Deep Freeze
[Deep Freeze] is a small application for both Windows and Mac OS X computers created by [Faronics] that reverts all changes to selected computer's hard drives back to a "frozen" image upon every reboot. This is accomplished by introducing a kernel-mode driver that intercepts all file system commands and overlays the data accessible on the hard drive with any changes made in the current session. This allows the data on the computer's hard drive to appear to change and function normally during a single session.
The administrator can create a "ThawSpace" or user changeable partition that allows for changes to the user's data such as their My Documents and Desktop while retaining security and immutability for the system drive. Proper deployment of Deep Freeze can be transparent so that the end user is never aware that all system drive changes are being reverted upon reboot.
Contents |
[edit] Deployment at Case
Deep Freeze is designed to be used with large student lab environments. It has been deployed at Case in the Freedman Center. The College of Arts and Sciences also employs Deep Freeze on a few select machines.
[edit] The Deep Freeze Icon & Configuration Menu
The Deep Freeze icon is a polar bear in the System Tray. If it has a flashing red X over it, the system is thawed and any changes to the system will be applied, otherwise the system is frozen and any changes to frozen drives will be reversed when the system is reset.
The Configuration Menu allows you to Freeze or Un-Freeze the system, change the Configuration Password, and set the Clone Flag (for use when ghosting systems).
To access the Configuration Menu either:
- Shift+Double-Click on the Deep Freeze Icon
-or-
- Press CTRL+ALT+SHIFT+F6
and enter the configuration password or use the OTP Token and the Deep Freeze Administration Console on a separate computer to generate an OTP password
[edit] Differences between Standard and Enterprise versions
Deep Freeze is available in 2 versions: Standard and Enterprise. Enterprise provides all of the features of the standard version while also allowing for custom creation of the workstation install seed file, one time use (OTP) passwords, and provides access to the Administration Console.
[edit] The Administration Console
Most notably, Deep Freeze Enterprise comes with the Enterprise Administration Console which allows the administrator to create custom install options such as automatic creation of the ThawSpace. The Enterprise version allows automatic thaws for use with Microsoft AutoUpdate and automatic restarts and shutdowns to revert the system to the normal state. The Administration Console also remotely displays all systems with Deep Freeze installed and allows for remote shutdowns, restarts, thaws and freezes. Enterprise also provides a workstation seed, which is a small file installed on a non-frozen workstation that allows it to be manipulated using the Administration Console.
[edit] Compatibility
[edit] Software
Despite the non-intrusive nature of it's protection, Deep Freeze has been known to have compatibility issues with certain other security software, mainly software that records installation procedures of other software and can revert changes made to a system by the installation process.
- Deep Freeze is known to work with Symantec Ghost and includes several features to streamline the imaging process.
- Deep Freeze is compatible with Active Directory and Case ADS.
- Deep Freeze is compatible with NTFSLink, a free Windows application allowing for the creation of Hard Links and Junction Points on an NTFS file system.
[edit] OS
The current version of Deep Freeze, 6.2, is compatible with all versions of Microsoft Windows, including Vista, and Mac OS X. A Linux version is expected to be released.
[edit] Hardware
There are no known hardware compatibility issues.
Deep Freeze has been known to increase the startup time on Windows machines slightly.
[edit] Proper Deployment
Since Deep Freeze depends on the use of a kernel-mode driver loaded at boot time, it is essential that a machine employing Deep Freeze boots from a frozen partition. If the boot process is compromised the driver loading can be circumvented and frozen partitions will be changeable.
[edit] Use with Junction Points
Allowing for changes to the users profile directory requires that the profile be stored on a non-frozen partition. The Windows default location of the profile folders can be changed using the Microsoft provided tool TweakUI. This may cause incompatibility with some applications that ignore the settings location for the profile and instead write directly to the C:\Documents and Settings\ folder. Creating a junction point at the Documents and Settings folder to the profile folder in the ThawSpace will allow these programs to operate "correctly".
[edit] Microsoft Windows AutoUpdate & Symantec LiveUpdate
Since Deep Freeze works by transparently allowing file system changes to occur and reverting at reboot, programs such as Microsoft AutoUpdate and Symantec LiveUpdate will appear to function normally while the machine is left on. Upon reboot, however, all updates downloaded and installed will be reverted. It is recommended that Microsoft AutoUpdate and Symantec LiveUpdate be disable when running Deep Freeze. This requires that the machine periodically be serviced to thaw and run updates manually. The Enterprise version of Deep Freeze can automate this with timed thaws and script execution.
[edit] Automated System Services
Automated system services such as AutoDefrag and System Restore should be disabled as well on frozen partitions as all changes made by these programs will be reverted when the system is restarted
[edit] Workarounds
Circumvention of the Deep Freeze protection is possible and has been demonstrated, however these attacks focus mainly on circumventing the password protection of the configuration menu. Direct uninstallation or circumventing of the Deep Freeze kernel-mode driver is much more difficult and may be nearly impossible on a properly secured system.