DFE Manual
Uploaded by
Kemari Abd MadjidDFE Manual
Uploaded by
Kemari Abd Madjid| 1
Deep Freeze Enterprise User Guide
2
|
Last modified: July, 2012
© 1999 - 2012 Faronics Corporation. All rights reserved. Faronics, Deep Freeze, Faronics Core, Faronics
Anti-Virus, Anti-Executable, Faronics Device Filter, Faronics Power Save, Faronics Insight, Faronics
System Profiler, and WINSelect are trademarks and/or registered trademarks of Faronics Corporation. All
other company and product names are trademarks of their respective owners.
Deep Freeze Enterprise User Guide
| 3
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Important Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
About Faronics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Contact Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Deep Freeze Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Deep Freeze Enterprise Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installing Deep Freeze . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Installation Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Installing Deep Freeze Configuration Administrator and Enterprise Console . . . . . . . . . . . . 16
Customization Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Re-Initializing the Customization Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Update Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
One Time Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Using Deep Freeze Configuration Administrator . . . . . . . . . . . . . . . . . . . . . . . 23
Accessing the Configuration Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Toolbar and Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Passwords Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Drives Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Frozen Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
ThawSpace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Existing ThawSpace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Always Thaw External Hard Drives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Workstation Tasks Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Windows Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Restart. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Idle Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Batch File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Thawed Period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Windows Update Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Batch File Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Advanced Options Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Advanced Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Stealth Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Creating Workstation Install Program and Workstation Seed . . . . . . . . . . . . . . . . . . . . . . . . . 52
Using Deep Freeze Enterprise Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Deep Freeze Enterprise User Guide
4
| Contents
Deep Freeze Enterprise Console 56
Launching the Enterprise Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Activating the Enterprise Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Status Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Managing Communication Between the Console and Workstations. . . . . . . . . . . . . . . . . . . . . 58
Configuring the local service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Editing or Removing a local service Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Remote Consoles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Setting up Remote Control Enabled Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Connecting to a Remote Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Managing Deep Freeze with the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Updating Deep Freeze Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Sending Messages to Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Target Installing Deep Freeze . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Updating a Deep Freeze Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Scheduling Deep Freeze Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Assigning Computers to Scheduled Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Executing a Task Immediately . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Deleting a Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Scheduled Task Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Managing Network and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Adding a New Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Building a User Defined Group Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Importing Groups from Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Adding computers to a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configure Custom Actions. . . . . . . . . . . . . . . ...... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Control with RDC . . . . . . . . . . . . . . . . . . ...... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Remote Execute. . . . . . . . . . . . . . . . . . . ...... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Push and Install MSI file . . . . . . . . . . . . . ...... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Deleting, Importing and Exporting Custom Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Console Customizer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Deep Freeze Enterprise Console Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Installing Deep Freeze on the Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Attended Install or Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Uninstalling Deep Freeze on the Workstation via the Console . . . . . . . . . . . . . . . . . . . . . . . . 82
Silent Install or Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Example Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Silent Install or Uninstall Using a Shortcut . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Network Install on Multiple computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Installing Over Existing Deep Freeze Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Installing Using Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Target Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Check for Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Managing Deep Freeze Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Login Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Status on Next Boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Clone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Deep Freeze Enterprise User Guide
Contents
| 5
License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Password Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Network Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
ThawSpace Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Permanent Software Installations, Changes, or Removals . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Deep Freeze Command Line Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Deep Freeze Command Line Control (DFC.EXE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
DFC Return Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
DFC Command Line Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Appendix A Ports and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Appendix B Network Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Example 1 - Single Subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Example 2 - Multiple Subnets One local service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Example 3 - Multiple Ports, Console Accessed Remotely. . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Example 4 - Multiple Subnets Multiple local services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Appendix C Troubleshooting a Remote Console Connection . . . . . . . . . . . . . . . . . . . . . . . . 107
No Clients In the Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Port is in Use Error When Starting the Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Appendix D Creating a Customized Deep Freeze Enterprise Console . . . . . . . . . . . . . . . . . 109
Appendix E Deep Freeze Action Files - RDC Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Deep Freeze Action Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Action File Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Deep Freeze Action File Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Console Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Deep Freeze Enterprise User Guide
6
| Contents
Deep Freeze Enterprise User Guide
| 7
Preface
This user guide explains how to install, configure and use Deep Freeze Enterprise.
Topics
Important Information
Technical Support
Deep Freeze Enterprise User Guide
8
| Preface
Important Information
This section contains important information about your Faronics Product.
About Faronics
Faronics delivers market-leading solutions that help manage, simplify, and secure complex IT
environments. Our products ensure 100% machine availability, and have dramatically impacted
the day-to-day lives of thousands of information technology professionals. Fueled by a
market-centric focus, Faronics’ technology innovations benefit educational institutions, health
care facilities, libraries, government organizations, and corporations.
Product Documentation
The following documents form the Deep Freeze Enterprise documentation set:
• Deep Freeze Enterprise User Guide — This is the document you are reading. This document
guides you how to use the product.
• Deep Freeze Enterprise Release Notes — This document lists the new features and known
issues and closed issues.
Deep Freeze Enterprise User Guide
Technical Support
| 9
Technical Support
Every effort has been made to design this software for ease of use and to be problem free. If
problems are encountered, contact Technical Support.
Email: [email protected]
Phone: 800-943-6422 or +1-604-637-3333
Hours: 7:00am to 5:00pm (Pacific Time)
Contact Information
• Web: www.faronics.com
• Email: [email protected]
• Phone: 800-943-6422 or +1-604-637-3333
• Fax: 800-943-6488 or +1-604-637-8188
• Hours: 7:00am to 5:00pm (Pacific Time)
Address:
Faronics Technologies USA Inc.
2411 Old Crow Canyon Road, Suite 170
San Ramon, CA 94583
USA
Faronics Corporation (Headquarters)
609 Granville Street, Suite 620
Vancouver, BC V7Y 1G5
Canada
Faronics Corporation (Europe)
Venture House, 2 Arlington Square, Downshire Way
Bracknell, RG12 1WA, England
Deep Freeze Enterprise User Guide
10
| Preface
Deep Freeze Enterprise User Guide
| 11
Introduction
Faronics Deep Freeze helps eliminate computer damage and downtime by making computer
configurations indestructible. Once Deep Freeze is installed on a computer, any changes made to
the computer—regardless of whether they are accidental or malicious—are never permanent. Deep
Freeze provides immediate immunity from many of the problems that plague computers today—
inevitable configuration drift, accidental system misconfiguration, malicious software activity, and
incidental system degradation.
Deep Freeze protects the computers that are set to boot from the hard drive.
Configure the CMOS to boot from the hard drive only. The CMOS must be
password protected to prevent unauthorized changes. Deep Freeze protects the
Master Boot Record (MBR) when the computer is Frozen.
Topics
Deep Freeze Overview
System Requirements
Deep Freeze Enterprise User Guide
12
| Introduction
Deep Freeze Overview
System Requirements
• Deep Freeze is supported on:
— XP, Vista and Windows 7
— Deep Freeze requires 10% of the hard drive to be left as free space
— Both 32 and 64 bit versions of Windows are supported
— Windows XP x64 must have Service Pack 2 or later installed
• Faronics recommends a minimum of 256 MB of system memory in the protected systems
• The Deep Freeze Configuration Administrator and Enterprise Console are supported on:
— XP, Vista, Windows 7, Server 2003 and 2008
— 32 and 64 bit versions are supported
Deep Freeze Enterprise User Guide
Deep Freeze Enterprise Files
| 13
Deep Freeze Enterprise Files
Deep Freeze uses different colored icons to represent its components. Files identified by a red icon
should generally only be installed on an administrative computer.
Icon Definition
Deep Freeze Enterprise Configuration Administrator and Enterprise
Console installation file.
The Configuration Administrator application is used to create customized,
pre-configured, computer installation program files and Workstation Seeds.
The Enterprise Console application is used to centrally deploy, monitor,
manage, and maintain Deep Freeze installations.
A customized Deep Freeze workstation installation file is created in the
Configuration Administrator and deployed to workstations within the
enterprise. This file includes the Workstation Seed. If the Deep Freeze
workstation installation file is installed, the Workstation Seed is not
required to be installed separately.
A Workstation Seed enables seamless communication between the
Enterprise Console and computers on a network. When the Workstation
Seed is installed on a computer, the computer becomes visible on the
Enterprise Console. Once a computer is visible on the Enterprise Console,
various actions such as Restart, Shutdown and Wake-on-LAN can be
performed on the computer remotely. Deep Freeze can also be installed
remotely on visible computer thereby allowing Deep Freeze related actions
on remote computers.
Deep Freeze Enterprise User Guide
14
| Introduction
Deep Freeze Enterprise User Guide
| 15
Installing Deep Freeze
This chapter describes the installation process of Deep Freeze.
Topics
Installation Overview
Customization Code
One Time Passwords
Deep Freeze Enterprise User Guide
16
| Installing Deep Freeze
Installation Overview
Installing Deep Freeze Configuration Administrator and Enterprise Console
The Configuration Administrator is intended to be installed only on the computer used to
administrate Deep Freeze. The Configuration Administrator is used to create customized Deep
Freeze installation files and Workstation Seeds.
The Deep Freeze Enterprise Console installs automatically with the Deep Freeze Configuration
Administrator.
Complete the following steps to install the Configuration Administrator:
1. Double-click the file DFEnt.exe to begin the installation process. The following screen
appears:
2. Click Next.
Deep Freeze Enterprise User Guide
Installation Overview
| 17
3. Read and accept the license agreement. Click Next.
4. Enter the License Key in the License Key field or select the Use Evaluation check box to install
in Evaluation mode. Click Next.
The Evaluation version of Deep Freeze is valid for 30 days. After 30 days, all Deep
Freeze functionality will be disabled on the Enterprise Console. All other features
will continue to work even after the 30 day period.
5. Once the installation process is completed, the Customization Code screen appears.
Deep Freeze Enterprise User Guide
18
| Installing Deep Freeze
6. Specify the Customization Code and click Next. The Customization Code must be a minimum
of eight characters. The installation is completed.
Deep Freeze Enterprise User Guide
Customization Code
| 19
Customization Code
The Customization Code is a unique identifier that encrypts the Configuration Administrator, the
Enterprise Console, the computer installation files, the One Time Password Generation System,
and Deep Freeze Command Line Control. This code is not a password that can be used to access
Deep Freeze.
The Customization Code ensures that unauthorized administrators are prevented from accessing
or controlling a computer. Multiple Deep Freeze administrators controlling the same group of
computers must use a matching Customization Code.
The Customization Code must be recorded and guarded with care. Faronics is
unable to recover a lost or forgotten Customization Code.
Re-Initializing the Customization Code
If another administrator wants to create installation files with the same Configuration
Administrator using a different Customization Code, complete the following steps:
1. Run DFInit.exe.
2. This resets the existing Customization Code for the Configuration Administrator.
3. Enter a new Customization Code.
4. Click OK for the new Customization Code to become active.
Update Mode
Update Mode can be used to automatically create updated versions of existing files of Deep Freeze
Enterprise by executing a special Update command. This command completes two tasks:
• Updates previous versions of the Deep Freeze Enterprise Console and the Deep Freeze
Configuration Administrator. (Found in Faronics > Deep Freeze 7 Enterprise.)
• Updates any user created files stored in the Faronics > Deep Freeze 7 Enterprise > Install
Programs folder.
The benefit of these updates is that a number of files can be updated to the latest version while
retaining their configuration data (created with an older version of Deep Freeze Enterprise).
The command automatically updates files created by an administrator (.exe, .rdx) that are present
in the Faronics > Deep Freeze 7 Enterprise > Install Programs directory, including the following
sub-directories:
• Workstation install files
• Workstation Seed files
In the example below, the district office has received a new version of Deep Freeze Configuration
Administrator and can automatically update any existing Deep Freeze Workstation Install files
and Workstation Seeds at a remote location.
Deep Freeze Enterprise User Guide
20
| Installing Deep Freeze
The update command does not require a password, but does require a Customization Code. Use
the following command syntax:
\PathToFile\DFEnt.exe /update=”Customization Code” c:\dfupdate.log
• PathToFile must be replaced with the actual path to the installation file (DFEnt.exe)
• DFEnt.exe must be the actual name of the installation file (it may differ if it was downloaded)
• Customization Code must be in quotes if there is a space in it
• Customization Code must match the old installation files’ Customization Code
The log file provides full details of exactly which files were updated.
The update process may take a few minutes to complete.
Update Mode does not update the existing version of Deep Freeze on computers. Computers must
be updated using the Enterprise Console.
Deep Freeze Enterprise User Guide
One Time Passwords
| 21
One Time Passwords
The One Time Passwords Generation System is used to generate temporary passwords for Deep
Freeze that expire at midnight on the day they were generated.
One Time Passwords dialog can be accessed from
• Tools>One Time Passwords in the Enterprise Console. For more information refer to Using
Deep Freeze Enterprise Console.
• File>One Time Passwords in the Configuration Administrator. For more information refer to
Using Deep Freeze Configuration Administrator.
A One Time Password (OTP) can be useful if, for example, a Deep Freeze password is forgotten or
if a configuration file was created without any passwords defined. An OTP can also be used to
provide access to a computer for an individual performing maintenance duties without requiring
that individual to know the permanent Deep Freeze password.
To create an OTP, complete the following steps:
1. Select either Password valid for one use only or Password valid for multiple uses. All OTPs
expire at midnight on the day they were created, regardless of type.
2. Enter the OTP Token from the computer that requires the OTP into the Token field. The OTP
Token for the computer is located in the logon dialog, as shown below.
3. Click Generate.
The Deep Freeze Command Line interface does not support the use of One Time
Passwords.
Deep Freeze Enterprise User Guide
22
| Installing Deep Freeze
Deep Freeze Enterprise User Guide
| 23
Using Deep Freeze Configuration
Administrator
Topics
Accessing the Configuration Administrator
Passwords Tab
Drives Tab
Workstation Tasks Tab
Windows Update Tab
Batch File Tab
Advanced Options Tab
Creating Workstation Install Program and Workstation Seed
Deep Freeze Enterprise User Guide
24
| Using Deep Freeze Configuration Administrator
Accessing the Configuration Administrator
Open the Configuration Administrator by selecting the following path from the Start menu:
Start > All Programs > Faronics > Deep Freeze 7 Enterprise > Deep Freeze Administrator
The Configuration Administrator provides various tabs to configure passwords, Frozen drives,
Workstation Tasks, Windows Updates, Batch Files, and Advanced Options. Once the settings
have been configured, a Workstation Install file can be created. The Workstation Install file can be
installed on the computers that need to be protected by Deep Freeze. Deep Freeze Administrator
can also be accessed from within the Deep Freeze Console.
Toolbar and Menus
Toolbar
The Toolbar is available at the top of every tab in the Configuration Administrator.
Icon Function
New Blanks out all existing configuration settings. Opens with default
configuration settings.
Open Open any saved .rdx, Workstation Installation file or Workstation Seed file.
Save Save a .rdx, Workstation Installation file or Workstation Seed file. File name
and path is listed at the bottom of the Configuration Administrator in the
status section.
Save As Save the configuration settings as a .rdx file.
Help Access the Deep Freeze Help file.
Create Create Workstation Installation File creates a customized installer for
installing on workstations. The workstations can then be managed from the
Deep Freeze Enterprise Console.
Create Workstation Seed File creates a seed that allows Deep Freeze
Console to communicate with workstations across the network. Once the
seed is installed on workstations, Deep Freeze Workstation Installation File
can then be deployed remotely.
Deep Freeze Enterprise User Guide
Accessing the Configuration Administrator
| 25
File Menu
The File menu contains the same options as those available on the Toolbar, with the additions of
the option to choose from the available languages and Password Protection.
Password Protection
Password Protection offers an additional layer of security for the administrator.
To password protect access to the Configuration Administrator, complete the following steps:
1. Open the File menu and select Password Protection.
2. Select the Protect with password check box.
3. Enter and confirm the password.
4. Click OK to set the password or Cancel to exit the dialog without setting a password.
Store the password in a safe location. If the password is lost, you cannot recover it.
You will have to reinstall Deep Freeze.
Deep Freeze Enterprise User Guide
26
| Using Deep Freeze Configuration Administrator
Passwords Tab
Deep Freeze Enterprise allows the administrator to choose up to 15 fixed passwords.
To create a password, complete the following steps:
1. Select Enable on the appropriate row.
2. From the Type drop-down list, choose the preferred kind of password. The following options
are available:
— Workstation: designated for use at the workstation when the Login Screen is launched.
— Command Line: for use with Command Line Controls. The Command Line Control tool
(DFC.exe) does not function unless at least one Command Line password is defined.
3. Optional: For passwords, select the User Change check box to allow a user to change the
password at the computer.
4. Enter the password.
The password entered in the Password field is not hidden.
Do not use the same password for Command Line and the GUI.
5. To set a password to become active and expire on specified dates, select the Timeout check
box and use the drop-down calendars to specify an Activation date and Expiration date.
Deep Freeze Enterprise User Guide
Drives Tab
| 27
Drives Tab
The Drives tab is used to select which drives are to be Frozen (protected by Deep Freeze) or
Thawed (unprotected). You can also create a ThawSpace — a virtual partition hosted on a local
Frozen or Thawed drive where data can be saved permanently without being deleted by Deep
Freeze during a reboot.
Frozen Drives
By default, all drives are Frozen. To put a drive in a Thawed state, clear the check box of the
preferred drive.
While only local drives (partitions or physical drives) can be Frozen, all drive letters are shown
because the pre-configured installation file may be installed on many computers with various
hardware and software setups.
Example
In the above screen, the D: is not selected from the Frozen Drives list. Therefore, all drives except
D: are Frozen.
Deep Freeze Enterprise User Guide
28
| Using Deep Freeze Configuration Administrator
ThawSpace
ThawSpace is a virtual partition that can be used to store programs, save files, or make permanent
changes. All files stored in the ThawSpace are retained after a restart, even if the computer is
Frozen. A ThawSpace can be created on a drive that is configured to be Frozen or Thawed.
To create a single ThawSpace or multiple ThawSpaces using the Configuration Administrator,
complete the following steps:
1. Select the Drive Letter. The default letter is T:. However, it can be changed to any available
letter. The next available letter is automatically used if the selected drive letter already exists
on a computer when Deep Freeze is installed.
— When a Drive Letter is selected from the drop-down and used to create a ThawSpace, it is
removed from the drop-down.
— When a ThawSpace is removed, the corresponding Drive Letter is added back to the
drop-down.
— The Drive Letter cannot be same as the Host Drive.
2. Enter the Size. This is the size of the ThawSpace. The maximum size is 1024 GB and the
minimum size is 16MB.
— If the computer does not have enough free space to accommodate the selected ThawSpace
size, the size of the ThawSpace is adjusted downward to ensure proper operation of the
computer.
— If you select the Size less than 16MB, the ThawSpace is set to 16MB.
— If you select the Size more than 1024GB (1TB), the ThawSpace is set to 1024GB (1TB).
Deep Freeze Enterprise User Guide
Drives Tab
| 29
3. Select the ThawSpace storage unit in MB or GB.
4. Select the Host Drive.
— The Host Drive is the drive where the ThawSpace is created.
— The storage required for the ThawSpace is used from the total storage available on the Host
Drive.
5. Select Visible or Hidden from the Visibility drop-down.
— If you select Visible, the drive will be visible in Windows Explorer.
— If you select Hidden, the drive will not be visible in Windows Explorer.
— However, the hidden drive can be accessed by typing the drive letter in Start>Run.
6. Click Add to add the ThawSpace.
Removing a ThawSpace
To remove a ThawSpace, select the ThawSpace and click Remove. The ThawSpace is removed and
the drive letter is now added back to the Drive Letter drop-down. Click Remove All to remove all
the ThawSpaces.
Before removing a ThawSpace, remove any profile redirections or Symbolic Links.
Removing a ThawSpace will also remove the data stored in it.
A ThawSpace is not protected by Deep Freeze. Deploy standard data protection
options such as, Anti-Virus and backup procedures.
Example
In the above screen, a ThawSpace of 16 MB is created on the Host Drive C: and the ThawSpace is
designated with the drive letter T:. The ThawSpace T: is set to Visible and can be accessed via the
Windows Explorer.
It is recommended to assign Drive Letters towards the end of the alphabet (X, Y,
Z) in order to avoid automatic reassignment when a removable drive is
unplugged.
Existing ThawSpace
The Retain existing Thawspace check box is selected by default to prevent ThawSpaces created
during previous installations from being deleted.
A dialog is always displayed asking if the ThawSpace should be retained or deleted during an
Attended Uninstall, regardless of whether Retain existing ThawSpace has been selected. This
option is not displayed if the uninstall is performed through the Enterprise Console.
Always Thaw External Hard Drives
The Always Thaw External Hard Drives pane has two check boxes, USB and IEEE 1394
(FireWire) and both check boxes are selected by default. This ensures that the USB or IEEE 1394
(FireWire) hard drives are always Thawed.
If the USB and/or IEEE 1394 (FireWire) external hard drives check boxes are cleared, the drive is
Frozen or Thawed according to the letter each drive mounts to in the Frozen Drives section.
Deep Freeze Enterprise User Guide
30
| Using Deep Freeze Configuration Administrator
Network drives and removable media drives (floppy, memory keys, CD-RW, etc.) are not affected
by Deep Freeze and therefore cannot be Frozen.
Example
In the above screen, drives E: and F: are selected in the Frozen Drives pane.
Let us assume that E: corresponds to a USB hard drive and F: corresponds to an IEEE 1394
(FireWire) hard drive.
The USB and IEEE 1394 (FireWire) check boxes are selected in the Always Thaw External Hard
Drives pane, the external hard drives would be Thawed.
The USB check box is selected. The IEEE 1394 (FireWire) check box is cleared. In this example,
the USB drive (D:) would be Thawed and the IEEE 1394 (FireWire) drive (F:) would be Frozen.
Deep Freeze Enterprise User Guide
Workstation Tasks Tab
| 31
Workstation Tasks Tab
The Workstation Tasks tab allows you to schedule various tasks that run at the workstation. The
Workstation Tasks reside at the workstation and will run even if the workstations lose their
network connectivity or if they are unable to communicate with the Deep Freeze Console. The
Workstation Tasks are part of the Workstation Install File or Deep Freeze Configuration (.rdx) file.
The following Workstation Tasks are available:
• Windows Update - schedule Windows updates. You can configure additional settings in the
Windows Update tab.
• Restart - periodically restart workstations to bring them to the original configuration or erase
unwanted data.
• Shutdown - shut down the workstations at a specified time every day to save power.
• Idle Time - shut down or restart the workstations if they are idle for a specified period of time.
• Batch File - run a batch file on the target workstation. You can configure additional settings in
the Batch File tab.
• Thawed Period - reboot Thawed for a specified period to perform manual software installs,
automated software installs via third party tools or other permanent configuration changes.
Each task is covered in detail in the following sections.
Deep Freeze Enterprise User Guide
32
| Using Deep Freeze Configuration Administrator
Workstation Tasks vs. Scheduled Tasks: If communication between the
Enterprise Console and the target computer fails, the Workstation Tasks are still
executed since they exist on the target computer.
Tasks scheduled through the Scheduled Tasks Wizard in the Deep Freeze
Enterprise Console exist on the Enterprise Console and not on the target
computers. Therefore, a continuous connectivity between the Enterprise Console
and the target computer is required for the Scheduled Tasks to be executed. For
more information, refer to the Scheduling Deep Freeze Tasks section.
Overlapping tasks cannot be created in the Workstation Tasks tab. If a newly
created task overlaps with an existing task, a message is displayed.
A message can be displayed to the user for a maximum of 5 minutes. There must
be a gap of a minimum of 5 minutes between any two tasks.
A Workstation Task is triggered only when Deep Freeze is in a Frozen state.
Windows Update
Windows Update tasks are scheduled for downloading Windows Updates on the workstation.
Windows Updates can be downloaded even when the workstation is in a Frozen state. A Windows
Update task has a Start Time and an End Time. After downloading Windows Updates, the
workstation reboots in a Thawed state to apply.
Deep Freeze Enterprise User Guide
Workstation Tasks Tab
| 33
The Windows Update task can be scheduled by completing the following steps:
1. Select Windows Update from the Task Type drop-down and click Add.
2. The following options are displayed:
• Name - Specify a name for the task.
• Day - Select the day, or specify if the task will occur on Weekdays or Weekends.
• Start - Select the Start Time.
Deep Freeze Enterprise User Guide
34
| Using Deep Freeze Configuration Administrator
• End - Select the End Time. The minimum interval is 15 minutes. Alternatively, you can select
When Windows Update completes. If the Windows Update Task is not completed in 6 hours,
Deep Freeze will end the task gracefully.
• Allow user to cancel task- Select the check box if the user is allowed to cancel the task before it
starts.
• Shutdown after task - Select the check box to shutdown the computer after the task.
• Disable Keyboard and Mouse - Select the check box to disable keyboard and mouse during
the task.
• Show message - Select the check box to display a message on the computer Before and During
the task. Specify the time interval in minutes and enter a brief message to be displayed before
the task starts.
3. Click OK. You will be taken to the Windows Update Tab to configure additional settings if
it has not been configured earlier.
The message This computer will reboot in %d for Windows Update is displayed in
the Message to be displayed before the task field. This message can be edited. Add
the word minutes in the message after %d to include the word minutes as part of
the message.
When scheduling the Windows Update task select the When Windows Update
completes option or ensure that you allow a sufficient time frame to permit all
required update activities. Review of Microsoft Security Bulletins from the
Technet web site (http://technet.microsoft.com/en-us/security/bulletin) to
consider the appropriate time frame based upon the Critical and Security updates
being released.
If you are not using WSUS, Deep Freeze Windows Update process will only apply
non user-intervention Critical and Security updates. If you are using WSUS, all
WSUS approved updates will be applied.
Alternatively, to apply other available updates visit the Microsoft Update Catalog
site (http://catalog.update.microsoft.com) to obtain KB downloads which can
then be applied using a Deep Freeze Batch File Workstation Task. Batch File tasks
can also be used to apply other third party software updates.
The Deep Freeze Windows Update tab settings override the Windows Update
settings on the workstation.
Example
In the above screen, a Windows Update task has been created to perform Windows Updates at the
computer daily at 12:00 AM and end when Windows Update completes. The task is configured to
display a message to the user before Windows Update. The keyboard and mouse are disabled.
Deep Freeze Enterprise User Guide
Workstation Tasks Tab
| 35
Restart
The Restart task can be scheduled by completing the following steps:
1. Select Restart from the Task Type drop-down and click Add.
2. The following options are displayed:
• Name - Specify a name for the task.
• Day - Select the day, or specify if the task will occur on Weekdays or Weekends.
• Start - Select the Start Time.
• Allow user to cancel the task- Select the check box if the user is allowed to cancel the task
before it starts.
Deep Freeze Enterprise User Guide
36
| Using Deep Freeze Configuration Administrator
• Show message - Select the check box to display a message on the computer before the task
starts. Specify the time interval in minutes and enter a brief message to be displayed before
the task starts.
3. Click OK.
The message This computer will reboot in %d seconds is displayed in the Message
to be displayed before the task field. This message can be edited. Add the word
minutes in the message after %d to include the word minutes as part of the
message.
Example
In the above screen, a Workstation Task has been created to restart the computer daily at 12:00
AM. The task is configured to display a message to the user 1 minute before the Restart.
Shutdown
The Shutdown task can be scheduled by completing the following steps:
1. Select Shutdown from the Task Type drop-down and click Add.
2. The following options are displayed:
Deep Freeze Enterprise User Guide
Workstation Tasks Tab
| 37
• Name - Specify a name for the task.
• Day - Select the day, or specify if the task will occur on Weekdays or Weekends.
• Start- Select the Start Time.
• Allow user to cancel the task - Select the check box if the user is allowed to cancel the task
before it starts.
• Show message - Select the check box to display a message on the computer before the task
starts. Specify the time interval in minutes and enter a brief message to be displayed before the
task occurs.
3. Click OK.
The message This computer will shutdown in %d seconds is displayed in the
Message to be displayed before the task field. This message can be edited. Add the
word minutes in the message after %d to include the word minutes as part of the
message.
Example
In the above screen, a Shutdown task has been created to shutdown the computer daily at 12:00
AM. The task is configured to display a message to the user 1 minute before the Shutdown task.
Idle Time
The Idle Time task can be scheduled by completing the following steps:
Deep Freeze Enterprise User Guide
38
| Using Deep Freeze Configuration Administrator
1. Select Idle Time from the Task Type drop-down and click Add.
2. The following options are displayed:
• Name - Specify a name for the task.
• Restart or Shutdown - Select Restart or Shutdown and specify the idle time in minutes after
which the task must take place.
• Show message - Select the check box to display a message. Specify the time interval in
minutes and enter a brief message.
After the computer is started, the Idle Time counter becomes active only after the
first keyboard or mouse activity has been initiated. During a Remote Desktop
session, the Idle Time of the controlling computer is used to activate the task.
Deep Freeze Enterprise User Guide
Workstation Tasks Tab
| 39
3. Click OK.
Example
In the above screen, the Idle Time task is set to Restart when the computer is idle for 1 minute. A
message is displayed to the user for 1 minute after the idle time has elapsed. The computer will
restart unless the user cancels the task in the message dialog displayed.
Batch File
Batch File tasks are scheduled for executing batch files on the workstation. A Batch File task has a
Start Time and an End Time. During this period, the batch file is executed on the workstation. You
must configure additional settings in the Batch File tab for the Batch File Task to work. You can
configure to shutdown the workstation after the Batch File Task is completed. Workstations will
reboot Frozen after the batch file has been executed.
The Batch File task can be scheduled by completing the following steps:
1. Select Batch File from the Task Type drop-down and click Add.
2. The following options are displayed:
Deep Freeze Enterprise User Guide
40
| Using Deep Freeze Configuration Administrator
• Name - Specify a name for the task.
• Day - Select the day, or specify if the task will occur on Weekdays or Weekends.
• Start - Select the Start Time.
• End - Select the End Time. The minimum interval is 15 minutes.
• Allow user to cancel the task - Select the check box if the user is allowed to cancel the task
before it starts.
• Shutdown after task - Select the check box to shutdown the computer after the task.
• Disable Keyboard and Mouse - Select the check box to disable keyboard and mouse during
the task.
• Show message - Select the check box to display a message on the computer Before and During
the task. Specify the time interval in minutes and enter a brief message to be displayed before
the task starts.
3. Click OK.
4. Go to Batch File Tab to configure additional settings.
The message This computer will reboot in %d for Batch File is displayed in the
Message to be displayed before the task field. This message can be edited. Add the
word minutes in the message after %d to include the word minutes as part of the
message.
Example
In the above screen, a Batch File task has been created to execute a Batch File at the computer
daily at 12:00 AM and end at 12.15 AM. The task is configured to display a message to the user
before the Batch File is executed. The keyboard and mouse are disabled.
Deep Freeze Enterprise User Guide
Workstation Tasks Tab
| 41
Thawed Period
Thawed Period tasks are scheduled to reboot the workstation is in a Thawed state. A Thawed
Period is useful for some applications that update automatically at regular intervals. A Thawed
Period is also useful for administrators to schedule maintenance and make permanent changes to
the computers. This may include installing new software, updating software, configuration
changes, and other maintenance functions. A Thawed Period has a Start Time and an End Time.
The Thawed Period can be scheduled by completing the following steps:
1. Select Thawed Period from the Task Type drop-down and click Add.
2. The following options are displayed:
Deep Freeze Enterprise User Guide
42
| Using Deep Freeze Configuration Administrator
• Name - Specify a name for the task.
• Day - Select the day, or specify if the task will occur on Weekdays or Weekends.
• Start - Select the Start Time.
• End - Select the End Time. The minimum interval is 15 minutes.
• Allow user to cancel task - Select the check box if the user is allowed to cancel the task before
it starts.
• Shutdown after task - Select the check box to shutdown the computer after the task.
• Disable Keyboard and Mouse - Select the check box to disable keyboard and mouse during
the task.
• Show message - Select the check box to display a message on the computer Before and During
the task. Specify the time interval in minutes and enter a brief message to be displayed before
the task starts.
3. Click OK.
The message This computer will reboot in %d for Maintenance is displayed in the
Message to be displayed before the task field. This message can be edited. Add the
word minutes in the message after %d to include the word minutes as part of the
message.
Example
Anti-Virus programs require regular virus definition updates to protect the system. Virus
definitions can be updated during a Thawed Period.
Deep Freeze Enterprise User Guide
Workstation Tasks Tab
| 43
In the above screen, a Thawed Period task has been created daily between 12:00 AM and 12:15
AM. The user is not allowed to cancel the task before it starts. The computer will shut down after
the maintenance period. The keyboard and mouse are disabled during the maintenance period.
The task is configured to display a message to the user 5 minutes before the task starts. The
following message will be displayed on the computer at 11:55 AM The computer will reboot in 5
minutes to enter into a Thawed Period.
To ensure that the virus definitions are applied permanently, schedule the virus definition update
for your Anti-Virus program so that it starts after Deep Freeze successfully starts the Thawed
Period task and ends before Deep Freeze ends the Thawed Period task. This ensures that the virus
definitions downloaded and updated by the Anti-Virus program stay permanently on the system.
Hence the system is fully protected by Anti-Virus and Deep Freeze.
Faronics Anti-Virus: Faronics Anti-Virus works with Deep Freeze and does not
require a Thawed Period task for updating virus definitions. Faronics Anti-Virus
can update virus definitions even when the computers managed by Deep Freeze
are in a Frozen state.
Other Anti-Virus Programs: All other Anti-Virus programs require
scheduling a Thawed Period task to update virus definitions. Refer to your
Anti-Virus program user guide for information on how the virus definitions are
downloaded. Alternatively, virus definitions can be applied manually when the
computers managed by Deep Freeze are in a Thawed state. You can also schedule
a no user intervention install of your virus definitions through a Batch File Task.
Deep Freeze Enterprise User Guide
44
| Using Deep Freeze Configuration Administrator
Windows Update Tab
The Windows Update tab allows you to customize settings for Windows Update. When you first
create a Windows Update Task, you will be given an option to modify the default settings in the
Windows Update tab. Modifying the default settings is not mandatory. Windows Update will be
performed even with the default settings. The settings in the Windows Update tab will apply to all
Windows Update tasks.
The Deep Freeze Windows Update tab settings override the Windows Update
settings on the workstation.
The settings in the Windows Update tab can be customized as follows:
Allow Deep Freeze to choose how Windows updates are downloaded: —select this check box to
allow Deep Freeze to choose how Windows updates are downloaded. The following options are
available:
• Select the Windows Updates download options:
— Do not cache Windows updates — select this option to download Windows updates only
during the Windows Update task.
— Cache Windows updates —select this option to download when the workstation is in a
Frozen or Thawed state and install during the Windows Update Task. This option creates a
2 GB ThawSpace and the Windows Updates are stored in the ThawSpace to ensure that
Windows Update files are persistent across multiple reboots.
Deep Freeze Enterprise User Guide
Windows Update Tab
| 45
• Always retrieve updates from:
— Microsoft Windows Update website —select this option to download updates directly from
the Microsoft Windows Update web site.
— Windows Server Update Services (WSUS) — select this option to download from WSUS
server. Specify the SUS/WSUS Server. Optionally, select Use WSUS Target and specify the
target. Microsoft SUS client and SUS/WSUS server can be downloaded at:
http://www.microsoft.com/wsus.
A log file is created for each individual workstation and is stored locally on the
workstation.
The default name for the Deep Freeze Windows Update Log file is
DFWuLogfile.log and can be found at:
C:\Program Files\Faronics\Deep Freeze\Install C-[X]\DFWuLogfile.log (32-bit
systems) and C:\Program Files (x86)\Faronics\Deep Freeze\Install
C-[X]\DFWuLogfile.log (64-bit systems).
• You cannot change the name or location of the log file.
• The Deep Freeze Log file and the Windows Update log file (at
c:\windows\windowsupdate.log) are very useful for troubleshooting your
Windows updates.
• X is an incremental value depending on how many times you have installed
Deep Freeze on the workstation.
Contact Faronics Support for help troubleshooting the DFWuLogfile.log (at
http://support.faronics.com).
Contact Microsoft Support for troubleshooting Windows Update Errors. (See
http://support.microsoft.com/kb/906602)
Also see Microsoft KB 902093 How to read the Windows Update log file found
at: http://support.microsoft.com/kb/902093/ or visit
http://support.microsoft.com.
Deep Freeze Enterprise User Guide
46
| Using Deep Freeze Configuration Administrator
Batch File Tab
The Batch File tab allows you to customize settings for the Batch File task. When you schedule a
Batch File task from the Workstation Tasks tab, you must configure the settings in the Batch File
tab.
Configure the following options:
• Batch File Authentication
Select Microsoft Network and select if the account to be used is a System account or a
Specified user account. If you select Specified user account, specify the Login ID, Password,
and Domain. For Novell Network, select Novell, specify the Login ID, Password, Tree,
Context, and Server.
The default configuration using the Microsoft Network/System Account
authentication must be tested prior to using alternative credentials. Using this
machine level account often is sufficient to complete the task. Use of a specified
user account may be required if the batch file requires network access to secure
resources.
• Batch File Contents
Deep Freeze Enterprise User Guide
Batch File Tab
| 47
Enter a custom batch file to run during the Batch File task. The same batch file applies to all
Batch File tasks. The following options are available when running custom batch files:
— To clear the current batch file, click Clear.
— To load an existing file, click Import and browse to the location of the file.
— To save the contents of the field, click Export and browse to the preferred save location.
The batch file can be any command or series of commands that the command processor can
run. You can run custom scripts that require the use of a third-party scripting engine by calling
the script from the batch file as if it was being run from the command line.
Batch Files allow you to use VB Scripts, PowerShell scripts, Ninite and other third
party solutions. Contact your software vendor or refer to your third party solution
user guide to know more about scripting solutions that include no user
intervention options.
Deep Freeze Enterprise User Guide
48
| Using Deep Freeze Configuration Administrator
Advanced Options Tab
The Advanced Options tab is used to configure the network settings used by the computers to
communicate with the Console, configure various security options, and administer License Keys.
Network
Communication between the Deep Freeze Enterprise Console and computers with Deep Freeze
installed can use two different modes: LAN Mode or LAN/WAN Mode.
• LAN: Select LAN to configure Deep Freeze to communicate within a Local Area Network
(LAN). LAN mode is a self-configuring mode that requires only a port number. The default
port is 7725. The port number can be changed if it is in conflict with other programs on the
LAN. In LAN mode, the Deep Freeze target computer and the Enterprise Console find each
other through UDP broadcasts. These broadcasts only occur when computer or the Enterprise
Console is started, ensuring that there is little network traffic associated with target computer
and Console communication.
• LAN/WAN: Select LAN/WAN to configure Deep Freeze to communicate in both a LAN and a
WAN (wide area network). LAN/WAN can be used in either a LAN or WAN environment and
over the Internet. This mode uses an IP address or the computer name, along with a port
number, to allow communication between the Enterprise Console and the managed
computers.
The following two methods are available to identify the Console:
• specify the Console IP, which must be static
Deep Freeze Enterprise User Guide
Advanced Options Tab
| 49
• specify the Console Name, in which case the IP can be dynamic (if valid DNS name resolution
is available as part of the domain infrastructure).
When the Enterprise Console is behind a firewall or a NAT (network address translation) router,
the firewall or router must be configured to allow traffic to pass through to the Enterprise Console.
Depending on the firewall or router, computers may need to be configured with the IP address of
the firewall so that traffic can be forwarded.
Deep Freeze automatically configures the required exceptions in the Windows
Firewall. It is not required to configure the Windows Firewall manually.
For more information on configuring and using Deep Freeze in a specific network environment,
refer to Appendix B or contact Technical Support.
If a port number other than the default of 7725 (registered to Deep Freeze) is used, care should be
taken to ensure that there are no conflicts with applications already running on the network.
Well-known ports (0–1023) should be avoided and any Registered Ports (1024–49151) should be
checked for conflicts before deployment.
It is recommended to use ports in the unallocated range above 49152. Using Port
Segmentation, you can isolate a lab or building by port number by configuring the
Port Number on the workstations and in the Deep Freeze Enterprise Console.
Using this method, you can provide management functions for a specific set of
workstations and not your entire organization. UDP and TCP port exceptions for
these ports will be required. For more information, refer to Example 3 - Multiple
Ports, Console Accessed Remotely.
A complete listing of the ports assigned to various applications can be found on the Internet
Assigned Numbers Authority web site at http://www.iana.org/assignments/port-numbers.
Advanced Options
• Disable Command Line options - This option is selected by default. Clearing this check box
allows for further customization of the Deep Freeze installation program when using the Silent
Install System. Selecting this option prevents the pre-existing configuration choices from
being changed during installation.
• Enable Deep Freeze local policies - For enhanced security, Deep Freeze removes the following
local privileges: debugging programs, modifying firmware, and changing the system time;
clear this option to use existing privileges.
• Allow user to change the clock - Select this option to allow Frozen users to adjust the system
clock. Enable this feature during Daylight Savings to allow Windows to update the time
automatically each season.
• Manage Secure Channel Password — Secure Channel Password is a feature of all Windows
operating systems and only applicable if the system is running in Windows Server Domain
Environment. Secure Channel Password is used for secure communication between the server
and workstations. The Secure Channel Password is automatically changed based on the
operating system settings. While using Deep Freeze, the newly changed Secure Channel
Password is lost on reboot. The Manage Secure Channel Password option avoids this
situation. The Manage Secure Channel Password feature of Deep Freeze changes the value of
Deep Freeze Enterprise User Guide
50
| Using Deep Freeze Configuration Administrator
the Group Policy Maximum machine account password age based on the Deep Freeze state
(Frozen or Thawed).
— Select the Manage Secure Channel Password option if you want Deep Freeze to manage
Secure Channel Password.
When the workstation is Frozen: The workstation will not change the Secure Channel
Password. This ensures that the secure communication between the server and the
workstation is always maintained.
When the workstation is Thawed: The workstation will change the Secure Channel
Password and sync the password with the server.
— Do not select the Manage Secure Channel Password option if you do not want Deep Freeze
to manage the Secure Channel Password.
When the workstation is Frozen: When the Secure Channel Password is changed and
synced with the server, it resets to the old password on reboot.
When the workstation is Thawed: If the workstation is Thawed on the day the Secure
Channel Password is changed, the new password takes affect and the workstation is synced
with the server.
• Restart on Logoff - Select this check box to Restart the computer automatically when it is
logged off. If this option is selected, the computer is restarted when a user logs off in a Frozen
state.
• Protect Master Boot Record (MBR) - Select this check box if you want Deep Freeze to protect
the Master Boot Record. If this option is selected, changes to the Master Boot Record are
reversed on reboot when the computer is in a Frozen state.
The Manage Secure Channel Password feature of Deep Freeze always overrides
the Group Policy Maximum machine account password age.
Set the following in the Group Policy for the Manage Secure Channel Password
feature to work:
Domain Controller: Refuse machine account password changes to Not Defined
Domain Member: Disable machine account password changes to Disabled
Example
On a Windows Domain Environment using Windows Server 2008 R2 that manages multiple
workstations, Secure Channel Password is used for secure communication between the server and
workstations.
In Deep Freeze Configuration Administrator, go to the Advanced Options tab and select Manage
Secure Channel Password. Create the Workstation Install file and deploy it to the workstation.
Set the following in the Group Policy for the Manage Secure Channel Password feature to work:
Domain Controller: Refuse machine account password changes to Not Defined
Domain Member: Disable machine account password changes to Disabled
When the workstation is Frozen, the Secure Channel Password does not change. When the
workstation is Thawed, the Secure Channel Password is changed at the workstation and synced
with the server.
Deep Freeze Enterprise User Guide
Advanced Options Tab
| 51
Stealth Mode
• Show Frozen icon in system tray - Select this option to display the icon to indicate that Deep
Freeze is installed and the computer is Frozen.
• Show Thawed icon in system tray - Select this option to display the icon to indicate that Deep
Freeze is installed but the computer is Thawed.
If the options to show a Deep Freeze icon in the System Tray are unchecked, the keyboard shortcut
CTRL+ALT+SHIFT+F6 must be used to access the logon dialog.
License
• License Key - Click Edit and enter the License Key.
• License Key Type - The License Key type is displayed. This field displays if this is an Evaluation
version or a full version.
• Expiry Date - The Expiry Date for Deep Freeze is displayed.
The License Key can be updated in the following ways:
— Through the Workstation Install file - The License Key is updated in the Configuration
Administrator and a Workstation Install file is created. The License Key is now part of the
Workstation Install file.
— Through the Enterprise Console - The License Key can be updated directly on the Enterprise
Console. When the License Key is updated in the Enterprise Console, it is automatically
updated on all connected computers. For more information on updating directly through
the Enterprise Console, refer to the Licensing section.
— Manually on each computer - The License Key can be updated manually on each computer.
For more information, refer to the Status Tab section.
When downloading version updates for Deep Freeze Enterprise from
www.faronicslabs.com remember that you will need to copy and paste the newest
license key from your account for use in the installation. Faronics updates the
license key with every revision of the software. Your Faronics Labs account will be
updated with the new license key upon each release.
Deep Freeze Enterprise User Guide
52
| Using Deep Freeze Configuration Administrator
Creating Workstation Install Program and Workstation Seed
To create customized Deep Freeze installation program files with all of the options that were
configured in the previous sections, click the Create button in the Configuration Administrator
toolbar and select Create Workstation Install Program.
The default file name for this program is DFWks.exe. We recommend that you
keep the default name, but in larger deployments you may want to suffix it with
information related to it's configuration such as: DFwks_10gbThawSpace.exe or
DFWks_NoMaintenance.exe or DFwks_Wed-5pmUpdates.exe to assist in
organization and identification of the installer functions. The same
recommendation applies for Deep Freeze Configuration files (.rdx) as well.
This file can then be used to install Deep Freeze on computers using:
• Attended Install (install based on user input)
• Silent Install system — install that does not inform user of progress or provide messages
during installation). For more information on the Silent Install command, refer to Silent
Install or Uninstall, page 83.
• Target Install — Through the Deep Freeze Enterprise Console for workstations that already
contain a Seed or previous version of Deep Freeze that has been created with the same
Customization Code.
To create a Workstation Seed, click the Create button in the Configuration Administrator toolbar
and select Create Workstation Seed. The Workstation Seed is a lightweight program that allows
administrators to remotely install and control computers from the Enterprise Console. The
Workstation Seed can be installed as part of a master image and then deployed via imaging
software. All computers on the LAN with the Workstation Seed installed are displayed in the
Enterprise Console. The default file name for this program is DFWksSeed.exe.
All files are saved to Deep Freeze Enterprise/Install Programs folder by default. A different
location can be chosen and the file name can be changed if required. It is recommended that a
naming convention is used if you are creating multiple customized installation files.
DFwks.exe, DFwksseed.exe, and depfrz.rdx files can be created and deployed
interchangeably to any Deep Freeze computer that uses the same Customization
Code. The Deep Freeze Seed can be used as a template/place holder to ensure
your basic elements such as passwords, Network Configuration or standardized
workstation tasks are all consistent. The seed will not utilize any of the
configuration settings but will hold them in the file. To use the file as a template
simply open the DFwksseed.exe file using the Configuration Adminstrator and
make any required changes. Then, to create workstation installation click Create>
Create Workstation Installation File.
Deep Freeze Enterprise User Guide
Creating Workstation Install Program and Workstation Seed
| 53
It is recommended to restrict the use of the Configuration Administrator in larger
environments for security reasons. This can be done by password protecting the
Deep Freeze Administrator or alternatively, making it unavailable by removing
the DFadmin.exe file from the c:\program files\faronics\Deep Freeze 7
Enterprise folder. This file can be moved to the Domain Administrator’s
workstation and deleted from the Common Deep Freeze Enterprise Console. It
can be restored by copying it from another installation of the same version and
authorizing using the OTP password or by reinstallation or upgrade of Deep
Freeze Enterprise using the same Customization Code.
Deep Freeze Enterprise User Guide
54
| Using Deep Freeze Configuration Administrator
Deep Freeze Enterprise User Guide
| 55
Using Deep Freeze Enterprise Console
This chapter describes using the Deep Freeze Enterprise Console.
Topics
Deep Freeze Enterprise Console
Managing Communication Between the Console and Workstations
Remote Consoles
Connecting to a Remote Console
Managing Deep Freeze with the Console
Licensing
Scheduling Deep Freeze Tasks
Assigning Computers to Scheduled Tasks
Managing Network and Groups
History
Adding computers to a Group
Configure Custom Actions
Console Customizer
Deep Freeze Enterprise Console Shutdown
Installing Deep Freeze on the Workstation
Uninstalling Deep Freeze on the Workstation via the Console
Silent Install or Uninstall
Check for Updates
Deep Freeze Enterprise User Guide
56
| Using Deep Freeze Enterprise Console
Deep Freeze Enterprise Console
The Deep Freeze Enterprise Console displays the status of all Frozen, Thawed, and Target
computers on the network and allows the administrator to perform specific tasks on those
computers. Detailed status information is available with selective or group reporting.
The Enterprise Console allows administrators to remotely perform the following tasks:
• Immediately Target Install computers
• Selectively Freeze, Thaw, or Thaw Lock one or more computers
• Lock or Unlock selected computers
• Restart or shutdown computers
• Stop scheduled maintenance
• Power on computers equipped with a Wake-on-LAN network card
• Update Deep Freeze software
• Schedule tasks directly from the Console
• Send messages to computers
• Import groups and containers from Active Directory
• Generate One Time Passwords
• Schedule Actions
• Customize the Enterprise Console
• Update the License Key
The Enterprise Console can only wake a computer from a powered-down state if the computer is
properly configured to power on when a Wake-on-LAN packet is received.
Launching the Enterprise Console
The Enterprise Console is installed with the Deep Freeze Configuration Administrator. Open the
Console by selecting the following path from the Start menu:
Start > All Programs > Faronics > Deep Freeze 7 Enterprise > Deep Freeze Console
Activating the Enterprise Console
As a security feature of Deep Freeze Enterprise the OTP feature prevents unauthorized Deep
Freeze Enterprise Console use. When the DFConsole.exe file is copied to a new computer, the
Console must be activated. When it is run for the first time on the new computer, a dialog displays
with an OTP Token.
The network administrator enters this token in the Configuration Administrator’s OTP
Generation System. An OTP is generated. Enter it in the dialog and the Console will run.
Deep Freeze Enterprise User Guide
Deep Freeze Enterprise Console
| 57
The Enterprise Console runs on Windows 2000/XP/Vista, and 2000, 2003 and 2008 Server. The
computer on which the Enterprise Console is installed must not have an installation of the
Workstation Seed (using the same port) or a full Deep Freeze installation.
Status Icons
The Enterprise Console displays the status of the computers on the local area network with the
following icons beside or above the computer name, depending on the view selected:
Icon Definition
Target: Computers that have the Deep Freeze Workstation Seed installed
but do not have Deep Freeze installed; Deep Freeze can only be remotely
installed on computers with this icon
Computers with Deep Freeze installed in a Frozen state
Computers with Deep Freeze installed in a Thawed state
Computers with Deep Freeze installed in a Thawed Locked state
Computers that are currently powered down
Computers that are currently in Maintenance Mode
Computers whose communication with the Console has been interrupted
Computers that are Locked
Deep Freeze Enterprise User Guide
58
| Using Deep Freeze Enterprise Console
Managing Communication Between the Console and Workstations
There are two types of connections from Console to workstation and Console to Console:
1. Local connections — connections that can only be accessed by the Enterprise Console that
hosts those connections.
2. Remote control enabled connections — connections that can be accessed by the Console that
hosts as well as other Consoles connected remotely.
The Server Service for Deep Freeze 6.5 will not automatically update the Server
Service for Deep Freeze 6.4 or lower. Both services can be installed on the same
computer, but only one service can run at a time.
A computer can lose communication with the Console for any of the following reasons:
• The computer is powered off manually or is shut down without warning
• The network is experiencing heavy traffic or outages
• The computer’s network settings are changed to point to a new Console
In most cases, communication with the computer is re-established when the computer is powered
on or when the conditions causing the communications breakdown are rectified. It may take
several minutes for the computer to report back to the Console and re-establish communication.
If communication cannot be re-established, contact Technical Support for troubleshooting steps.
Configuring the local service
The local service is a service that sets up and maintains connections to computers.
Enabling the local service
By default the local service will be installed and enabled when the Console is first run.
To enable the local service again if it has been disabled (and/or uninistalled)
1. Select Tools > Network Configuration.
2. Select the Enable local service check box to enable it.
Deep Freeze Enterprise User Guide
Managing Communication Between the Console and Workstations
| 59
Disabling the local service
Clearing the Enable local service check box and clicking OK displays the option to either disable
the local service or uninstall the local service.
Adding a local service Connection
1. To add local service connection, select Tools >Network Configuration.
2. To add a connection select Add and specify the port number (7725 in this case).
3. To enable the Console to be controlled remotely, select Allow Remote Control check box and
specify a password.
After selecting Add, a connection that serves port 7725 will be created in the connections list of the
local service as well as the in the network pane of the Console.
Deep Freeze Enterprise User Guide
60
| Using Deep Freeze Enterprise Console
Editing or Removing a local service Connection
Once a Local Service connection has been added to it can be edited or removed through the Tools
> Network Configuration.
To edit a local service connection perform the following steps:
1. Ensure the Enable Local Service option is selected.
2. Select a port from the Local Service connections list and click Edit.
3. The edit dialog appears that allows for the port to be controlled remotely and password
protected.
4. To remove a port from the Local Service, highlight the port and click Remove. This does not
delete the entry from the Network and Groups pane in the Enterprise Console. It simply
removes it from the Local Service connections list.
5. To remove the entry form the network pane in the Console, select it and click the Remove icon
located in the sidebar.
Deep Freeze Enterprise User Guide
Remote Consoles
| 61
Remote Consoles
A Remote Console is a Console that hosts one or more connections that allow other Consoles to
connect through. Existing connections must be edited to allow them to be accessed remotely.
Setting up Remote Control Enabled Connections
To allow a connection to be accessed remotely perform the following steps:
1. Open Tools > Network Configurations.
2. Select the Enable local service check box.
3. Select a port from the list and click Edit.
4. Ensure Allow Remote Control is selected.
5. Specify a password.
6. Click OK.
Deep Freeze Enterprise User Guide
62
| Using Deep Freeze Enterprise Console
Connecting to a Remote Console
Once a Remote Console has been established by the hosting Console it can be accessed by other
Consoles from a different machine.
1. Select the Connect to Remote Console icon in the side bar or by right-clicking on the network
item. Upon selection the Connect to Remote Console dialog appears:
2. In the Connect to Remote Console dialog, specify the connection details such as Remote
Console Name, Remote Console IP, Port number, and Password. This information is
provided by the administrator of the host Console. Once entered, this information can be
retrieved by right-clicking a port in the Network and Groups Pane and selecting Properties.
If the connection to a Remote Console has been severed, it can be reconnected by
clicking the Reconnect to Remote Console icon in the sidebar or by right-clicking
on an entry in the Network and Groups pane.
Deep Freeze Enterprise User Guide
Managing Deep Freeze with the Console
| 63
Managing Deep Freeze with the Console
The Enterprise Console contains a toolbar at the top of the screen that allows quick access to the
functions of the Console.
These commands can also be accessed using the contextual menu, as shown below, that appears by
right-clicking on one or more computers. When a particular action is chosen, the selected
computer performs the action and the status icons update accordingly.
Specific icons are disabled if the selected computer does not support that action. For example, a
computer that has a Target icon, will not show the option to be Thawed or Frozen, because the
program has not been installed yet.
Updating Deep Freeze Software
To update Deep Freeze computers (where Deep Freeze 6.3 or higher is installed) with a new
version of Deep Freeze, complete the following steps:
1. In the Configuration Administrator of the new version of Deep Freeze, create a blank
workstation installation file.
2. In the Enterprise Console, select the computers to be updated. These computers can be in
either a Frozen or Thawed state.
3. Right-click, and select Update Deep Freeze from the contextual menu.
Deep Freeze Enterprise User Guide
64
| Using Deep Freeze Enterprise Console
4. A standard Open file window appears. Select the blank computer file and click Open.
5. The selected computers update to the new version of Deep Freeze software, but retain all
settings from the current version. The computers reboot twice to complete the update.
This feature works only on computers with Deep Freeze 6.3 and higher currently installed.
Sending Messages to Computers
To send a message to one or more computers, complete the following steps:
1. Select the computer(s) to send a message.
2. Right-click and select Send Message from the contextual menu.
3. Type the message in the dialog that appears and click Send. A dialog appears asking for
confirmation to send the message to the selected computers.
4. Click OK to send or Cancel to close the dialog without sending the message.
Target Installing Deep Freeze
Complete the following steps to remotely install a Full Workstation Installation on any computer
that has the Workstation Seed installed.
1. Right-click on one or multiple computers and select Install. A dialog is displayed, asking if the
installation should proceed. Click OK.
2. A dialog box appears to select the file to be installed on the remote computer.
3. Select the installation file to use and click Open.
4. The computer installs Deep Freeze and restarts.
5. Once the installation is complete, the Enterprise Console reflects the change in the computer’s
status, and displays it as Frozen.
Updating a Deep Freeze Configuration File
Complete the following steps to update the configuration on one or many computer(s) with the
settings of an existing .rdx file. (An .rdx file is a file containing the conditions specified in the
Deep Freeze Configuration Administrator).
1. Right-click on the computer(s) and select Update Configuration, as shown below.
2. A message appears asking for an existing .rdx file to be located.
3. Click OK. A standard Open File dialog appears to select an .rdx file.
4. Locate a file and click Open to update the configuration on the selected computer(s) with the
settings in the .rdx file. Click Cancel to cancel the configuration update.
Deep Freeze Enterprise User Guide
Managing Deep Freeze with the Console
| 65
If the Network options in the new configuration have changed, the computer(s)
may lose communication with the existing Enterprise Console. If communication
with the computers is lost, check the Network settings on the updated computers
to ensure that the port numbers and/or IP address of the Console have not been
changed.
Changes to passwords take effect immediately. All other changes take effect after
each computer is restarted. ThawSpace and/or Frozen Drives cannot be changed
through updating the configuration file.
Deep Freeze Enterprise User Guide
66
| Using Deep Freeze Enterprise Console
Licensing
The License Key can be updated via the Enterprise Console.
To update the License Key, complete the following steps:
1. Launch the Enterprise Console.
2. Go to Tools > Licensing.
3. The Deep Freeze License dialog is displayed.
4. Click Edit and enter the License Key in the License Key field.
5. Click Update License.
The License Key is automatically updated on all computers communicating with the Enterprise
Console. If a computer is offline (shut down or disconnected from the network), the License Key is
updated when the computer communicates with the Enterprise Console the next time.
Deep Freeze Enterprise User Guide
Scheduling Deep Freeze Tasks
| 67
Scheduling Deep Freeze Tasks
To schedule a Deep Freeze task in the Enterprise Console using the Scheduled Task Wizard,
complete the following steps:
1. Open the Scheduled Task Wizard in one of the following ways:
• click Scheduler in the Network and Groups pane and click the Add Task icon
• right-click on Scheduler in the Network and Groups pane, and choose Add Task
The following screen is displayed:
2. Double-click the preferred task or select the task and click Next.
3. In the following screen, enter a name for the task and choose the preferred task execution
schedule: Daily, Weekly, Monthly, or One time only. Task names must be unique. No two tasks
can have the same name. Click Next.
Deep Freeze Enterprise User Guide
68
| Using Deep Freeze Enterprise Console
4. Depending on the choice of task execution, the time and date configuration options that follow
will vary. Click Next.
5. Click Finish once the configuration is completed.
The default start time for a task is five minutes from the current time.
Deep Freeze Enterprise User Guide
Assigning Computers to Scheduled Tasks
| 69
Assigning Computers to Scheduled Tasks
After a task has been scheduled, it appears under the Scheduler in the Network and Groups pane
of the Console.
To assign computers to a task, select the preferred computers from the Workstations pane in the
Console and drag them onto the preferred task. Or, drag a group onto the task.
To see which computers are assigned to a specific task, click on the task. The assigned computers
appear in the Workstations pane.
To delete a computer from a task, click on the computer and press Delete.
Deep Freeze Enterprise User Guide
70
| Using Deep Freeze Enterprise Console
Executing a Task Immediately
To execute a task immediately, right-click the task and select Execute Task.
Deleting a Task
To delete a task, click on the task and press Delete.
Scheduled Task Properties
To see the properties of a task, right-click the task name and select View Properties.
The following screen displays:
The properties of a task cannot be changed after it has been created. Only the computers that will
execute the task can be changed by adding or deleting computers.
Scheduled tasks will still execute even if the Enterprise Console is closed provided
the local service is enabled and the network connections are not shutdown upon
exiting the Enterprise Console.
Deep Freeze Enterprise User Guide
Managing Network and Groups
| 71
Managing Network and Groups
The Enterprise Console automatically arranges computers by their workgroup or domain. Click
the appropriate workgroup or domain to view the computers in that workgroup or domain.
The Enterprise Console can be used to define specific groups in order to arrange computers.
Adding a New Group
To add a new group, complete the following steps:
1. In the Network and Groups pane, right-click on User Defined Groups and choose Add Group.
2. The Add Group dialog appears:
3. Enter the name of the group to be added and click Add. The group appears under User Defined
Groups in the Network and Groups pane.
Building a User Defined Group Structure
After a group has been added, one or more sub-groups can be added below it, and further
sub-groups can be added indefinitely as a way to differentiate between environments, as in the
example shown below:
Deep Freeze Enterprise User Guide
72
| Using Deep Freeze Enterprise Console
Importing Groups from Active Directory
If the group structure has already been designed within Active Directory, that structure can be
imported directly into the Enterprise Console. Complete the following steps to import from the
Active Directory:
1. Select Tools> Import Groups from Active Directory, or click the LDAP icon located in the
sidebar.
2. The following dialog appears. Select either the Microsoft tab or the Novell tab.
3. Enter the LDAP server information of the import location. The option to login anonymously is
also available. If this check box is not selected, a user name and password is required.
4. Click Connect. The Active Directory hierarchy appears. Select the required entries and click
Import.
Deep Freeze Enterprise User Guide
History
| 73
History
The Enterprise Console stores the history of the target computers.
If a computer is disconnected from a network, shutdown or is restarting, an exclamation sign (!)
appears in the Enterprise Console for the particular computer. If the computer comes back online,
the exclamation sign disappears.
If the computer goes offline permanently (for example, if the computer was permanently
unplugged from the network), or if the computer is shutdown, the exclamation sign stays on.
In the Enterprise Console, go to File > Exit. Select the option Close Deep Freeze Console and
shutdown network connections option and click OK. Once you reopen the Enterprise Console, the
computers with the exclamation sign (!) will appear in History. If the computer is shutdown and is
equipped with Wake-On-LAN hardware, right-click on the computer in History and select
Wake-On-LAN to wake the computer.
Options in History:
• To view history, click History in the Networks and Groups pane.
• To delete computer(s) from History, select the computer(s), right-click and select Remove
from History in the context menu.
• To wake the computer using Wake-ON-LAN, select the computer(s), right-click and select
Wake-ON-LAN in the context menu.
Deep Freeze Enterprise User Guide
74
| Using Deep Freeze Enterprise Console
Adding computers to a Group
Computers can be added to a group by dragging them from the Workstations pane to the
preferred group, or by using an automatic filter set during the creation of the groups.
Automatic group filtering allows computers to be added to user-defined groups automatically.
The computers are added based on their computer name.
Wildcards (*, ?) can be used to add computers based on a specific segment of the name.
Example: Lab1-* adds all computers with names starting with Lab1- .
Sorting Groups Alphabetically
To sort the Groups alphabetically, right-click User Defined Groups and select Sort Groups
Alphabetically.
Removing Workstations from User Defined Group
To remove a computer from a Group, right-click on the computer in User Defined Groups and
select Remove from Group.
Importing or Exporting Groups to File
To import groups from a file or export groups to a file, choose the preferred option from the Tools
menu.
Viewing the Console Log File
The Enterprise Console keeps a log of the status and activity history of all connected computers.
The log stores information for the previous 48 hours. Information older than 48 hours is
automatically deleted from the log.
• To view the log file for one or many computers, right-click on the computer(s) and select Show
Log.
• To sort the log file, click on a preferred heading.
• To export the log file as a .csv file, right-click and select Export to file, as displayed:
Deep Freeze Enterprise User Guide
Configure Custom Actions
| 75
Configure Custom Actions
Deep Freeze provides the following custom actions that can be accessed via the Actions menu.
Additional actions can be created to suit specific needs. Deep Freeze provides three default
actions. Additional Custom Actions can be configured by importing the appropriate .xml file in the
Deep Freeze Console. For more information on Custom Actions, the structure of the custom action
file and details about various parameters, refer to Appendix E.
Control with RDC
This allows connecting to the computer through Microsoft Remote Desktop Protocol. Remote
Desktop Connection must already be enabled on the target machines.
1. Go to Action Menu > Custom Actions.
2. Select Control with RDC.
3. Enter the Executable Path or browse to select the location.
4. Enter the Working Directory.
5. Click Apply.
Deep Freeze Enterprise User Guide
76
| Using Deep Freeze Enterprise Console
Remote Execute
Remote Execute allows you to remotely execute an executable file on a computer. PsExec is a tool
that can be used to remotely execute an executable file on a computer. PsExec must be
downloaded and installed on the computer. For more information on PsExec, visit
http://www.faronics.com/pstools.
Configure
1. Go to Action > Custom Actions.
2. Select Remote Execute.
3. Enter the PSExec Location or browse to select the location.
4. The Executable path and the Working Directory are added automatically. The Executable
path and Working Directory can be modified later.
5. Click Close.
Execute
1. Select the computers from the Workstations pane.
2. Select Action > Remote Execute.
3. The Remote Execute dialog is displayed.
4. Enter the User Name, Password and Command.
5. Click OK.
Deep Freeze Enterprise User Guide
Configure Custom Actions
| 77
Push and Install MSI file
The Push and Install MSI file option allows you to push and install a .msi file on a computer
through the Enterprise Console.
Configure
1. Go to Action > Custom Actions.
2. Select Push and Install MSI file.
3. Enter the PSExec Location or browse to select the location.
4. The Executable path and the Working Directory are added automatically. The Executable
path and Working Directory can be modified later.
5. Click Close.
Execute
1. Select the computers from the Workstations pane.
2. Select Action > Push and Install MSI file.
3. The Push and Install MSI file dialog is displayed.
4. Enter the User Name, Password, File Name and Drive Letter.
5. Click OK.
Deleting, Importing and Exporting Custom Actions
Deleting Custom Actions
To delete Custom Actions, complete the following steps:
1. Go to Action Menu > Custom Actions.
Deep Freeze Enterprise User Guide
78
| Using Deep Freeze Enterprise Console
2. Select the Custom Action to be deleted.
3. Click Delete.
Importing Custom Actions
To import Custom Actions, complete the following steps:
1. Go to Action Menu > Custom Actions.
2. Click Import.
3. Browse to select the .xml file to be imported.
4. Click Open to import the file.
Exporting Custom Actions
To export Custom Actions, complete the following steps:
1. Go to Action Menu > Custom Actions.
2. Select the Custom Action to be exported.
3. Click Export.
4. The Export Custom Action to File dialog is displayed.
5. Specify a File name and click Save.
Deep Freeze Enterprise User Guide
Console Customizer
| 79
Console Customizer
The Console Customizer lets you specify which features and commands you want to be available in
the Console, and save the result as a new Console that can be distributed in your organization.
The available settings are grouped into categories (Console functions, Workstation commands,
Deep Freeze commands, Workstation install/uninstall commands, and Scheduler commands).
Click on the plus (+) icon to the far left of each category to disclose the full list of settings available
in that category.
Select or clear the individual check boxes as required. Alternatively, select or clear the entire
categories at once. Settings that are cleared will not be available in the new Enterprise Console you
create. For an example on how to use the Console Customizer in a practical scenario, refer to
Appendix D.
Complete the following steps to create Consoles with limited functionality:
1. Select Tools>Console Customizer.
2. The Console Customizer is displayed.
3. Select the features to be displayed in the new Console.
4. Click Save As to save the Console. Specify a name for the file.
5. When you double-click the newly created .exe file, the Console with the limited functionality is
launched.
Deep Freeze Enterprise User Guide
80
| Using Deep Freeze Enterprise Console
Deep Freeze Enterprise Console Shutdown
To shutdown the Deep Freeze Console select File > Exit or click the close window button. Upon
exit, you can choose to:
• Minimize the Console to the system tray.
This does not stop the Console and keeps the connections active. The Deep Freeze Console
icon appears in the system tray. Scheduled tasks will still execute. To reopen the Deep Freeze
Enterprise Console, right-click its icon located in the taskbar and select Restore DF6 Console.
• Close Deep Freeze Console and leave the network connections running
This closes the Console but keeps the connections to the computers active. Scheduled tasks
will still execute.
• Close Deep Freeze Console and shutdown network connections.
This stops Console processes, closes the connections (including local service), and scheduled
tasks will not start to execute. However, scheduled tasks that have started executing will
continue.
The dialog will not appear on future exits once the Set Default option has been selected. To edit
these settings select Tools >Exit Options.
Deep Freeze Enterprise User Guide
Installing Deep Freeze on the Workstation
| 81
Installing Deep Freeze on the Workstation
After a customized installation program file has been created using the Configuration
Administrator, Deep Freeze can be deployed to computers using an Attended Install, a Target
Install, the Silent Install System, or as part of an imaging process.
All background utilities and antivirus software should be disabled and all applications should be
closed prior to installation. These programs may interfere with the installation, which could result
in Deep Freeze not functioning correctly.
The computer restarts after any type of installation is completed. Deep Freeze must be in a
Thawed state for any type of uninstall to succeed.
Any existing ThawSpace will be deleted during an uninstall if:
• the option to retain existing ThawSpace was not checked in the Configuration Administrator
• the ThawSpace was not created with Deep Freeze Enterprise Version 5 or later
Attended Install or Uninstall
To install or uninstall Deep Freeze, complete the following steps:
1. Run the installation program file (DFWks.exe) on the computer. The following screen appears:
2. Click Install to begin the installation. Follow the steps presented, then read and accept the
license agreement. Deep Freeze installs and the computer restarts.
Click Uninstall to uninstall Deep Freeze. Uninstall can only be clicked if Deep
Freeze has previously been installed and the computer is currently Thawed. If
there is an existing ThawSpace, Deep Freeze displays a dialog asking if it should
be retained or deleted.
If the hard drive is too fragmented, it is not possible to create ThawSpace(s). A
message is displayed prompting you to abort installation, or install Deep Freeze
without ThawSpace(s).
Deep Freeze Enterprise User Guide
82
| Using Deep Freeze Enterprise Console
Uninstalling Deep Freeze on the Workstation via the Console
The Enterprise Console can be used to uninstall Deep Freeze completely or to uninstall Deep
Freeze but leave the Workstation Seed. A computer must be in a Thawed state in order to
uninstall the program.
To uninstall Deep Freeze on a computer and leave the Workstation Seed, right-click on the
Thawed workstation(s) and select Uninstall (Leave Seed), as shown above. Or click the icon on
the toolbar.
To completely uninstall Deep Freeze and the Workstation Seed, select the computer(s) to be
uninstalled and click the Uninstall icon on the toolbar.
The computer must be Thawed before Deep Freeze can be uninstalled. The
Enterprise Console prompts for confirmation. Once the uninstall is confirmed,
Deep Freeze uninstalls and the computer restarts.
Deep Freeze Enterprise User Guide
Silent Install or Uninstall
| 83
Silent Install or Uninstall
Deep Freeze can be rapidly installed to many computers over a network using the Silent Install
System. Any deployment utility that allows execution of a command line on a remote computer
can implement the Silent Install System. After the Silent Install is complete, the computer
immediately restarts. The command line has the following options:
Syntax Description
[/Install] Install Deep Freeze using installation file
[/Install /Seed] Install only the specified Workstation Seed file
[/Uninstall] Uninstall Deep Freeze
[/Uninstall /Seed] Uninstall Deep Freeze and leave the Workstation Seed installed
[/PW=password] Set a password during installation*
[/AllowTimeChange] Allow system clock to be changed*
[/Freeze=C,D,...] Freeze only drives listed (Thaw all others)*
[/Thaw=C,D,...] Thaw only drives listed (Freeze all others)*
[/USB] Exempt external USB hard disks from protection
[/FireWire] Exempt external FireWire hard disks from protection
Example Command Line
DFWks.exe /Install /Freeze=C /PW=password
In the above example, the Deep Freeze installation program file is named DFWks.exe. Only the C:
drive will be Frozen. Any other drives on the computer will be Thawed. If the computer only has a
C: drive, the [/Freeze] switch can be omitted. A password (password) will be created. After
executing the command, Deep Freeze will install and the computer will restart Frozen and ready to
use.
The Silent Install System does not work without the [/Install] or [/Uninstall] switch. Deep
Freeze must be in a Thawed state before [/Uninstall] can be used.
To run the configuration command line options, Disable Command Line options
on the Advanced Options tab must be cleared.
* These options are disabled by default.
Deep Freeze Enterprise User Guide
84
| Using Deep Freeze Enterprise Console
Silent Install or Uninstall Using a Shortcut
Deep Freeze can be installed directly on a computer without having to use the installation dialog
box by completing the following steps.
1. Locate the Deep Freeze installation program file (DFWks.exe) on the target computer.
2. Right-click on the icon and choose Create Shortcut.
3. Right-click on the shortcut and choose Properties.
4. Edit the path of the Target field by typing /install or /uninstall at the end of the path.
Example Shortcut Target:
C:\Documents and Settings\DFWks.exe /install
Double-clicking on the new shortcut results in the immediate installation or uninstallation of
Deep Freeze, followed by a restart of the computer.
Deep Freeze must be in a Thawed state before /uninstall can be used.
If the hard drive is too fragmented, it is not possible to create ThawSpace(s). The
installation is aborted.
Network Install on Multiple computers
The Silent Install System can also be used to install Deep Freeze on multiple computers over a
network. If the workstations on the network use logon scripts, the scripts can be used to install
Deep Freeze on all networked workstations automatically. All workstations will restart Frozen
and ready for use after installation has completed.
Use the following command line syntaxes to create an install error report log file:
\\Server Name\Share Name\DFWks.exe /Install >> my.log
Installing Over Existing Deep Freeze Versions
Unless the Update Deep Freeze Software feature is used (for Deep Freeze 6.3 and higher), all
existing Deep Freeze versions must be uninstalled prior to performing any new Deep Freeze
installation.
Installing Using Imaging
Deep Freeze has been designed to work with all major imaging and desktop management
software. Use either an Attended Install or the Silent Install System to install Deep Freeze on a
master image.
Deep Freeze must be prepared for deployment before finalizing a master image. To prepare the
master image for deployment, restart the computer into a Thawed state and log on to Deep Freeze
using the keyboard shortcut CTRL+SHIFT+ALT+F6. Select the Clone tab, and click Set Flag.
Create an image of your computer immediately as per your process.
Deep Freeze Enterprise User Guide
Silent Install or Uninstall
| 85
After imaging, the computers require an additional restart for Deep Freeze to correctly detect the
changes in disk configuration. If the computers are imaged in an unattended mode, steps should
be taken to ensure the computers are restarted to allow the configuration to update.
To return to the Frozen state after imaging is complete, set Deep Freeze to Boot Thawed on next n
number of restarts (in the master image) so that after n number of restarts, the computer is
automatically Frozen. Alternatively, use Deep Freeze Command Line Control to Freeze selected
computers.
Target Install
Deep Freeze can also be deployed using a Target Install from the Enterprise Console.
Deep Freeze Enterprise User Guide
86
| Using Deep Freeze Enterprise Console
Check for Updates
Deep Freeze allows you to check if there are newer versions available.
Go to Help > Check for updates. This checks if there are newer versions of Deep Freeze available.
Deep Freeze Enterprise User Guide
| 87
Managing Deep Freeze Computers
This chapter describes managing computers where Deep Freeze is installed.
Topics
Login Screen
Status Tab
Password Tab
Network Tab
ThawSpace Tab
Permanent Software Installations, Changes, or Removals
Deep Freeze Enterprise User Guide
88
| Managing Deep Freeze Computers
Login Screen
Use one of the following ways to access Deep Freeze on a computer.
1. If the Deep Freeze icon is shown in the System Tray, hold down the SHIFT key and
double-click the Deep Freeze icon. If the Deep Freeze is running in Stealth Mode and if the
Deep Freeze icon is not displayed, the keyboard shortcut CTRL+ALT+SHIFT+F6 must be
used to access the logon dialog.
2. Enter the administrator password and click OK to log on to Deep Freeze.
As an additional security feature, Deep Freeze prevents Brute Force attacks by automatically
restarting the computer after 10 unsuccessful login attempts.
Deep Freeze Enterprise User Guide
Status Tab
| 89
Status Tab
The Status tab displays the following options:
Status on Next Boot
The Status tab is used to set the mode Deep Freeze will be in after the next restart.
Choose one of the following options:
• Boot Frozen
to ensure that the computer is Frozen the next time it is restarted
• Boot Thawed on next
to ensure that the computer is Thawed each time it is restarted for the next specified number of
restarts. When that number of restarts is exceeded, the computer will boot Frozen.
• Boot Thawed
to ensure that the computer is Thawed each time it is restarted
Select the radio button next to the desired choice and click OK to save any changes. Clicking Apply
and Reboot will save any changes and reboot the computer immediately.
Clone
The Clone pane is used to prepare master images for the deployment process. For more
information, refer to the Installing Using Imaging section.
License
Enter the License Key in the License Key field. If no License Key is entered, Deep Freeze expires in
30 days after installation.
Deep Freeze Enterprise User Guide
90
| Managing Deep Freeze Computers
Password Tab
The Password tab allows you to change the password.
1. Specify a new password in the Enter new password field.
2. Confirm the new password by re-entering the same password in the Confirm password field.
3. Click OK.
4. The password is changed and a confirmation dialog is displayed.
Deep Freeze Enterprise User Guide
Network Tab
| 91
Network Tab
The Network tab can be used to configure the network options on a computer.
To choose either the LAN or the WAN method of communication, click the preferred option.
The default port number can be changed by clearing the Use Default Port check box and entering
the required port number.
For more information on network configuration, refer to Appendix B.
Deep Freeze Enterprise User Guide
92
| Managing Deep Freeze Computers
ThawSpace Tab
ThawSpace is a virtual partition on a computer that can be used to store programs, save files, or
make permanent changes. All files stored in the ThawSpace are saved after a restart, even if the
computer is Frozen.
ThawSpace is only available if it was set to be created in the Deep Freeze Configuration
Administrator.
After uninstalling Deep Freeze, all the ThawSpaces become visible. When Deep Freeze is
reinstalled, the ThawSpaces are Visible or Hidden as per the original settings in the ThawSpace
tab.
Any existing ThawSpace is deleted during an uninstall if any of the following apply:
• the option to retain existing ThawSpace was not selected in the Configuration Administrator
• the ThawSpace was not created with Deep Freeze Version 5 or higher
Deep Freeze Enterprise User Guide
Permanent Software Installations, Changes, or Removals
| 93
Permanent Software Installations, Changes, or Removals
Computers must be Thawed for any permanent changes to take effect. Installation of software
often requires one or more restarts to complete the installation.
Deep Freeze helps administrators overcome challenges with maintaining the configuration of their
computers in a production environment. Deep Freeze protects computers from unauthorized
changes, viruses and malware, that can leave computers in a non-functional state. Deep Freeze
also provides features to retain user data while protecting the computer.
For more information on how to implement Deep Freeze and ensure that the user data is retained,
refer to Deep Freeze - Retaining User Data available at http://www.faronics.com/library
Deep Freeze Enterprise User Guide
94
| Managing Deep Freeze Computers
Deep Freeze Enterprise User Guide
| 95
Deep Freeze Command Line Control
This chapter describes using the Deep Freeze Commands.
Topics
Deep Freeze Command Line Control (DFC.EXE)
DFC Command Line Syntax
Deep Freeze Enterprise User Guide
96
| Deep Freeze Command Line Control
Deep Freeze Command Line Control (DFC.EXE)
Deep Freeze Command Line Control (DFC) offers network administrators increased flexibility in
managing Deep Freeze computers. DFC works in combination with third-party enterprise
management tools and/or central management solutions. This combination allows
administrators to update computers on the fly and on demand.
It is important to note that DFC is not a stand-alone application. DFC integrates seamlessly with
any solution that can run script files, including standard run-once login scripts.
DFC commands require a password with command line rights. OTPs cannot be used.
List all commands by calling DFC without parameters.
The files are copied to (32-bit)
<WINDOWS>\system32\DFC.exe
The files are copied to (64-bit)
<WINDOWS>\syswow64\DFC.exe
DFC Return Values
On completion of any DFC command, the DFC returns the following values:
Syntax Description
0 SUCCESS or Boolean FALSE, for commands returning a Boolean result
1 Boolean TRUE
2 ERROR User does not have administrator rights
3 ERROR DFC command not valid on this installation
4 ERROR Invalid command
5 - * ERROR Internal error executing command
Deep Freeze Enterprise User Guide
DFC Command Line Syntax
| 97
DFC Command Line Syntax
Deep Freeze has a maximum password limit of 63 characters. If a longer password
is entered, the command will not be successful.
Syntax Description
DFC password /BOOTTHAWED Restarts computer in a Thawed state; only works on
Frozen computers.
DFC password /THAWNEXTBOOT Sets computer to restart Thawed the next time it
restarts; only works on Frozen computers and does not
force computer to restart.
DFC password /BOOTFROZEN Restarts computer into a Frozen state; only works on
Thawed computers.
DFC password Sets up computer to restart Frozen the next time it
/FREEZENEXTBOOT restarts; only works on Thawed computers and does not
force computer to restart.
DFC get /ISFROZEN Queries computer if it is Frozen. Returns error level 0 if
Thawed. Returns 1 if Frozen.
DFC password /CFG=[path] Replaces Deep Freeze configuration information.
depfrz.rdx Works on Thawed or Frozen computers. Password
changes are effective immediately. Other changes
require restart.
DFC get /version Displays Deep Freeze version number.
DFC password /UPDATE=[path Sets up computer to restart in a Thawed state and
to installer file] install a Deep Freeze update
DFC password /LOCK Disables keyboard and mouse on computer. Works on
Frozen or Thawed computer and does not require a
restart.
DFC password /UNLOCK Enables keyboard and mouse on computer. Works on
Frozen or Thawed computer and does not require a
restart.
DFC password Sets up computer to restart in a Thawed state with
/THAWLOCKNEXTBOOT keyboard and mouse disabled; only works on Frozen
computers
DFC password Restarts computer in a Thawed state with keyboard and
/BOOTTHAWEDNOINPUT mouse disabled; only works on Frozen computers
Deep Freeze Enterprise User Guide
98
| Deep Freeze Command Line Control
Syntax Description
DFC get /LICENSESTATUS Displays the status of the license and the expiry date of
the license (if any). The different possible types of
license and the associated return codes are:
111: Unlicensed — Deep Freeze is not licensed and will
operate in Evaluation mode for 30 days since
installation.
112: Evaluation — licensed for evaluation with a fixed
expiry date.
113: Licensed — licensed with no expiry date.
114: Expired — The Evaluation period has expired.
DFC get /LICENSETYPE Displays the status of the license and the expiry date of
the license (if any). The different possible types of
license and the associated return codes are:
111: None (Unlicensed) — Deep Freeze is not licensed
and will operate in Evaluation mode for 30 days since
installation.
112: Evaluation — licensed for evaluation with a fixed
expiry date.
113: Standard (Licensed) — licensed with no expiry
date.
114: Not for Resale — Licensed with no expiry date.
DFC password Changes the License Key.
/LICENSE=licensekey
password is the Deep Freeze Administrator password.
licensekey is the License Key for Deep Freeze.
If there is an error, the following error codes are
displayed:
101: The License Key is not valid
102: The License Key provided has already expired.
Deep Freeze Enterprise User Guide
| 99
Appendix A Ports and Protocols
The key to setting up the Deep Freeze architecture is knowing which ports to use. The important
factor is knowing which ports are in use on the network and using ports that will not conflict with
those. The default port, 7725 has been officially registered to Deep Freeze.
The following three components make up the Deep Freeze architecture:
• Client (with seed installed)
• Remote Console (local service enabled)
• Console (connects to the Remote Console)
As long as the clients and Remote Console connection use the same port there should not be any
port conflicts between the different components:
Ports can also be used to divide the clients. If the local service is setup to run three ports (7725,
7724 and 7723), Enterprise Consoles can connect to the three different ports to see a different set
of clients under each port.
In the diagram above, the client(s) use both the TCP and UDP protocols to communicate with the
Remote Console. The Console(s) that connects to the Remote Console uses only the TCP protocol
to communicate with the Remote Console. It is important to remember the ports and protocols
being used in order to prevent firewalls, switches or routers from blocking them.
Deep Freeze Enterprise User Guide
|
100 Appendix A Ports and Protocols
Deep Freeze Enterprise User Guide
| 101
Appendix B Network Examples
The following examples show different scenarios involving local service or Remote Console.
• Example 1 - Single Subnet
• Example 2 - Multiple Subnets One local service
• Example 3 - Multiple Ports, Console Accessed Remotely
• Example 4 - Multiple Subnets Multiple local services
Each example explains how different Deep Freeze components interact in different networking
environments.
In the following examples, the client machines have either the Deep Freeze
workstation installation or Workstation Seed installed. Both installs contain the
communications component which talks to the Console/Remote Console. The
difference between the workstation install and Workstation Seed is that the
workstation install actually installs Deep Freeze while the Seed has only the
communication component.
Deep Freeze Enterprise User Guide
|
102 Appendix B Network Examples
Example 1 - Single Subnet
In this environment, all client machines are contained in the same subnet as the Console
machine. This environment does not require a remote controlled Console, although one could be
used. In this example, the Remote Console is not used. This is the simplest networking
environment. It is also the easiest to configure.
The following diagram shows the network topology:
The client machines, represented by the computer icons, are located on the same subnet as the
Deep Freeze Enterprise Console machine represented by the Deep Freeze Console icon.
In this scenario, clients are using port A while the Console has set up a local service connection for
the same port. This port is configured in the Advanced Options tab, before creating the
Workstation Install file or Workstation Seed.
Deep Freeze Enterprise User Guide
Example 2 - Multiple Subnets One local service
| 103
Example 2 - Multiple Subnets One local service
In this environment, the clients are located across more than one subnet. There is still only one
Console being used. This environment does not require a Remote Console, although one could be
used. The following diagram shows the network topology:
In this scenario (similar to Example 1 - Single Subnet) both the clients and the connection hosted
by the Console are using the same port. This port is configured in the Deep Freeze Configuration
Administrator in the Advanced Options tab, before creating the Workstation Install file or
Workstation Seed.
In order for the clients to be seen, they need to be configured to use a LAN/WAN connection.
When the LAN/WAN option is selected, a Console IP field appears. Specify the IP of the machine
that will run the Enterprise Console. An example of these settings are shown in the Advanced
Options tab below:
Deep Freeze Enterprise User Guide
|
104 Appendix B Network Examples
Example 3 - Multiple Ports, Console Accessed Remotely
In this environment the clients are again located across multiple ports. In this case, more than
one Console is being used. Multiple Consoles are accessed using a local service whose
administrator (host) has released the connection information. The following diagram shows the
network topology:
In this scenario, the host has set up a connection using the local service. Looking at the above
diagram, three other Consoles connect to the host in order to see the clients according to their
ports. The Consoles do not have to be a part of individual subnets as long as they can see the host.
More specifically, The Console connected through port A/B can see the host Console as well as
each individual computer assigned to ports A and B. The other Consoles connected through port B
can see the host and only the computers assigned to port B.
Deep Freeze Enterprise User Guide
Example 4 - Multiple Subnets Multiple local services
| 105
Example 4 - Multiple Subnets Multiple local services
In this example, there are two separate locations.
The following is a list of assumptions that are made regarding this particular example:
• the locations are spread apart and have only a minimal connection to each other
• there is a network administrator at each location who is responsible for looking after Deep
Freeze at that location
• both locations need to be administered from a third location
In this example, the Remote Consoles are set up at each location and a local service is used:
• Location 1 (a computer lab on campus) uses port A to communicate with the clients and the
connections hosted by the Console. The school library’s computers use port B. The Console in
the technical support department uses the connections hosted by both lab and library
Consoles.
• Any console not directly communicating with a computer should have the local service turned
off.
The following diagram shows the network topology:
The benefit of this setup is that it allows all the packets sent from the clients in Location 1 to be
contained at that location. The less distance a packet must travel, the less chance there is of the
packet failing.
The administrator in the lab can connect to the local service in the same location 1 but cannot
connect to the local service in the library. The reason for this is that the lab administrator does not
know the password to access the local service for the library. The same goes for the administrator
in the library. If technical support knows the password to both local services (lab and library) the
local service at both locations can be connected to, in order to administer all the clients.
Deep Freeze Enterprise User Guide
|
106 Appendix B Network Examples
Deep Freeze Enterprise User Guide
| 107
Appendix C Troubleshooting a Remote Console Connection
No Clients In the Console
The following are some common reasons why clients fail to appear in the Console.
1. The Console and clients do not contain the correct network settings.
If the Console is set up to run under one port and the clients are using another, they will not be
able to see each other. Also, if the computers are configured for LAN/WAN, the IP must be equal
to the IP of the machine where the Console is running.
The default LAN setup works as long as all the machines running the computer and Console exist
on the same subnet. However, if a VLAN is being run, or if there are several subnets where the
clients exist, the computer install must be configured to run under the LAN/WAN settings.
2. Something on the network is blocking the port used between the Console and the
clients.
Check for a connection using a ping. The clients are unable to send packets to the Console/Remote
Console because there does not seem to be a route to the host. Attempting to ping the IP of the
Console/Remote Console does not seem to work. To resolve this issue, make sure the two
machines can connect to each other.
If a server, router, or switch on the network is not allowing the port to get through, the clients will
not be seen. By default, 7725 is the port being used.
3. The workstations were created under a different Customization Code than the Console.
When the Deep Freeze Configuration Administrator is first run, a prompt for a Customization
Code appears. This code is very important as it encrypts the software. This means that any
workstations created are encrypted with this Customization Code. If a Console was created using
another administrator that was installed with a different Customization Code, it cannot see
workstations created under the original code. The workstations and Console must be created
under a Configuration Administrator installed using the same exact Customization Code.
Deep Freeze Enterprise User Guide
|
108 Appendix C Troubleshooting a Remote Console Connection
Port is in Use Error When Starting the Console
When attempting to start the Console, the error message Unable to start Console: Port is in use
appears. There are several reasons why this error message may be appearing:
1. There is a Deep Freeze Workstation Installation/Workstation Seed installed under the
same port as the Console or on the same computer.
It is possible that Deep Freeze was installed is in stealth mode (the icon does not appear in the
system tray). The seed does not show an icon. The best test is to run a Workstation Install file on
the computer. If the uninstall option is displayed, the Workstation Install file or Workstation Seed
is installed and can be uninstalled. If the uninstall option does not appear, the Workstation Install
file or Workstation Seed is not installed.
The simplest solution would be to first turn off the local service and then connect to a Console that
can be accessed remotely.
2. Another program or service is using the port on this machine.
This may involve running a port sniffer on the machine in question to see what ports are open.
There are several tools available on the web to perform this action. The netstat.exe application
found in Windows also should show whether the port Deep Freeze is using is already in use.
3. The network cable is unplugged.
This message can occur if there is no network connection on the machine.
Deep Freeze Enterprise User Guide
| 109
Appendix D Creating a Customized Deep Freeze Enterprise
Console
The Deep Freeze Enterprise Console includes the ability to create a new Enterprise Console with
limited capabilities. A customized, limited console can be distributed in your organization to allow
certain users to perform desired tasks, while ensuring they do not have access to the full
capabilities of the Enterprise Console.
In this example, we will create a limited Console suitable for distribution to a teacher or computer
lab instructor. In this scenario, we want the teacher to be able to restart machines, lock the
keyboard and mouse on demand, and send messages to the students. However, we do not want the
teacher to be able to boot the machines into a Thawed state, uninstall Deep Freeze, or perform
other IT-exclusive tasks.
The Console Customizer can be launched from Tools > Console Customizer.
We will leave Console functions > Activation selected. This will ensure that if the new Console is
moved to a different computer, a One Time Password will need to be entered on the computer the
new Console is moved to. If this security precaution is not a concern in your environment, do not
select this option.
Console functions > One Time Password is not selected because we do not want a teacher to be
able to reboot the computer in Thawed mode under any circumstances. If a teacher reboots the
computer in Thawed mode, students might install unnecessary software on the computer which
will be retained even after a reboot.
We will leave all options under Workstation commands selected because we want a teacher to be
able to send messages to students, and to shutdown, restart, and wake computers as required.
Deep Freeze Enterprise User Guide
|
110 Appendix D Creating a Customized Deep Freeze Enterprise Console
We will only leave three options under Deep Freeze commands selected: Unlock, Lock, and
Reboot in Frozen state. This will allow a teacher to lock (and unlock) the keyboard and mouse on
student computers as required, as well as to reboot computers Frozen (just in case a computer is
ever accidentally left Thawed by IT staff). Leaving all other options cleared will ensure a teacher is
unable to permanently modify a computer.
Finally, we will clear all Workstation install/uninstall commands and all Scheduler commands
because we don’t want our teacher to use any of these options.
Once all options have been selected, click Save As to save a new Enterprise Console. A standard
Save As dialog is displayed:
Deep Freeze Enterprise User Guide
Creating a Customized Deep Freeze Enterprise Console
| 111
Save the new limited Enterprise Console and distribute it to the required users.
Deep Freeze Enterprise User Guide
|
112 Appendix D Creating a Customized Deep Freeze Enterprise Console
Deep Freeze Enterprise User Guide
| 113
Appendix E Deep Freeze Action Files - RDC Example
Deep Freeze Action Files
A Deep Freeze Action File is an XML file that allows administrators to define additional
functionality into the Deep Freeze Enterprise Console. An Action File defines a method for calling
an external batch file and passing some information (for example, machine IP addresses,
computer names) to the batch file or script.
Action Files simply call an external program or script. Therefore, any scripting language that can
be called from the command line can be used.
Action File Example
The structure of the Deep Freeze Action file that we will be using is shown below. The
DFEntConsoleCustomActions.xml is available at C:\Program Files\Faronics\Deep Freeze 7
Enterprise. The file can be edited to add additional actions like the one explained below:
<?xml version="1.0" encoding="UTF-8"?>
<!--Deep Freeze Default Custom Action file-->
<CUSTOMDEFINEDACTIONS>
<ACTION1>
<CAPTION>
<ENGLISH>Control with RDC</ENGLISH>
<GERMAN>Control with RDC German</GERMAN>
<JAPANESE>Control with RDC Japanese</JAPANESE>
<SPANISH>Control with RDC Spanish</SPANISH>
<FRENCH>Control with RDC French</FRENCH>
<CHINESE>Control with RDC Chinese</CHINESE>
</CAPTION>
<FILEMENU>Y</FILEMENU>
<POPUPMENU>Y</POPUPMENU>
<SILENT>Y</SILENT>
<SUBITEMS/>
<PARAMS/>
<SYNC/>
<LOG/>
<EXECUTE>C:\Windows\system32\mstsc.exe /v:%%WKSNAME%% /f</EXECUTE>
<WORKDIR>C:\Windows\system32\</WORKDIR>
In the above example, the custom action file contains the command for running Remote Desktop
on the Console computer and connect the remote computer specified in the parameter
%%WKSNAME%%.
The DFEntConsoleCustomActions.xml file contains 3 samples:
• Control with RDC
• Remote Execution
• Push and Install MSI file
For more information on using the above samples, refer to the Configure Custom Actions section.
You can edit the The DFEntConsoleCustomActions.xml file as per your needs.
Deep Freeze Enterprise User Guide
|
114 Appendix E Deep Freeze Action Files - RDC Example
Deep Freeze Action File Structure
The following XML schema outlines the custom defined actions available to the user. Multiple
XML files can be saved based on the number of commands required. Each file must be saved to
the Console folder and the read only attribute must not be selected.
Any changes made must be accompanied by a restart of the Deep Freeze Console in order to take
effect.
Parameter Usage
<?xml version=”1.0” encoding=”UTF-8”?>
<CUSTOMDEFINEDACTIONS>
<CAPTION> Text that appears in file menu or submenu
<ENGLISH>Caption</ENGLISH> Text in various languages
<GERMAN>Caption</GERMAN> Text in various languages
<JAPANESE>Caption</JAPANESE> Text in various languages
<SPANISH>Caption</SPANISH> Text in various languages
<FRENCH>Caption</FRENCH> Text in various languages
<CHINESE>Caption</CHINESE> Text in various languages
<FILEMENU>y</FILEMENU> Defines if this action will be in file menu
<POPUPMENU>y</POPUPMENU> Defines if this action will be in right-click popup menu
<SILENT>y</SILENT> Defines if user will be asked a confirmation message
<SUBITEMS> In sub-items, the item that is a child to this item can be
defined
</SUBITEMS> If the sub-items are defined then action for this items
will be ignored
<SYNC>y</SYNC> Specifies if command will be executed synchronously or
asynchronously
<PARAMS> Choosing this action prompts user to enter custom
parameters
<PASSWORD> Name on parameter
<VAR>%PARAM1%</VAR> Name of variable which will be used in EXECUTE
<ENGLISH>USERNAME Param Text in various languages
(ENGLISH)</ENGLISH>
Deep Freeze Enterprise User Guide
Deep Freeze Action Files - RDC Example
| 115
Parameter Usage
<GERMAN>USERNAME Param Text in various languages
(GERMAN)</GERMAN>
<JAPANESE>USERNAME Param Text in various languages
(JAPANESE)</JAPANESE>
<SPANISH>USERNAME Param Text in various languages
(SPANISH)</SPANISH>
<FRENCH>USERNAME Param Text in various languages
(FRENCH)</FRENCH>
<CHINESE>USERNAME Param Text in various languages
(CHINESE)</CHINESE>
</CAPTION>
</USERNAME>
</PARAMS>
<LOG> Defines behavior of the log file
<APPEND>y</APPEND> Defines if log file will be appended or created new
<FILENAME>c:\a1com Defines filename
mand.log</FILENAME>
<EXECUTE>c:\windows\vpn.exe Defines command which will be executed. Here,
%%IP%% %USERNAME% %PASSWORD% parameters and/or console items can be used
%%WKSNAME%%</EXECUTE>
<WORKDIR>c:\windows</WORKDIR> Defines working directory
Deep Freeze Enterprise User Guide
|
116 Appendix E Deep Freeze Action Files - RDC Example
Console Parameters
The following console parameters can be passed to the executed application or script through the
Enterprise Console:
Parameter Usage
%%WKSNAME%% Workstation name
%%DOMAIN%% Workstation domain
%%IP%% Workstation IP
%%PORT%% Workstation port
%%STATUS%% Workstation status
%%CFGDATETIME%% Workstation configuration date/time
%%MAC%% Workstation MAC address
%%DFVERSION%% Workstation Deep Freeze version
Deep Freeze Enterprise User Guide
You might also like
- FTS BIOSmanualD3543D3544 122018 1213996No ratings yetFTS BIOSmanualD3543D3544 122018 121399666 pages
- The Ultimate PC Speed Up Guide - Turbo WindowsNo ratings yetThe Ultimate PC Speed Up Guide - Turbo Windows174 pages
- Acer AspireOne D150 Jasper Service ManualNo ratings yetAcer AspireOne D150 Jasper Service Manual230 pages
- All-Products Esuprt Ser Stor Net Esuprt Force10 Force10-S4820 Reference Guide2 En-UsNo ratings yetAll-Products Esuprt Ser Stor Net Esuprt Force10 Force10-S4820 Reference Guide2 En-Us1,114 pages
- BIOS Manual For System Boards With Intel® 7 Series / C216 ChipsetNo ratings yetBIOS Manual For System Boards With Intel® 7 Series / C216 Chipset70 pages
- Force10-S25p - Reference Guide - En-Us PDFNo ratings yetForce10-S25p - Reference Guide - En-Us PDF1,262 pages
- Dell Precision™ Workstation T3400 User's Guide: Model DCTANo ratings yetDell Precision™ Workstation T3400 User's Guide: Model DCTA290 pages
- Service Reference Guide: HP Compaq Business Desktop dc7100 Series 3rd EditionNo ratings yetService Reference Guide: HP Compaq Business Desktop dc7100 Series 3rd Edition290 pages
- Quick Reference Guide: Microsoft Windows Xpe-Based Thin Clients - T5710 & T5720No ratings yetQuick Reference Guide: Microsoft Windows Xpe-Based Thin Clients - T5710 & T572072 pages
- ED-UCCP-201401A-Packaged Water Cool PDFNo ratings yetED-UCCP-201401A-Packaged Water Cool PDF38 pages
- 1.1 How-To-Use-This-Competency-Based-Learning-MaterialNo ratings yet1.1 How-To-Use-This-Competency-Based-Learning-Material2 pages
- Vertiv It Channel Product Catalog Uk - 190502 CT en Emea Mka4l0uk It Channel Rev5 032023 Web - 193589 - 6No ratings yetVertiv It Channel Product Catalog Uk - 190502 CT en Emea Mka4l0uk It Channel Rev5 032023 Web - 193589 - 671 pages
- Batangas State University Graduate SchoolNo ratings yetBatangas State University Graduate School9 pages
- Declaration of Conformity: According To European Directive EMC 2014/30/EUNo ratings yetDeclaration of Conformity: According To European Directive EMC 2014/30/EU1 page
- The Impact of Digital Marketing Management On Customers Buying BehaviorNo ratings yetThe Impact of Digital Marketing Management On Customers Buying Behavior22 pages
- What Is Galvanic Cell Give Half Cell Reaction of Daniell Cell and ExNo ratings yetWhat Is Galvanic Cell Give Half Cell Reaction of Daniell Cell and Ex1 page
- Playdor School Bus Schedule - 15 April 2024 To 26 July 2024-1No ratings yetPlaydor School Bus Schedule - 15 April 2024 To 26 July 2024-11 page
- Adjeivos Comparativos y Superativos Teoria y PracticaNo ratings yetAdjeivos Comparativos y Superativos Teoria y Practica4 pages
- The Linux Terminal for Advanced Users - The Command Line Made Easy: First EditionFrom EverandThe Linux Terminal for Advanced Users - The Command Line Made Easy: First EditionNo ratings yet
- Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language ModelsFrom EverandSecuring ChatGPT: Best Practices for Protecting Sensitive Data in AI Language ModelsNo ratings yet
