How does Deep Freeze work?

[Post-It Note]

Deep Freeze ( http://www.faronics.com/CANADA/product.asp ) is a program that prevents changes to a hard drive. You can do whatever you want to the drive, but when you restart it will return the disk to its original state.

It does this without partitioning, taking up extra space, or having another hard drive to image across. Anyone have any ideas or theories on how it works? I'm going to install the trial and see what I can find out.

[The Burning Rom]

We also use corporate edition of Ghost, which needs to rewrite the MBR in order to boot to the boot partition. If the workstation is still frozen, nopers....DF erases the changes and boots Windows.

No offense..but YOU don't know what you are talking about. You can ghost over deep freeze with norton ghost corporate. I know this because I've done it more times than I can count. :rolleyes:

You don't have to boot into windows to use norton ghost on a network...therefore deepfreeze never comes into play. :p

Also, the icon IS a known problem with the program. On our setups, the icon is supposed to be visible at all times because only IT staff members know the passwords. And like I said, if the machine has been on for a period of time, the icon hides itself, and it sometimes takes several reboots to get it back.

And frankly, everything in my first post was correct. But I guess you know everything... :whistle:

[+orgitnized Subscriber¹]

Deep Freeze does not interact w/ any installers whatsoever. It doesn't interact at all with the workstation until reboot...You can do whatever you want with it and it could care less.

By design it shouldn't. We had to inform them that it was problematic, which they wholeheartedly agreed to. We had problems with installer-based software, and gave them reproducible results which they were aware of. 3 prime examples were [1] Wise for Windows Installer [2] Ghost Autoinstall (which of course comes with Ghost Corporate Edition) [3] and finally Novell's ZENworks snAppshot applet.

They all serve pretty much the same purpose, which is looking at changes before and after an application installation is done (Wise does more than that, but we used it for that purpose)

While checking out the changes made to the workstation, all 3 apps failed every single time in the same spot, which was the DeepFreeze folder on the local machine. The only way to stop this behavior was to go through the tedious task of:

[1] Disabling DeepFreeze

[2] Rebooting

[3] Uninstalling DeepFreeze

[4] Reinstalling the app needed to make the application "snapshot" if you will...

[5] Making the changes on the workstation with the program recording the application install.

[6] Blowing away all the software changes after we had the results we needed

[7] Reinstall DeepFreeze

[8] Reboot

Tedious process and by no means efficient.

We use 99% Novell on close to 5000 workstations, it's not even an issue with Deep Freeze (nor AD). The Console version of Deep Freeze kicks butt, serious commie butt. All you have to do is install the workstation seed, and you can see the workstations just fine. You don't even need the MS Client installed...The Console is beautiful.

That may be true today, but wasn't the case when the management console first came out. In fact, Clean Slate still has that problem (not like that is what the thread is about). Both products looked at the Windows NetBIOS name on the machine. This was a problem seeing as the names were all the same if you were to image out a lab of a hundred PC's for argument's sake. The console filled up with workstation names that were exactly the same as the other machines that were in the console. That didn't help from a management standpoint at all. If this isn't the case, then I won't argue because I stopped using it.

If you're administering some +1000 machines, I fail to see how having DF installed is a waste of money. If anything, it will save you money in manpower, time, and network usage by NOT having to reimage all your machines. Used in conjunction with any imaging software (like Ghost) and life suddenly became enjoyable.

Waste of money I still agree with. Let me tell you exactly why: (and forgive me if I ramble)

If you are using a Novell network (and I'll keep it straight with Novell because I started talking about schools here) along with ZENworks 3.2 or 4.0.1, I simply don't see the need. I go to schools where people use this software and it becomes quite simply, more to manage.

What do you do to update virus definitions on the workstations? If they are being "cleaned" from possible virus infections on reboot, what do you do when 500 XP workstations get infected with Nachia and bring your network to its knees? It's still a reality until the workstations are rebooted.

Let's take Symantec, for the sake of argument again since it's familiar. Symantec will push out virus defs to these workstations all the time because they will get erased upon reboot. That means every time the workstation starts up, excessive traffic is on the network simply because it constantly has to push out new definitions and updates.

So...do you push out the defs into the Thaw Space? Or create the Symantec software in there so you don't get these results? Either way, it's a headache to me.

Most network use Ghost and I just don't see the reason. Another waste of money in my opinion again. ZEN already does it for you with a Linux partition. And of course, you can manage the entire workstation through ConsoleOne. Or you could add yet another management console to your arsenal to manage workstation imaging!? :no: No way. So, to manage your network, you need the ConsoleOne management utility, DeepFreeze MU and a Ghost Enterprise MU. Plus, Ghost doesn't do you any good if the workstation won't boot into Windows. And yes, I know that you can go to the workstation and physically boot it with a CD or disk, but then again, you would never have to do that if you used ZEN Imaging. Let's not split hairs on Ghost (which wasn't my intent either) I know it can also utilize pre-emptive boot services using the NICs as well. It's just that the software was *made* to be managed from a workstation that boots into Windows in order to talk with the actual "Ghost server". I also have yet to see Ghost do half the job that ZEN does from an imaging standpoint, but that's just my opinion. It brings nothing to the table that ZEN does not, so I can't justify spending money on it.

And to stop students from making changes on workstations and destroying them? Stop allowing them to boot to the BIOS to format everything first off.

Secondly, use the power of group policies to stop them from doing things on the workstations. Yes, it's harder to do this on Windows 98 machines because the security sucks as it is. But with Windows XP, it's a breeze. You get to use all the AD policies on the machines anyway, so...there should be no need for another app to stop them from doing things on it.

You have Rogue Process Management (in 4), you can manage Internet Explorer, publish desktops, stop apps from loading, push out apps, etc.

Now, if you want to publish out a new app and deliver it to the desktop, how are you doing it so seamless? If you have thousands of PC's, you cannot effectively do this through Deep Freeze, especially since they would all have to be on. Would you select 1500 PC's through the Deep Freeze Management Console and then disable all of them, then push the app, then turn it back on? You can't do it. ZEN would allow the changes to be made based on the app requirements you give it.

And when you are making users members of the local "Guests" account, how are they going to do such destructive things in 2000/XP? I use Dynamic Local User and have never had a problem with users killing my machines because of their hacking skills at all.

Imaging takes place when the network is not being used, like at 11 pm at night. Scripted imaging can take care of all of the machines that I specify and never have to worry about first disabling DF and then opening up another Management Utility to image my machines. I take care of it with ConsoleOne and don't use Ghost, Deep Freeze or anything else.

Plus, if you are running the registry settings (through Group Policies) that allow you to choose exactly what can be ran on any given group of workstations, I have yet to have anyone break into the workstation to mess things up. So when I can manage thousands of workstations and entire school districts while not even being there, adding DF and Ghost (which I know isn't the argument) to the network and spending thousands of dollars on them is a waste of my money.

I have yet to find a school district of business that is managed by Novell's ZENworks that I can't lock down and secure for end users. The reason my company is in as many school districts as we are is because we save them money on needless software and use ZENworks to the max. Programs like Ghost and DeepFreeze are made for networks that cannot effectively manage their workstations (once again, don't read that wrong - the apps are there to help those in need), which is why I used Windows 2000 domains as an example. You cannot successfully manage Windows 9x clients on a 2000 domain, so it makes sense to use those 2 apps to help out. With Novell + ZENworks, I don't see the logic in it. I run Novell networks that damn near run and heal themselves, so adding these apps as some way of making things easier...I just don't see how it can be done. First off, having to install it on every machine and then using their Management Consoles to utilize them...ick.

This is by no means flaming or anything else. For years all I did was eat, sleep and work with ZEN and with Novell. In all those years I made it a goal to implement some of the best networks I have ever built with my other engineers. I'm also not looking down on your approach. To each his own; that's why there's a lot of tech companies out there. We bring schools to the enterprise level by utilizing what most of them have already paid for using SLA's from Novell.

But because I can just as easily manage a reliable school district using only Novell's applications, why would I think that it would somehow be a benefit paying thousands of dollars for unneeded software? I will also add that it's nice having to worry about bugs from a few select companies. In my case, Microsoft and Novell. I dont have to get on the phone with Symantec or Faronics because I think their software could somehow be messing something up. Or spending my valuable time on the phone with them telling the mhow their software is buggy and sending them videos on it. (Fortres Clean Slate and Fortres 101 being no exception) Plus, we had initial problems with DeepFreeze before it had the "management console" support. We used it on a lab of 50 PC's to try it out. Since we used Novell's Application Launcher (NAL.exe) as the shell instead of Explorer (Explorer.exe), Faronics said you would get "unexpected results" on its effectiveness. In fact Fortres Grand will still tell people this.

Ghost96

[Zirus]

I use this program on my living room computer. It kicks @$$!. Any spyware my little bro manages to download is gone instantly. Saves my loads of time. I actually bought a license for it.

One thing that you guys might like to know:

I had it going on XP, and XP wasn't activated. So, unless XP checks dates everytime it starts up, it doesn't mess with activation. Although, I'm not sure exactly how that worked... but anyways.

[asdflkjsdrhthfhrhr]

reading this has gotten me to thinking about using deepfreeze...

[jamend]

I've been using Deep Freeze Standard on some public computers that are mostly used by kids, and I just found a rather annoying flaw. Due to hard drive corruption on one of the computers (which Deep Freeze can't block since it doesn't use mirroring), some of the Deep Freeze files are corrupt and the little icon next to the clock doesn't show up anymore. Now I can't thaw the system anymore... ugh. Maybe tech support will let me in on some secret back door.

[morganpugh84]

I have DeepFreeze at work on hotdesk systems so that people can't screw them up and for the past 7 months it was worked flawlessly. I amazed. It is probably the greatest application I have ever used as a system administrator.

For those who have no idea what it is here is a brief over view...

You install it and "freeze" your system. No matter what you do when you reboot it goes back to the frozen state. If you need to make a change to the frozen you can login with the master password, make the change and then refreeze it.

From what I can work out reading the documentation it tricks Windows. What it does is load the system up but all changes that are made are made to another file not the actual file Windows thinks it is. It is kind of like hardlink to the file but backwards. Image you have explorer.exe and you load it up but you make a change to it now normally it would replace the file explorer.exe but that would happen in a frozen system is that it edits a link to explorer.exe which is active until you reboot and the link is reset to the original. Performance (and disk space) isn't a problem as you don't have to access every single file on the machine when you use it. You only access a few hundred or so. It is clever how it works and has saved hundreds of hours of work for my already this year. I swear buy this application. Also their support is out of this world, it really is outstanding.

When teamed with Symantec Ghost (still the best no matter what anyone says because of its powerful command line use. You never need to use the interface!) it makes the ultimate system management tool.

[emo]

yea they have that at my school...and on the side of the computer they have the windows xp serial code...so i can easily get over 500 serial codes..and there all xp pro :yes:

[Kokoro]

Need to unfreeze Deep Freeze? Go to

http://www.unfreezer.cjb.net/

This guy found a way to do it! It works for XP/NT/9X and doesn't need to boot from floppy or CD.

[Rob Veteran]

At our school we used a program called Centurion DriveShield - identical concept. This one allows you to remotely disable DriveShield on any computer on the network by the admin, as well as all the standard features of being able to selectively allow changes to folders etc. 'tis good.

[jamend]

The concept behind DeepFreeze is actually pretty simple. It just installs a kernel-mode driver that intercepts all hard drive activity. All writes are redirected to a temporary cache that overlays the real hard drive data, and it gets cleared on reboot. From my experience, its main flaws are being able to remove DeepFreeze by booting to something else, and not being able to thaw if some of DeepFreeze becomes corrupt due to bad sectors. I've seen a solution that fixes the first problem with hardware: a small PCI card with firmware is installed that takes over before the motherboard's firmware has a chance to boot anything. I can't remember the name of it though...

[sn00pie]

This is what my school uses, I've tried disabling it in the Task Manager, and I believe you need to go into the registry somewhere and delete it.

[BigCheese]

my school has sosmething like this as well. I tried install ccleaner, but when i restarted, all that was left was a folder, all the files had gone.

[RootWind]

The concept behind DeepFreeze is actually pretty simple. It just installs a kernel-mode driver that intercepts all hard drive activity. All writes are redirected to a temporary cache that overlays the real hard drive data, and it gets cleared on reboot. From my experience, its main flaws are being able to remove DeepFreeze by booting to something else, and not being able to thaw if some of DeepFreeze becomes corrupt due to bad sectors. I've seen a solution that fixes the first problem with hardware: a small PCI card with firmware is installed that takes over before the motherboard's firmware has a chance to boot anything. I can't remember the name of it though...

585953058[/snapback]

Are you talking about the ones from Convar? WatchIT or something.

[jamend]

Yeah, it was something like that.

[ToryAmos]

deepfreeze, winrollback, shadowuser et al all work by running the system as a virtual system in free space on the HDD, leaving the installed system untouched. that's why they slow PC performance...or have you not noticed ?

[Kokoro]

Need to unfreeze Deep Freeze? Go to

http://www.geocities.com/franktrop/

http://usuarios.arnet.com.ar/fliamarconato/

http://webs.uolsinectis.com.ar/c_delgado/

This guy found a way to do it! It works for XP/2K/9X and doesn't need to boot from floppy or CD.

[trance]

Those tuts are useless if you don't have debug privs. That means if you are a LUA (as every user should be on public comps) then this wouldn't work (excluding 9x machines).

When you have access to a debugger, anything is possible...

[pistonpilot]

Nope...none.  Unless you can boot to a floppy or cd-rom, forget it.

We also use corporate edition of Ghost, which needs to rewrite the MBR in order to boot to the boot partition.  If the workstation is still frozen, nopers....DF erases the changes and boots Windows.

One downside to the product is you can only make changes in thawed mode.  So if you need to make a change, thaw, reboot, make changes, freeze, hope things are good...if not, thaw, reboot, make changes, freeze, etc.

One recommendation to admins, don't store the workstation file, configuration files, or console settings on the local workstation (depends on what version you're running).  Quite easy to pull the passwords out of the files.

584518113[/snapback]

Callaway,

I'm going to PM you as well, but would you elaborate on the workstation file, configuration file, etc ... Are you referring to the professional version?

I would have liked to buy the professional version but buying a 10 user license was not worth it. I have the basic version loaded on my laptop and desktop.

I hate Windows. But what I hate more than Windows is that I need it and end up reinstalling it every few months when it becomes unstable.

It works wonderfully on my desktop as I have no thawzone, I only freeze the C Drive.

My laptop is a different story. Since the hiberfil.sys file can only reside on the C Drive I cannot hibernate my laptop.

One of the things not mentioned here, is that once you have defragged the C Drive, optimized all the files, and defragged the registry, it will stay in this condition forever.

Imagine a fast machine all the time.

PP

[pistonpilot]

deepfreeze, winrollback, shadowuser et al all work by running the system as a virtual system in free space on the HDD, leaving the installed system untouched. that's why they slow  PC performance...or have you not noticed ?

585963580[/snapback]

That's not true. I have it on both my laptop and desktop. They are as fast as they ever were, maybe faster.

How can I say this?

I have no fragmentation. None. And with DeepFreeze installed, I will never fragment my drive or my registry.

Imagine that.

PP

[missithang]

We just got deep freeze to use on a few computers here on campus. We use PatchLink to take care of Windows Updates. Weve created a new group and new policy in Patchlink for the Deep Freeze computers, and set up the maitenence thaw for the pc. Well it will thaw, but the updates arn't running (the group's policy is for the timeframe of the thaw, and to check every 15 min). Anyone had something similar? Do i need to do something else? ANY help or suggestions would be greatly appreciated!!

[Popcorned1]

I have no fragmentation. None. And with DeepFreeze installed, I will never fragment my drive or my registry.

Imagine that.

PP

It's a dream come true! :rofl:

I'm going to try this later.

[Hodges]

I have been studying DeepFreeze a lot with our school computers, to me, what it appears to do, is grab control of your indxing table, and instead of saving it to your harddrive, it saves it in RAM.

What I have observed is primarilly the installers! Installing a large game like Crysis and Bioshock added a lot to my system idle RAM usage. Normally when DeepDreeze is booted thawed, on idle, my computer uses 27%-33% RAM, the same when booted frozen and left idle directly after booting. When I installed the games, on IDLE my RAM usage was 63%. Also, when I delete a large amount of files, the RAM usage at idle is also abnormally higher.

Since RAM can not retain information when power is lost, it dumps everything that was changed in the indexing, and when the computer boots, it is back to normal.

Lastly, there is one thing I am not sure of that can prove this theory wrong. I am not sure if RAM loses power during a warm start, if it never lost power in the first place, it could still retain data, but all sugestions are welcome.