.

Clean Slate and Deep Freeze are both a pain in the arse when it comes to managing a lot of the workstations at once. This is especially true in Novell networks. If you don't have the Client for Microsoft Networks installed it's a pain because it wants to read workstation names, which are exactly the same if you image the workstations. This is because the Novell client doesn't care at all about the "workstation" name, but more about the NDS or eDir name instead.

It serves its purpose in respects to using it on unmanaged networks or networks that aren't at all volatile. I make changes to 500 computers at the same time, and the last thing I want to do is load up another management console and try to disable some machines and not others, etc. To me, it's a pain. I have much better luck without the software. For stand-alone machines and what-not, I can see the purpose. Heck, even on NT networks with mixed clients I can see a better purpose. But on Novell networks, I don't need it at all. Everything is locked down with policies and backed up by imaging the machines anyway, so it's just a waste of money in that respect. Kids essentially could screw the machines up every night and it wouldn't even matter one bit. Not that they can, because policies restrict them from doing it, but it wouldn't matter anyway.

They did tell me that the driver was the biggest part of the program, so gameguy is on the right track. Since it's installed and loaded right at bootup, all changes get discarded. I stopped using it once we found a a way to break security in Fotres and Faronics-brand products that would render the workstation immediately inoperable. They fixed it when we called them about it (in their next release) but it just wasn't that impressive.

It does have its uses, but I would use it on something that's really unmanaged, like stand-alone machines that aren't governed by any type of security or administration.

  • 0
Mentor

Callaway

Posted
Posted
How to kill DeepFreeze:

I did this many times, temporarily disabling DeepFreeze to put files on the computer and then restoring it. It does NOT use an image of your drive. I'm not surely exactly how it operates, but its not an image. I believe it tracks every write to the harddrive and reverses it. That explains how this method works.

Win9x:

Use floppy to boot into DOS. Goto DeepFreeze folder and rename/delete it. Restart computer and volia! DeepFreeze is gone. Do anything you need want to the computer, and the changes stay. Boot back into DOS, restore the DeepFreeze folder and volia! DeepFreeze will forever restore the computer to the state in which you modified it to.

This proves that DeepFreeze does not use images or any kind of backup.

WinXP/2k:

A bit harder since WinXP/2k has no native DOS. You will need to use the Windows install disc to get into the DOS recovery mode thingy. Then do the above and it will work fine.

Although this only works if the sys admin is an idiot. Who in their right mind would install DeepFreeze and then allow someone to boot with a floppy or CD? As long as you can boot into DOS, you can remove DeepFreeze. If you cannot boot into DOS, there's no way to remove DeepFreeze. A smart sys admin would password the BIOS and boot only the harddrive. Of course, not everyone is that bright :p

EDIT: DeepFreeze is written in an extremely low level assembly. It makes direct calls to the processor and memory, bypassing Windows altogether. Have fun with SoftIce on this. There's a reason why this software is thousands of dollars :). But if you want to try, tokens are the key.

yes, but both of your scenarios require booting to somoething other than the hard drive. This is the only known means of bypassing DeepFreeze.

Try bypassing it without booting to another device.... ;) Any half-@ss admin should lockdown down the BIOS...

  • 0
Mentor

Callaway

Posted
Posted
Very similar to Fortres Clean Slate and they both have their flaws.

Deep Freeze and Clean Slate both have incompatibilities with software, especially installers. And NO, it DOES NOT matter whether or not a thaw space is used, or the software is enabled or disabled.

I have it and have used it at a few schools.

Clean Slate and Deep Freeze are both a pain in the arse when it comes to managing a lot of the workstations at once. This is especially true in Novell networks. If you don't have the Client for Microsoft Networks installed it's a pain because it wants to read workstation names, which are exactly the same if you image the workstations. This is because the Novell client doesn't care at all about the "workstation" name, but more about the NDS or eDir name instead.

It serves its purpose in respects to using it on unmanaged networks or networks that aren't at all volatile. I make changes to 500 computers at the same time, and the last thing I want to do is load up another management console and try to disable some machines and not others, etc. To me, it's a pain. I have much better luck without the software. For stand-alone machines and what-not, I can see the purpose. Heck, even on NT networks with mixed clients I can see a better purpose. But on Novell networks, I don't need it at all. Everything is locked down with policies and backed up by imaging the machines anyway, so it's just a waste of money in that respect. Kids essentially could screw the machines up every night and it wouldn't even matter one bit. Not that they can, because policies restrict them from doing it, but it wouldn't matter anyway.

They did tell me that the driver was the biggest part of the program, so gameguy is on the right track. Since it's installed and loaded right at bootup, all changes get discarded. I stopped using it once we found a a way to break security in Fotres and Faronics-brand products that would render the workstation immediately inoperable. They fixed it when we called them about it (in their next release) but it just wasn't that impressive.

It does have its uses, but I would use it on something that's really unmanaged, like stand-alone machines that aren't governed by any type of security or administration.

Deep Freeze and Clean Slate both have incompatibilities with software, especially installers.  And NO, it DOES NOT matter whether or not a thaw space is used, or the software is enabled or disabled.
Deep Freeze does not interact w/ any installers whatsoever. It doesn't interact at all with the workstation until reboot...You can do whatever you want with it and it could care less.
Clean Slate and Deep Freeze are both a pain in the arse when it comes to managing a lot of the workstations at once.  This is especially true in Novell networks.  If you don't have the Client for Microsoft Networks installed it's a pain because it wants to read workstation names, which are exactly the same if you image the workstations.  This is because the Novell client doesn't care at all about the "workstation" name, but more about the NDS or eDir name instead.

It serves its purpose in respects to using it on unmanaged networks or networks that aren't at all volatile.  I make changes to 500 computers at the same time, and the last thing I want to do is load up another management console and try to disable some machines and not others, etc.  To me, it's a pain.  I have much better luck without the software.  For stand-alone machines and what-not, I can see the purpose.  Heck, even on NT networks with mixed clients I can see a better purpose. 

We use 99% Novell on close to 5000 workstations, it's not even an issue with Deep Freeze (nor AD). The Console version of Deep Freeze kicks butt, serious commie butt. All you have to do is install the workstation seed, and you can see the workstations just fine. You don't even need the MS Client installed...The Console is beautiful.

But on Novell networks, I don't need it at all.  Everything is locked down with policies and backed up by imaging the machines anyway, so it's just a waste of money in that respect.  Kids essentially could screw the machines up every night and it wouldn't even matter one bit.  Not that they can, because policies restrict them from doing it, but it wouldn't matter anyway.

If you're administering some +1000 machines, I fail to see how having DF installed is a waste of money. If anything, it will save you money in manpower, time, and network usage by NOT having to reimage all your machines. Used in conjunction with any imaging software (like Ghost) and life suddenly became enjoyable.

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft: Windows 11 could finally solve a major issue across AMD, Nvidia, and Intel GPUs

      By Snake Doc · Posted

      If I ever get that issue I will let you know how I fix it
    • Nothing kills CMF Phone 2 Pro's successor due to rising memory prices

      By Elliot B. · Posted

      Literally everyone has been saying this.
    • Nothing kills CMF Phone 2 Pro's successor due to rising memory prices

      By monterxz · Posted

      As I've been usually saying lately - we all can thank "AI" for this.
    • Windows 11 version 26H2 is now available for testing in the latest preview build

      By +TRS-80 · Posted

      Friday Windows 11 preview builds are here. Insiders in the Experimental (formerly Dev) and Beta Channel can download builds 26300.8697 and 26220.8690. My Windows11 device on the Preview Channel just got 26220.8728. My guess is this build is a nightly update from 26220.8690.
    • Traffic has a surprisingly unexpected impact on your surroundings

      By hellowalkman · Posted

      Traffic has a surprisingly unexpected impact on your surroundings by Sayan Sen Image by Radik 2707 via Pexels A collaborative study by researchers from several Israeli institutions found that everyday pollution from traffic and industrial activity measurably changed the atmospheric electric field over the Tel Aviv metropolitan area, providing new evidence of how human activity can influence the lower atmosphere. The research was led by Dr. Roy Yaniv of the Hebrew University of Jerusalem and the Gertner Institute at Sheba Medical Center, Dr. Assaf Hochman of the Fredy & Nadine Herrmann Institute of Earth Sciences at the Hebrew University, and Prof. Yoav Yair of Reichman University. The study also involved Itay Froomer, a student from Hadera High School and the Israeli Museum of Medicine and Science (Technoda), who carried out the work as part of the Ministry of Education's 5-unit physics research track. The researchers focused on the atmospheric electric field under fair-weather conditions. Even in the absence of storms, a weak electric field naturally exists between Earth's surface and the atmosphere. One of the main ways scientists measure this field is through the Potential Gradient (PG), which is the inverse of the vertical component of the electric field. PG is a key part of the global electric circuit, a planet-wide system of electrical currents maintained by thunderstorms and electrified clouds around the world. Scientists have long known that the atmospheric electric field can be influenced by factors ranging from large-scale atmospheric processes to local weather conditions such as dust, fog and clouds. Human-made pollution is also known to play a role, but understanding exactly how urban emissions affect the electric field close to the ground has remained an area of ongoing research. To investigate this relationship, the team analyzed measurements from a newly installed electric field mill, an instrument used to continuously monitor the strength of the atmospheric electric field. The instrument was installed at the Center for Technological Education (Roter House) in Holon and became operational in August 2024. It was funded by Israel's Ministry of Education and the Holon municipality. The electric field mill forms part of a broader monitoring network that includes nearby meteorological stations and air-quality monitoring sites. This allowed researchers to compare electric field measurements with detailed weather data and pollution records to better understand what was driving changes in the Potential Gradient. The study focused on two major urban pollutants: fine particulate matter (PM2.5) and nitrogen oxides (NOx), both commonly produced by vehicle traffic and industrial activity. PM2.5 refers to microscopic airborne particles small enough to remain suspended in the atmosphere for extended periods, while NOx is a group of gases released during fuel combustion. Researchers examined daily, weekly and seasonal patterns in the atmospheric electric field and compared them with changes in pollutant concentrations. Their analysis revealed a clear relationship between NOx levels and changes in the Potential Gradient, particularly during morning and evening rush hours when traffic emissions were at their highest. “What we observe is a direct physical link between emission peaks and electrical variability,” explained Dr. Roy Yaniv. “NOx reduces atmospheric conductivity very quickly, so the electric field responds almost instantaneously during traffic rush hours.” Atmospheric conductivity describes how easily electrical charges move through the air. According to the researchers, nitrogen oxides rapidly alter this conductivity, causing a near-immediate response in the electric field. PM2.5, however, was associated with a delayed response. The researchers attributed this difference to the particles' longer atmospheric residence time, meaning they remain in the atmosphere for longer periods, as well as their different microphysical interactions with surrounding air and atmospheric components. The study also identified a pronounced "weekend effect." In Israel, traffic volumes and some industrial activity decline significantly on Fridays and Saturdays. During these periods, concentrations of both NOx and PM2.5 dropped, and corresponding changes were observed in the atmospheric electric field. “The weekend signal demonstrates just how sensitive the electric field is to changes in human activity,” the researchers noted. “When emissions decline, the electrical environment adjusts at once, providing a high-resolution indicator of urban atmospheric conditions.” The findings showed that pollution levels can influence not only the chemical composition of the atmosphere but also its electrical properties. Researchers said the results strengthened the case for using atmospheric electricity as an additional tool for environmental monitoring, particularly in densely populated urban areas where anthropogenic, or human-caused, influences are most pronounced. The study also pointed to potential public health applications. By combining air-quality measurements with observations of atmospheric electricity, researchers said they could gain a more complete picture of how urban atmospheric conditions change over time. “Integrating air-quality data with electric-field measurements gives us a clearer picture of how the lower atmosphere evolves moment by moment,” the researchers added. “It’s a framework that can support both scientific insight and practical environmental decision-making.” Beyond the scientific findings, the project highlighted a collaboration between universities, public institutions and secondary education. Researchers said the work demonstrated how students could take part in real-world environmental research while contributing to studies of air quality, atmospheric processes and their potential effects on society. Source: Hebrew University, ScienceDirect This article was generated with some help from AI and reviewed by an editor. Under Section 107 of the Copyright Act 1976, this material is used for the purpose of news reporting. Fair use is a use permitted by copyright statute that might otherwise be infringing

  • Recent Achievements

    • Week One Done
      AMV earned a badge
      Week One Done
    • One Month Later
      AMV earned a badge
      One Month Later
    • Collaborator
      ryansurfer98 went up a rank
      Collaborator
    • One Month Later
      Eurosoft10 earned a badge
      One Month Later
    • Week One Done
      Eurosoft10 earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      540
    2. 2
      +Edouard
      186
    3. 3
      PsYcHoKiLLa
      80
    4. 4
      Michael Scrip
      77
    5. 5
      Steven P.
      72
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!