• 0

How does Deep Freeze work?

Asked by Post-It Note,

 Share

Question

Mentor

Post-It Note

Posted
Posted

Deep Freeze ( http://www.faronics.com/CANADA/product.asp ) is a program that prevents changes to a hard drive. You can do whatever you want to the drive, but when you restart it will return the disk to its original state.

It does this without partitioning, taking up extra space, or having another hard drive to image across. Anyone have any ideas or theories on how it works? I'm going to install the trial and see what I can find out.

Link to comment
https://www.neowin.net/forum/topic/214696-how-does-deep-freeze-work/
Share on other sites

47 answers to this question

Recommended Posts

  • 0
Mentor

mzkhadir

Posted
Posted

ThawSpace

Deep Freeze Professional has the ability to designate a portion the hard drive as ?thawed? for permanent storage. ThawSpace can be set anywhere from 16MB to 2GB. Save documents and favourite Internet sites by mapping My Documents and Favourites to ThawSpace.

  • 0
Mentor

Post-It Note

Posted
  • Author
Posted

I'm just going to say that it's a secret how it works, so going through the website is not very helpful in finding out how it works. I'm looking for how YOU think it works.

Anyways, I've installed it and started testing it out by deleting things. (of course I imaged my drive beforehand.)

  • 0
Mentor

Post-It Note

Posted
  • Author
Posted

I've delete an entire Software regedit key, and I managed to right click->delete my recycle bin. :o. Now let me restart...

Yup.. No problems. I'm going to thaw, make a really big file, freeze, and see what happens when I delete it.

  • 0
Experienced

Another_Paul

Posted
Posted

Deepfreeze is awesome for public/school computers! I have been using it for several years without any hitches. Standard will "freeze" your whole hard drive preventing any changes you after rebooting. If you have multiple harddrives you can pick and choose which ones to be "frozen". Professional will let you have a Thawed folder that will allow changes to remain the same. But the catch is that you have to buy a minimal of 10 copies of Professional instead of just one.

It's only like a 5 meg install, I have no idea how they do it! Maybe something keeps track of all the changes and reverts to the original state after it reboots.

  • 0
Grand Master

John Veteran

Posted
  • Veteran
Posted

It installs its own disk driver for each of your hard drives I noticed. I believe this is key... But I haven't been able to crack it yet. Uninstalling the driver doesn't work :(

I was able to stop the DeepFreeze process by gaining SYSTEM priviledges through a very sneaky method :shifty: (which is now blocked with SP2 :pinch:)

As much as I played with it, I couldn't break it :/ Though I'd like to try again sometime...

  • 0
Experienced

The Burning Rom

Posted
Posted

I'm not sure how it works, but I know the program itself is a pain in the arse to work with. I worked at a college that had it running on around 800 student computers. And it can get quite annoying. One of the newer versions goes into what we called "hardening" mode...where the icon in the taskbar disappears after the machine has been on for a certain period of time. Sometimes it takes 3 or 4 reboots to get it back too :angry:

What mzkhadir was talking about..."thaw space"...is a new feature of deepfreeze which allows you to designate a "partition" for deep freeze to create, which allows you to save files in, and reboot without loosing them. The only downside is when deepfreeze is uninstalled, you also wave bye bye to your thawspace and the files it contained. I sure hope they changed that in the newest version.

It's a program I'd avoid if I could. But in some situtuations (like at the college), it's one of those things that you just have to deal with.

  • 0
Mentor

Callaway

Posted
Posted

It's a fantastic program for Windows. We use the console/enterprise version in our public labs extensively at UNLV. Essentially, as long as a user can't boot to a floppy or cd-rom (lockdown the bios), it's flawless.

Want to delete Windows directory? No problem.

Want to download a few trojans? No problem.

Want to download a virus that will infect the MBR? No problem.

Soon as the workstation reboots, reverts back to the previous settings. You can set up multiple passwords, onetime passwords, mainteanance times, and if you have the console installed, you can remotely thaw/freeze workstations with a click of the mouse (or run programs / install updates).

It kicks @SS!

If you need help, send me a /pm. I would encourage ALL Windows system admins to invest in Deep Freeze.

  • 0
Mentor

Callaway

Posted
Posted
I'm not sure how it works, but I know the program itself is a pain in the arse to work with. I worked at a college that had it running on around 800 student computers. And it can get quite annoying. One of the newer versions goes into what we called "hardening" mode...where the icon in the taskbar disappears after the machine has been on for a certain period of time. Sometimes it takes 3 or 4 reboots to get it back too :angry:

What mzkhadir was talking about..."thaw space"...is a new feature of deepfreeze which allows you to designate a "partition" for deep freeze to create, which allows you to save files in, and reboot without loosing them. The only downside is when deepfreeze is uninstalled, you also wave bye bye to your thawspace and the files it contained. I sure hope they changed that in the newest version.

It's a program I'd avoid if I could. But in some situtuations (like at the college), it's one of those things that you just have to deal with.

No offense, but you don't know wth you're talking about. The thawspace has been around since for years, and you don't even need it. All it is is a temporary partition which is created before Windows loads where changes can be made that will not be erased. It's much easier and faster for the workstation to simply create a logical partition and set that drive letter as unthawed or not frozen.

As for the icon, you can choose to have the icon show in thawed / frozen or not at all. Most admins will set it to display when the workstation is thawed, so that a quick peek at the desktop will tell them somoene forgot to lock the station down.

  • 0
Mentor

Callaway

Posted
Posted
Hmm, There has to be someflaws, somewhere.

Nope...none. Unless you can boot to a floppy or cd-rom, forget it.

We also use corporate edition of Ghost, which needs to rewrite the MBR in order to boot to the boot partition. If the workstation is still frozen, nopers....DF erases the changes and boots Windows.

One downside to the product is you can only make changes in thawed mode. So if you need to make a change, thaw, reboot, make changes, freeze, hope things are good...if not, thaw, reboot, make changes, freeze, etc.

One recommendation to admins, don't store the workstation file, configuration files, or console settings on the local workstation (depends on what version you're running). Quite easy to pull the passwords out of the files.

  • 0
Contributor

ultraviolet7

Posted
Posted
Unless you can boot to a floppy or cd-rom, forget it.

i consider this a fairly big flaw but not one that is the fault of the makers of deepfreeze. gaining access to booting from those divices is a rather trivial matter on most computers even if it is set not to boot from them and locked with a password. i don't really know anyway that deepfreeze would be able to stop this though since their drivers only can take over once the OS has booted.

  • 0
Veteran

pmh

Posted
Posted
Nope...none. Unless you can boot to a floppy or cd-rom, forget it.

We also use corporate edition of Ghost, which needs to rewrite the MBR in order to boot to the boot partition. If the workstation is still frozen, nopers....DF erases the changes and boots Windows.

One downside to the product is you can only make changes in thawed mode. So if you need to make a change, thaw, reboot, make changes, freeze, hope things are good...if not, thaw, reboot, make changes, freeze, etc.

One recommendation to admins, don't store the workstation file, configuration files, or console settings on the local workstation (depends on what version you're running). Quite easy to pull the passwords out of the files.

I don't care how carefully the code was debugged, I bet that there is some screw up in there. Just because no one has found it yet doesn't mean it doesn't exsist.

  • 0
Collaborator

genghis

Posted
Posted (edited)

this pice of software is like ah bad habit u just cant kick

i found the only way of getting rid of this is a complete low level format of your hard disk.

imagine tinking u have formated to reinstall windows only to reboot and find that nuting has changed.

or pc crashing on u while ur working on end of semester report and have to reboot!!!!! report vanishes !!!!!!!!!

i have been there!

on the up side if u have trial version software, install but dont activate

then freeze .

now everytime u reboot and run it, it'll be like first time...counter resets to zero.

Edited by genghis
  • 0
Collaborator

xTrinity

Posted
Posted (edited)

How to kill DeepFreeze:

I did this many times, temporarily disabling DeepFreeze to put files on the computer and then restoring it. It does NOT use an image of your drive. I'm not surely exactly how it operates, but its not an image. I believe it tracks every write to the harddrive and reverses it. That explains how this method works.

Win9x:

Use floppy to boot into DOS. Goto DeepFreeze folder and rename/delete it. Restart computer and volia! DeepFreeze is gone. Do anything you need want to the computer, and the changes stay. Boot back into DOS, restore the DeepFreeze folder and volia! DeepFreeze will forever restore the computer to the state in which you modified it to.

This proves that DeepFreeze does not use images or any kind of backup.

WinXP/2k:

A bit harder since WinXP/2k has no native DOS. You will need to use the Windows install disc to get into the DOS recovery mode thingy. Then do the above and it will work fine.

Although this only works if the sys admin is an idiot. Who in their right mind would install DeepFreeze and then allow someone to boot with a floppy or CD? As long as you can boot into DOS, you can remove DeepFreeze. If you cannot boot into DOS, there's no way to remove DeepFreeze. A smart sys admin would password the BIOS and boot only the harddrive. Of course, not everyone is that bright :p

EDIT: DeepFreeze is written in an extremely low level assembly. It makes direct calls to the processor and memory, bypassing Windows altogether. Have fun with SoftIce on this. There's a reason why this software is thousands of dollars :). But if you want to try, tokens are the key.

Edited by xTrinity
  • 0
Mentor

+orgitnized Subscriber¹

Posted
  • Subscriber¹
Posted

Very similar to Fortres Clean Slate and they both have their flaws.

Deep Freeze and Clean Slate both have incompatibilities with software, especially installers. And NO, it DOES NOT matter whether or not a thaw space is used, or the software is enabled or disabled.

I have it and have used it at a few schools.

Clean Slate and Deep Freeze are both a pain in the arse when it comes to managing a lot of the workstations at once. This is especially true in Novell networks. If you don't have the Client for Microsoft Networks installed it's a pain because it wants to read workstation names, which are exactly the same if you image the workstations. This is because the Novell client doesn't care at all about the "workstation" name, but more about the NDS or eDir name instead.

It serves its purpose in respects to using it on unmanaged networks or networks that aren't at all volatile. I make changes to 500 computers at the same time, and the last thing I want to do is load up another management console and try to disable some machines and not others, etc. To me, it's a pain. I have much better luck without the software. For stand-alone machines and what-not, I can see the purpose. Heck, even on NT networks with mixed clients I can see a better purpose. But on Novell networks, I don't need it at all. Everything is locked down with policies and backed up by imaging the machines anyway, so it's just a waste of money in that respect. Kids essentially could screw the machines up every night and it wouldn't even matter one bit. Not that they can, because policies restrict them from doing it, but it wouldn't matter anyway.

They did tell me that the driver was the biggest part of the program, so gameguy is on the right track. Since it's installed and loaded right at bootup, all changes get discarded. I stopped using it once we found a a way to break security in Fotres and Faronics-brand products that would render the workstation immediately inoperable. They fixed it when we called them about it (in their next release) but it just wasn't that impressive.

It does have its uses, but I would use it on something that's really unmanaged, like stand-alone machines that aren't governed by any type of security or administration.

  • 0
Mentor

Callaway

Posted
Posted
How to kill DeepFreeze:

I did this many times, temporarily disabling DeepFreeze to put files on the computer and then restoring it. It does NOT use an image of your drive. I'm not surely exactly how it operates, but its not an image. I believe it tracks every write to the harddrive and reverses it. That explains how this method works.

Win9x:

Use floppy to boot into DOS. Goto DeepFreeze folder and rename/delete it. Restart computer and volia! DeepFreeze is gone. Do anything you need want to the computer, and the changes stay. Boot back into DOS, restore the DeepFreeze folder and volia! DeepFreeze will forever restore the computer to the state in which you modified it to.

This proves that DeepFreeze does not use images or any kind of backup.

WinXP/2k:

A bit harder since WinXP/2k has no native DOS. You will need to use the Windows install disc to get into the DOS recovery mode thingy. Then do the above and it will work fine.

Although this only works if the sys admin is an idiot. Who in their right mind would install DeepFreeze and then allow someone to boot with a floppy or CD? As long as you can boot into DOS, you can remove DeepFreeze. If you cannot boot into DOS, there's no way to remove DeepFreeze. A smart sys admin would password the BIOS and boot only the harddrive. Of course, not everyone is that bright :p

EDIT: DeepFreeze is written in an extremely low level assembly. It makes direct calls to the processor and memory, bypassing Windows altogether. Have fun with SoftIce on this. There's a reason why this software is thousands of dollars :). But if you want to try, tokens are the key.

yes, but both of your scenarios require booting to somoething other than the hard drive. This is the only known means of bypassing DeepFreeze.

Try bypassing it without booting to another device.... ;) Any half-@ss admin should lockdown down the BIOS...

  • 0
Mentor

Callaway

Posted
Posted
Very similar to Fortres Clean Slate and they both have their flaws.

Deep Freeze and Clean Slate both have incompatibilities with software, especially installers. And NO, it DOES NOT matter whether or not a thaw space is used, or the software is enabled or disabled.

I have it and have used it at a few schools.

Clean Slate and Deep Freeze are both a pain in the arse when it comes to managing a lot of the workstations at once. This is especially true in Novell networks. If you don't have the Client for Microsoft Networks installed it's a pain because it wants to read workstation names, which are exactly the same if you image the workstations. This is because the Novell client doesn't care at all about the "workstation" name, but more about the NDS or eDir name instead.

It serves its purpose in respects to using it on unmanaged networks or networks that aren't at all volatile. I make changes to 500 computers at the same time, and the last thing I want to do is load up another management console and try to disable some machines and not others, etc. To me, it's a pain. I have much better luck without the software. For stand-alone machines and what-not, I can see the purpose. Heck, even on NT networks with mixed clients I can see a better purpose. But on Novell networks, I don't need it at all. Everything is locked down with policies and backed up by imaging the machines anyway, so it's just a waste of money in that respect. Kids essentially could screw the machines up every night and it wouldn't even matter one bit. Not that they can, because policies restrict them from doing it, but it wouldn't matter anyway.

They did tell me that the driver was the biggest part of the program, so gameguy is on the right track. Since it's installed and loaded right at bootup, all changes get discarded. I stopped using it once we found a a way to break security in Fotres and Faronics-brand products that would render the workstation immediately inoperable. They fixed it when we called them about it (in their next release) but it just wasn't that impressive.

It does have its uses, but I would use it on something that's really unmanaged, like stand-alone machines that aren't governed by any type of security or administration.

Deep Freeze and Clean Slate both have incompatibilities with software, especially installers.  And NO, it DOES NOT matter whether or not a thaw space is used, or the software is enabled or disabled.
Deep Freeze does not interact w/ any installers whatsoever. It doesn't interact at all with the workstation until reboot...You can do whatever you want with it and it could care less.
Clean Slate and Deep Freeze are both a pain in the arse when it comes to managing a lot of the workstations at once.  This is especially true in Novell networks.  If you don't have the Client for Microsoft Networks installed it's a pain because it wants to read workstation names, which are exactly the same if you image the workstations.  This is because the Novell client doesn't care at all about the "workstation" name, but more about the NDS or eDir name instead.

It serves its purpose in respects to using it on unmanaged networks or networks that aren't at all volatile.  I make changes to 500 computers at the same time, and the last thing I want to do is load up another management console and try to disable some machines and not others, etc.  To me, it's a pain.  I have much better luck without the software.  For stand-alone machines and what-not, I can see the purpose.  Heck, even on NT networks with mixed clients I can see a better purpose. 

We use 99% Novell on close to 5000 workstations, it's not even an issue with Deep Freeze (nor AD). The Console version of Deep Freeze kicks butt, serious commie butt. All you have to do is install the workstation seed, and you can see the workstations just fine. You don't even need the MS Client installed...The Console is beautiful.

But on Novell networks, I don't need it at all.  Everything is locked down with policies and backed up by imaging the machines anyway, so it's just a waste of money in that respect.  Kids essentially could screw the machines up every night and it wouldn't even matter one bit.  Not that they can, because policies restrict them from doing it, but it wouldn't matter anyway.

If you're administering some +1000 machines, I fail to see how having DF installed is a waste of money. If anything, it will save you money in manpower, time, and network usage by NOT having to reimage all your machines. Used in conjunction with any imaging software (like Ghost) and life suddenly became enjoyable.

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Waymo recalls self-driving software after cars enter closed freeway work zones

      By Phillip0web · Posted

      You're absolutely right! No reason in hell these should be on the road!
    • This is how much iPhone 18 Pro could cost after Apple's price hike confirmed

      By Phillip0web · Posted

      They aren't going to want to. Most would just go with the 17 Pro and save money. Why would they want to spend $300 for basically the same thing? It's not worth it if there are hardly any changes from year to year.
    • Windows 11 version 26H2 is now available for testing in the latest preview build

      By Steven P. · Posted

      24H2 rolled out to the Release Preview Channel in early June 2024, so this coming a bit later in the Experimental Channel (formerly Dev) doesn't really say much more than earlier H2 releases that came out in October. I am not sure what the thinking is here by putting it in Experimental, one would think that the 26H2 stamp means features are locked down and it's now bug tested until October? I don't even pretend to understand Microsoft's strategy for Windows Insider Program though
    • Nothing Ear (a) and CMF Buds Pro 2 with active noise cancellation drop to lowest price ever

      By Fiza Ali · Posted

      Nothing Ear (a) and CMF Buds Pro 2 with active noise cancellation drop to lowest price ever by Fiza Ali With Prime Day 2026 scheduled to run from Tuesday 23 to Friday 26 June, Amazon has already begun rolling out early access offers ahead of the main event. Particularly, Nothing Ear (a) and CMF Buds Pro 2 wireless earbuds have dropped to their lowest price ever with limited Prime deal offering 33% and 24% discounts, respectively. Nothing Ear (a) are equipped with 11mm dynamic drivers featuring a PM1 + TPU diaphragm. For noise control, the earbuds offer active noise cancellation (ANC) of up to 45dB across frequencies reaching 5,000Hz. The smart ANC algorithm adapts to surrounding noise levels, while a Transparency Mode allows users to remain aware of their environment when needed. Connectivity is handled via Bluetooth 5.3, with support for AAC, SBC, and LDAC audio codecs. Additional features include IP54-rated earbuds for dust and splash resistance, paired with an IPX2-rated charging case. Furthermore, users also benefit from pinch controls, in-ear detection, Google Fast Pair, Microsoft Swift Pair, dual-device connectivity, and a low-latency mode designed for gaming and video playback. The Nothing X app unlocks a range of customisation options, including a personalised equaliser, bass enhancement, control remapping, ear tip fit testing, firmware updates, dual-device management, a Find My Earbuds feature, and low-latency mode settings. When it comes to the battery, the earbuds house a 46mAh lithium-ion battery, while the charging case contains a 500mAh cell. With ANC disabled, users can expect up to 9.5 hours of playback from the earbuds and up to 42.5 hours in total with the charging case. With ANC enabled, battery life is rated at up to 5.5 hours per charge and up to 24.5 hours combined with the case. Finally, fast charging is also supported that should provide up to 10 hours of playback from a 10-minute charge with ANC turned off. Nothing Ear (a) Wireless Earbuds (Black): $53.20 (Amazon US) - 33% The CMF Buds Pro 2 feature a dual-driver audio system consisting of an 11mm bass driver and a 6mm micro-planar tweeter. The earbuds use PU (polyurethane) and PET (polyethylene terephthalate) titanium-coated diaphragms and are tuned by Nothing to deliver balanced audio performance. They further support active noise cancellation of up to 50dB across a frequency range of up to 5,000Hz, and noise control features include a Smart ANC algorithm, Adaptive ANC, Transparency Mode, and Clear Voice Technology 2.0. For calls, the CMF Buds Pro 2 use a total of six microphones and feature an environmental noise-cancelling algorithm, Clear Voice Technology 3.0, and Wind Noise Reduction 3.0 that should improve voice clarity during conversations. Furthermore, when it comes to the connectivity, it is provided through Bluetooth 5.4. Additional features include an IP55 rating for dust and water resistance, Google Fast Pair, Microsoft Swift Pair, in-ear detection, a low-latency mode, and a Find My Earbuds function. Moreover, through the Nothing X app for Android and iOS, users can access custom EQ settings, a bass enhancement algorithm, customisable controls, Find My Earbuds, low-latency mode, dual-device connectivity, an ear tip fit test, and firmware updates. The earbuds contain a 60mAh rechargeable lithium-ion battery, while the charging case houses a 460mAh battery. A full charge of the earbuds and case via USB-C should take approximately 85 minutes, while the earbuds alone should be fully recharged in the case in around 60 minutes. Battery life is rated at up to 11 hours of playback on a single charge and up to 43 hours with the charging case when ANC is turned off. With ANC enabled, playback time is reduced to up to 6.5 hours on the earbuds and up to 26 hours with the charging case. Talk time is rated at up to 6 hours on the earbuds and 25 hours with the case with ANC disabled, or up to 4.8 hours and 18.6 hours, respectively, with ANC enabled. CMF Buds Pro 2 Wireless Earbuds (Dark Grey): $37.05 (Amazon US) - 24% Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • Windows 11 version 26H2 is now available for testing in the latest preview build

      By excalpius · Posted

      I'll move to it when it hits beta, I suspect.

  • Recent Achievements

    • Week One Done
      AMV earned a badge
      Week One Done
    • One Month Later
      AMV earned a badge
      One Month Later
    • Collaborator
      ryansurfer98 went up a rank
      Collaborator
    • One Month Later
      Eurosoft10 earned a badge
      One Month Later
    • Week One Done
      Eurosoft10 earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      542
    2. 2
      +Edouard
      186
    3. 3
      Michael Scrip
      77
    4. 4
      PsYcHoKiLLa
      76
    5. 5
      Steven P.
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!