������������
Last modified: June, 2005
������������ Deep Freeze Security Notice Deep Freeze does not protect against booting from a floppy drive or CD-ROM drive. The CMOS should be configured to prevent booting from the floppy drive or CD-ROM drive (i.e. set to boot to the hard drive) and the CMOS must be password protected. This is a normal precaution for most public access computers. The Windows Registry, the computer CMOS and the boot sector are protected by Deep Freeze from within Windows.
This page intentionally left blank
������������ Contents Deep Freeze Overview ............................................................................................................................................. 7 About Deep Freeze .........................................................................................................................................................7 System Requirements ...................................................................................................................................
This page intentionally left blank
������������ Deep Freeze Overview About Deep Freeze With over five million installations, Deep Freeze has a proven track record of non-restrictive, complete Windows protection. Deep Freeze provides network administrators with a simple and 100% successful method of maintaining desktop systems and reduces software technical support to an absolute minimum. Completely invulnerable to hacking, Deep Freeze instantly protects and preserves original computer configurations.
������������ Deep Freeze Configuration Administrator The Configuration Administrator is intended to only be installed on the computer used to administrate Deep Freeze. The Configuration Administrator is used to create a customized Deep Freeze installation program pre-configured with passwords, schedules, and other options. Installation Complete the following steps to install the Configuration Administrator: 1. Insert the CD-ROM from the media package into the CD-ROM drive. 2.
������������ Customization Code Initialization Open the Configuration Administrator by selecting the following path from the Start menu: Start > Programs > Faronics > Deep Freeze Professional > Deep Freeze Administrator The Deep Freeze Professional Customization window appears the first time the Configuration Administrator is opened. Deep Freeze requires the administrator to enter a Customization Code to initialize the Configuration Administrator.
������������ Using the Configuration Administrator The Configuration Administrator is used to create a customized Deep Freeze installation program preconfigured with passwords, schedules, and other options. There are four main tabs for accessing the various options available: Welcome, Configuration, One Time Passwords, and Create Programs. Welcome Tab The Welcome tab provides contact information for Faronics, including a link to our company and Technical Support Web sites.
������������ File Menu The File Menu contains similar options to those on the Toolbar, with the addition of Create Workstation Install Program and Password Protection, Create Workstation Install Program can be used to create a Deep Freeze installation program file after the configuration is complete. Password Protection offers another layer of security for the administrator. Use this screen to optionally password protect access to the Deep Freeze Configuration Administrator application.
������������ Configuration Tab The Configuration tab has eight sub-tabs along the bottom used to configure various options. After all of the desired configuration options have been selected, a customized workstation installation program file is ready to be created. This program file is used to install a pre-configured version of Deep Freeze on workstation computers.
������������ Frozen Drives The Frozen Drives tab is used to select which drives are to be Frozen (protected by Deep Freeze) or Thawed (unprotected). Checked drives are Frozen by Deep Freeze. Only local drives (partitions or physical drives) can be Frozen. All of the drive letters are shown because the pre-configured installation file may be installed on many workstations with various hardware and software setups. In the example above, the C: drive is checked, but not the D: drive.
������������ Restart/Shutdown The Restart/Shutdown tab is used to schedule restarts or shutdowns. To create a Restart/Shutdown schedule, check Enable Restart/Shutdown Schedule. The following options are available when configuring the Restart/Shutdown schedule: • Check Set One Change All to apply a change made for one day of the week to all other days. • Check the days of the week the schedule will apply to, and the time the restart or shutdown will happen.
������������ Maintenance The Maintenance tab is used to schedule a time when Deep Freeze is Thawed. A Thawed workstation is available for upgrades, new installations, maintenance, or any other permanent changes. To create and configure a Maintenance Schedule, complete the following steps. As indicated, some of the steps are optional: 1. 2. Check Enable Thawed Maintenance Schedule to enable the schedule. Check the box beside each day of the week when a Maintenance schedule is desired. 3.
������������ 5. 6. 7. Enter the time to restart the workstation into the Frozen state in the Stop Time field. Optional: check the Shutdown checkbox to shut the workstation down at the conclusion of the Maintenance period instead of restarting it. If Shutdown is checked, the workstation is Frozen the next time it is started. If the Stop Time precedes the Start Time, the Stop Time is assumed to be during the next day.
������������ Advanced Maintenance The Advanced Maintenance tab is used to specify SUS server and batch file options for a scheduled Maintenance period. Insert custom batch file here To use an SUS (Microsoft Software Update Services) server for Windows critical updates, check Use SUS Server and specify the server’s IP address or server name. If Use SUS Server is unchecked, Windows critical updates are downloaded via the Internet for each workstation individually.
������������ ThawSpace The ThawSpace tab is used to create a virtual partition on a workstation that can be used to store programs, save files, or make permanent changes. All files stored in the ThawSpace are saved after a restart, even if the workstation is Frozen. Complete the following steps to create a Thawspace. 1. Check Include a ThawSpace to create a ThawSpace in the installation program. The Host Drive is the workstation drive that is the source for the ThawSpace virtual partition.
������������ Win9x The Win9x tab is used to configure options applicable to workstations running Windows 95/98/Me. • Check Use Hard Reboot When Thawed to force workstations to perform an immediate restart when leaving the Thawed state. This option should be selected if the workstations experience problems shutting down when leaving the Scheduled Maintenance period. • Check Prevent Break Outs from “Autoexec.bat” if the Windows 9x workstations are using the autoexec.
������������ Miscellaneous The Miscellaneous tab is used to configure various other options. • Display Options: These checkboxes are used to select whether the Frozen and Thawed Deep Freeze icons are shown in the System Tray. The icon indicates that Deep Freeze is installed and the workstation is Frozen. The icon indicates that Deep Freeze is installed but the workstation is Thawed. The Deep Freeze logon dialog can be accessed by holding down the SHIFT key and double-clicking an icon.
������������ Create Programs The Create Programs tab is used to create a customized Deep Freeze installation program file with all of the configuration options that were previously selected. To create the Deep Freeze installation program file, click the green polar bear icon . A standard Save File dialog displays. The default file name can be changed, as can the Save To location. It is recommended that a naming convention be used if the administrator is creating multiple customized installation files.
������������ One Time Password Generation System The One Time Passwords tab is used to create a special temporary password to Deep Freeze that expires at midnight on the day it was generated. A One Time Password (OTP) can be useful if, for example, a Deep Freeze password is forgotten or if a configuration was created without any passwords defined.
������������ Uninstalling the Configuration Administrator Complete the following steps to uninstall the Configuration Administrator: 1. Open the Add/Remove Programs utility in the Windows Control Panel by selecting the following path from the Start menu: Start > Control Panel > Add or Remove Programs 2. Select Deep Freeze Administrator - Enterprise and click the Change/Remove button. 3. Follow the steps presented and the Configuration Administrator will be uninstalled from the computer.
������������ Deploying Deep Freeze After a customized installation program file has been created using the Configuration Administrator, Deep Freeze can be deployed to workstations using an Attended Install, the Silent Install System, or as part of an imaging process. All background utilities and antivirus software should be disabled and all applications should be closed prior to installation. These programs may interfere with the installation which could result in Deep Freeze not functioning correctly.
������������ Silent Install or Uninstall Deep Freeze can be rapidly installed to many workstations over a network using the Silent Install System. Any deployment utility that allows execution of a command line on a remote workstation can implement the Silent Install System. After the Silent Install is complete, the system immediately restarts.
������������ Network Install on Multiple Workstations The Silent Install System can also be used to install Deep Freeze on multiple workstations over a network. If the workstations on the network use logon scripts, the scripts can be used to install Deep Freeze on all networked workstations automatically. All workstations will restart Frozen and ready for use after installation has completed.
������������ Using Deep Freeze Workstation Logon Use one of the following ways to log on to Deep Freeze on a workstation. • • If the Deep Freeze icon is shown in the System Tray, hold down the SHIFT key and doubleclick the Deep Freeze icon Use the keyboard shortcut CTRL+SHIFT+ALT+F6 Either method brings up the following logon dialog. Enter the administrator password and click OK to logon to Deep Freeze.
������������ Change Password The Password tab is used to change the password that was used to log on to Deep Freeze. This tab is only available if the password was set to be user-changeable when the Deep Freeze configuration file was created. To change the password, enter the new password, confirm, and click OK to reset. Clone The Clone tab is used to prepare master images for the deployment process. For more information refer to the Install Using Imaging section.
������������ One Time Passwords A One Time Password (OTP) can be generated using the Configuration Administrator. The Configuration Administrator requires a token from the workstation in order to generate an OTP. The OTP Token for the workstation is located in the Deep Freeze logon dialog. OTP Token Refer to the Configuration Administrator documentation for more information about the One Time Password Generation System.
������������ Deep Freeze Command Line Control (DFC.EXE) The Deep Freeze Command Line Control (DFC) offers network administrators increased flexibility in managing Deep Freeze workstations. DFC works in combination with third-party enterprise management tools and/or central management solutions. This combination allows administrators to update workstations on the fly and on demand. It is important to note that DFC is not a stand-alone application.
������������ DFC Return Values On completion of any DFC command, the DFC will return the following values: Value Description 0 SUCCESS or Boolean FALSE, for commands returning a Boolean result 1 Boolean TRUE 2 ERROR - User does not have administrator rights 3 ERROR - DFC command not valid on this installation 4 ERROR - Invalid command 5 - * ERROR - Internal error executing command Batch File Example The example below shows how to check for a specific error level using a DOS Batch file: @ECHO OF