3<B3@>@7A3

3<B3@>@7A3

/0A=:CB3AgabS[7\bSU`Wbg

This page intentionally left blank

3<B3@>@7A3

Security Notice
Deep Freeze does not protect against booting from a floppy drive or CD-ROM drive. The CMOS
should be configured to prevent booting from the floppy drive or CD-ROM drive (i.e. set to boot to the
hard drive) and the CMOS must be password protected. This is a normal precaution for most public
access computers. The Windows Registry, the computer CMOS and the boot sector are protected by
Deep Freeze from within Windows.
Technical Support
Every effort has been made to design this software for ease of use and to be problem free. If problems
are encountered, contact Technical Support:
Email:

support@[Link]

Phone:

800-943-6422 or 604-637-3333

Hours:

7:00am to 5:00pm (Pacific Time)

Contact Information
Web:

[Link]

Email:

sales@[Link]

Phone:

800-943-6422 or 604-637-3333

Fax:

800-943-6488 or 604-637-8188

Hours:

7:00am to 5:00pm (Pacific Time)

Address:

Faronics Technologies USA Inc.

Suite 170 2411 Old Crow Canyon Road
San Ramon, CA 94583
USA

Faronics Corporation
620 - 609 Granville St.
Vancouver, BC V7Y 1G5
Canada

About Faronics
Faronics delivers market-leading solutions that help manage, simplify, and secure complex IT
environments. Our products ensure 100% workstation availability, and have dramatically impacted the
day-to-day lives of thousands of information technology professionals. Fueled by a customer-centric
focus, Faronics technology innovations benefit educational institutions, healthcare facilities, libraries,
government organizations and corporations.
Last modified: June, 2007

1999 - 2007 Faronics Corporation. All rights reserved. Faronics, Deep Freeze, Deep Freeze Mac, Faronics Anti-Executable, Faronics
Device Filter Mac, Faronics Power Save, Faronics Power Save Mac, Faronics Insight, Faronics System Profiler, User Refresh Mac
and WINSelect are trademarks and/or registered trademarks of Faronics Corporation. All other company and product names are
trademarks of their respective owners.

This page intentionally left blank

3<B3@>@7A3

Contents
Deep Freeze Overview........................................................................................................................................7
About Deep Freeze..........................................................................................................................................................7
System Requirements......................................................................................................................................................7
Deep Freeze Enterprise Files..........................................................................................................................................7
Deep Freeze Configuration Administrator........................................................................................................8
Installing the Configuration Administrator.................................................................................................................8
Initializing with the Customization Code....................................................................................................................9
Re-Initializing the Customization Code.......................................................................................................................9
Update Mode..................................................................................................................................................................10
Using the Configuration Administrator..........................................................................................................11
Welcome Tab.....................................................................................................................................................11
Toolbar..............................................................................................................................................................11
Configuration Tab.............................................................................................................................................13
Passwords........................................................................................................................................................................13
Drives..............................................................................................................................................................................14
ThawSpace......................................................................................................................................................................15
Maintenance...................................................................................................................................................................17
Advanced Maintenance................................................................................................................................................19
Windows Update...........................................................................................................................................................19
Batch File........................................................................................................................................................................19
Miscellaneous.................................................................................................................................................................20
Network .........................................................................................................................................................................20
Advanced Options.........................................................................................................................................................21
One Time Passwords Tab.............................................................................................................................................22
Creating Workstation Install Program and Workstation Seed................................................................................23
Uninstalling the Configuration Administrator.........................................................................................................24
Deep Freeze Enterprise Console......................................................................................................................25
Launching the Enterprise Console..............................................................................................................................25
Activating the Enterprise Console..............................................................................................................................25
Using the Enterprise Console......................................................................................................................................26
Managing Communication Between the Console and Workstations....................................................................27
Configuring the local service.......................................................................................................................................27
Enabling the local service.............................................................................................................................................27
Disabling the local service............................................................................................................................................27
Adding a local service Connection.............................................................................................................................28
Editing or Removing a local service Connection......................................................................................................28
Remote Consoles...............................................................................................................................................29
Managing Deep Freeze with the Console...................................................................................................................30
Dynamically Updating a Deep Freeze Configuration File.......................................................................................34
Scheduling Deep Freeze Tasks.....................................................................................................................................36
Managing Network and Groups..................................................................................................................................40
Importing Groups from Active Directory..................................................................................................................41
Adding Workstations to a User Defined Group...............................................................................................42
Deep Freeze Console Shutdown.......................................................................................................................43
Installing Deep Freeze......................................................................................................................................44
Attended Install or Uninstall........................................................................................................................................44
Uninstalling Deep Freeze.............................................................................................................................................45
Silent Install or Uninstall..............................................................................................................................................46
Silent Install or Uninstall Using a Shortcut................................................................................................................46
Network Install on Multiple Workstations.................................................................................................................47
Installing Over Existing Deep Freeze Versions.........................................................................................................47
Installing Using Imaging..............................................................................................................................................47

3<B3@>@7A3

Target Install...................................................................................................................................................................47
Managing Deep Freeze Workstations...............................................................................................................48
Workstation Logon........................................................................................................................................................48
Boot Control...................................................................................................................................................................48
Network .........................................................................................................................................................................49
Clone...............................................................................................................................................................................49
One Time Passwords.....................................................................................................................................................49
ThawSpace......................................................................................................................................................................50
Permanent Software Installations, Changes, or Removals.......................................................................................50
Deep Freeze Command Line Control ([Link])...........................................................................................51
DFC Return Values........................................................................................................................................................51
Batch File Example........................................................................................................................................................53
Ports and Protocols Explained.........................................................................................................................54
Appendix A - Network Examples.....................................................................................................................55
Example 1 - Single Subnet............................................................................................................................................56
Example 2 - Multiple Subnets One local service.......................................................................................................57
Example 3 - Multiple Ports, Console Accessed Remotely........................................................................................58
Example 4 - Multiple Subnets Multiple local services..............................................................................................59
Appendix B - Troubleshooting a Remote Console Connection......................................................................60
No Clients In the Console............................................................................................................................................60
Port is in Use Error When Starting the Console.......................................................................................................61

3<B3@>@7A3

Deep Freeze Overview

About Deep Freeze
Deep Freeze enables administrators to protect a workstations operating system and software without
restricting user access. With every system restart, Deep Freeze resets the computer to its original
protected state right down to the last byte. Computing environments are easier to manage, expensive
computer assets are kept running at 100% capacity, and workstations enjoy full immunity from software
misconfigurations, viruses, malware, and spyware. Deep Freeze can be easily deployed and maintained
across an enterprise using a central Console. Technology coordinators now have the power to protect
hundreds or thousands of computers across a LAN, WAN, or over the Internet, an invaluable feature
for administrators of several remote sites.
Deep Freeze also features scheduled Maintenance Periods which allow updates and patches to be
pushed out to workstations during times that best suit your organization. Since Deep Freezes rebootto-restore concept does not slow computers down or increase bootup times, it triumphs over imagebased restoration technologies, which require both administrative initiation and system downtime in
order to repair a system. Globally deployed in 50 countries, Deep Freeze provides bulletproof protection
to over six million computers worldwide.
System Requirements
The Deep Freeze Configuration Administrator and the Enterprise Console support Windows 2000/XP/
Vista (32 and 64 bit editions) along with 2000 and 2003 Server to function properly. Deep Freeze enabled
workstations support Windows 95/98/Me/2000/XP/Vista (32 and 64 bit editions) and 10% free hard drive
space. The hardware requirements are the same as the recommended requirements for the host operating
system.
Deep Freeze Enterprise Files
Deep Freeze uses different colored icons to represent the functions of its components.
Files identified by a red icon should generally only be installed on an administrator computer, while
yellow icons should generally only be installed on workstations:
Deep Freeze Enterprise Configuration Administrator installation file
The Configuration Administrator application is used to create customized, preconfigured workstation installation program files, Workstation Seeds, the Enterprise
Console, and generate One Time Passwords
The Enterprise Console application is used to centrally deploy, monitor, manage, and
maintain Deep Freeze installations
A customized Deep Freeze workstation installation file is created in the Configuration
Administrator and deployed to workstations within the enterprise
Optional: A Workstation Seed is used to Target Install Deep Freeze from the Enterprise
Console; this Seed can be freely imaged (using third party imaging software) with no
license restrictions to enable rapid deployment

3<B3@>@7A3

Deep Freeze Configuration Administrator

The Configuration Administrator is intended to be installed only on the computer used to administrate
Deep Freeze. The Configuration Administrator is used to create a customized Deep Freeze installation
file pre-configured with passwords, schedules, Workstation Seeds, and the Enterprise Console. It is
also able to generate One Time Passwords.
Once the Deep Freeze Configuration Administrator has been installed the Deep Freeze Enterprise
Console installs automatically.
Installing the Configuration Administrator
Complete the following steps to install the Configuration Administrator:
1. Insert the CD-ROM from the media package into the CD-ROM drive.
2. Select Install Deep Freeze Enterprise Administrator in the window that appears on the
desktop.
If Deep Freeze has been downloaded via the Internet, double-click the file [Link] to
begin the installation process.
The following screen appears:

3. Follow the steps presented. Read and accept the license agreement.
4. Click Install and the Configuration Administrator is installed on the computer.

3<B3@>@7A3

Initializing with the Customization Code

Immediately after the installation is complete, the Deep Freeze 6 Enterprise Customization screen
appears.

The administrator is required to enter a Customization Code to initialize the Configuration

Administrator. The code must be at least eight characters long and may consist of any combination of
alpha-numeric characters.
This code is not a password that can be used to access Deep Freeze. It is a unique identifier that encrypts
the Configuration Administrator, the Enterprise Console, the workstation installation files, the One
Time Password Generation System, and Deep Freeze Command Line Control.
The Customization Code ensures that no other administrators can access or control a workstation.
Multiple Deep Freeze administrators controlling the same group of workstations should use a matching
Customization Code.
After entering a Customization Code, the following dialog appears:

The Customization Code must be recorded and guarded with care. Faronics is unable to
recover a lost or forgotten Customization Code!
Re-Initializing the Customization Code
If another administrator wants to create installation files with the same Configuration Administrator
using a different Customization Code, the [Link] program should be run. This resets the existing
Customization Code for the Configuration Administrator. Enter a new Customization Code. Click OK
for the new Customization Code to become active.

3<B3@>@7A3

Update Mode
Update Mode is an advanced feature of Deep Freeze Enterprise that requires an understanding of
command line scripting.
The update command requires the administrator not change any of the default Deep
Freeze directories or file locations.
Update Mode can be used to automatically create updated versions of existing files of Deep Freeze
Enterprise by executing a special update command. This command completes two tasks:
1. Updates previous versions of the Deep Freeze Enterprise Console and the Deep Freeze
Configuration Administrator. (Found in Faronics > Deep Freeze 6 Enterprise.)
2 Updates any user created files stored in the Faronics > Deep Freeze 6 Enterprise > Install
Programs folder.
The benefit of these updates is that a large amount of workstation installation files can receive
customized updates to the configuration files created from an older version of the Deep
Freeze Configuration Administrator.
The command automatically updates files created by an administrator (.exe, .rdx) that are present
in the Faronics > Deep Freeze 6 Enterprise > Install Programs directory, including the following subdirectories:
Workstation install files
Workstation Seed files
In the example below, the district office has received a new version of Deep Freeze Configuration
Administrator and can automatically update any existing Deep Freeze Workstation Install files and
Installation Seeds at a remote location.
Workstation Install
File

District Office

Remote
Location

Faronics > Deep

Freeze 6 Enterprise
> Install Programs

Workstation Seed

The update command does not require a password, but does require a Customization Code. Use the
following command syntax:
\PathToFile\[Link] /update=Customization Code c:\[Link]

10

must be replaced with the actual path to the installation file ([Link])
[Link] must be the actual name of the installation file (it may differ if it was
downloaded)
Customization Code must be in quotes if there is a space in it
Customization Code must match the old installation files Customization Code
PathToFile

3<B3@>@7A3

The log file provides full details of exactly which files were updated.
The update process may take a few minutes to complete.
Update Mode does not update the existing version of Deep Freeze on workstations.
Workstations must be updated using the Enterprise Console.

Using the Configuration Administrator

Open the Configuration Administrator by selecting the following path from the Start menu:
Start > All Programs > Faronics > Deep Freeze 6 Enterprise > Deep Freeze 6 Administrator
The Configuration Administrator is used to create a customized Deep Freeze installation program preconfigured with passwords, schedules, and other options.
There are three main tabs for accessing the various options available: Welcome, Configuration, and One
Time Passwords.

Welcome Tab
The Welcome tab provides contact information for Faronics, including a link to the company and
Technical Support Web sites.

Toolbar
The Toolbar is available at the top of every tab in the Configuration Administrator.
The buttons allow users to make a New configuration file (.rdx), to Open a saved configuration file, and
to Save or Save As a configuration file. Users can also access the Help files from this toolbar.
The Create button allows users to create a Workstation Install Program and a Workstation Seed. (.exe)
containing settings specified in the Configuration tab.
Selecting New opens the Configuration Administrator with default configuration settings. Changes
made but not saved prior to selecting New will be lost.

11

3<B3@>@7A3

File Menu
The File Menu contains the same options as those available on the Toolbar, with the additions of the
option to choose from the available languages and Password Protection.
Password Protection
Password Protection offers an optional layer of security for the administrator.
To password protect access to the Configuration Administrator, complete the following steps:
1.
2.
3.
4.

12

Open the File menu and select Password Protection.

Check the Protect with password box.
Enter and confirm the password.
Click OK to set the password or Cancel to exit the dialog without setting a password.

3<B3@>@7A3

Configuration Tab
The Configuration tab has six sub-tabs that are used to configure various options. After all the desired
configuration options have been selected, a customized workstation installation program file is ready
to be created. This program file can then be used to install a pre-configured version of Deep Freeze on
workstations.
Passwords
Deep Freeze Enterprise allows the administrator to choose up to 15 passwords, in addition to the One
Time Password Generation System.

To create a password, complete the following steps:

1.

Check Enable on the appropriate line.

2.

From the Type drop-down list, choose the preferred kind of password. The following options
are available:
Workstation: designated for use at a workstation.
Command Line: for use with Command Line Controls; the Command Line Control tool
([Link]) does not function unless at least one Command Line password is defined.

3.
4.
5.

LANDesk: designated for use through the LANDesk Management Suite Console.
Optional: For Workstation passwords, check the User Change checkbox to allow a user to
change the password at the workstation.
Enter the password.
To set a password to become active and expire on specified dates, check the Timeout checkbox
and use the drop-down calendars to specify an Activation date and Expiration date.
Deep Freeze can use both One Time Passwords (OTPs) and fixed passwords. The OTP
feature is always available and cannot be disabled. (For more information on OTPs
refer to the One Time Password section of the documentation.) The fixed workstation
passwords, defined in the Passwords tab, are optional.

13

3<B3@>@7A3

Drives
The Drives tab is used to select which drives are to be Frozen (protected by Deep Freeze) or Thawed
(unprotected), and to create a ThawSpacea virtual partition on a Frozen drive where data can be
saved permanently.

Frozen Drives

By default, all drives are Frozen. To put a drive in a Thawed state, clear the checkbox of the preferred
drive.
In the example above, the C: drive is checked, but not the D: drive. This results in all workstations with
only a C: drive being Frozen. Workstations with a D: partition or drive have a Frozen C: drive and a
Thawed D: partition or drive.
While only local drives (partitions or physical drives) can be Frozen, all drive letters are shown because
the pre-configured installation file may be installed on many workstations with various hardware and
software setups.
Thaw External Hard Drives

By default, external hard drives are Thawed. To put the external drives in a Frozen state, clear the
checkboxes.
If the USB and/or IEEE 1394 (FireWire) external hard drives check boxes are cleared, the drive is
Frozen or Thawed according to the letter each drive mounts to in the Frozen Drives section.
Therefore, if the USB hard drive checkbox is cleared but it mounts to letter F which happens to be
checked in the Frozen Drives section, then that drive will be Frozen.
Network drives and removable media drives (floppy, memory keys, CD-RW, etc.) are
not affected by Deep Freeze and therefore cannot be Frozen.

14

3<B3@>@7A3

ThawSpace
ThawSpace is a virtual partition on a workstation that can be used to store programs, save files, or
make permanent changes. All files stored in the ThawSpace are retained after a restart, even if the
workstation is Frozen.
To create a ThawSpace using the Configuration Administrator, complete the following steps.
1. In the ThawSpace pane, check Create.
2. The ThawSpace Drive option is used to select the drive letter assigned to the ThawSpace.
The default letter is T:, but it can be changed to any available letter. The next available letter is
used if the selected drive letter already exists on a workstation when Deep Freeze is installed.
3. The Size option reflects the size of the ThawSpace; the default size is 1 GB and the minimum
size is 16MB.
Workstations running Windows 95/98/Me can host a maximum ThawSpace of 2GB.
Workstations running Windows 2000/XP/Vista can host a maximum ThawSpace of 1 TB
when using the NTFS file system or 4GB when using the FAT32 file system. If the workstation
does not have enough free space to accommodate the selected ThawSpace size, the size of the
ThawSpace is adjusted downward to ensure proper operation of the workstation.
4. Workstations running Windows 95/98/Me must use the FAT16 file system for a ThawSpace.
Workstations running Windows 2000/XP/Vista use the NTFS file system by default, but this
can be changed to FAT32 by selecting the radio button.
Retain existing Thawspace is checked by default to prevent Thawspaces created during previous
installations from being deleted.
A dialog is always displayed asking if the ThawSpace should be retained or deleted
during an Attended Uninstall, regardless of whether Retain Existing ThawSpace
has been checked. This option is not displayed if the uninstall is performed through
the Console.

15

3<B3@>@7A3

Restart/Shutdown
The Restart/Shutdown tab is used to schedule restarts or shutdowns.

Restart/Shutdown Schedule

To create a Restart/Shutdown schedule, complete the following steps:

1. In the Restart/Shutdown Schedule pane, check the days of the week the schedule will occur.
Each day has its own drop down menu for action (restart or shutdown) and Time
Optional: Check Set One Change All so all changes made apply to all schedules.
2. Choose Restart or Shutdown from the Restart/Shutdown drop-down list.
3. Enter the time the restart or shutdown is scheduled to happen in the Time field.
Idle Restart/Shutdown Schedule

In the Idle Restart/Shutdown Schedule pane, check Enable to configure a shutdown or restart after a
specified period of inactivity. Choose Restart or Shutdown from the drop-down list, and indicate the
number of minutes of inactivity that must pass before the workstation restarts or shuts down.
NOTE: Idle time is defined as no mouse or keyboard activity.
Notification

If the specified idle time passes, a dialog box appears on the workstation indicating that the workstation
is about to restart or shutdown.
Enter the number of minutes this dialog will remain on the screen for in the Warn user for: field
(one minute by default). When the dialog is displayed, the user has the option to cancel the restart or
shutdown by using the keyboard or mouse.
Restart on Logoff

To have the workstation restart when a user logs off, check this option.
Only one Restart/Shutdown per day can be scheduled from this menu; if the workstation
needs to be automatically restarted on a more frequent basis, the Idle Restart/Shutdown
should be used, and/or the workstation shutdown task can be used. (For more information
on scheduling refer to the Deep Freeze tasks section of the documentation).

16

3<B3@>@7A3

Maintenance
The Maintenance tab is used to schedule a time when Deep Freeze is Thawed and when upgrades, new
installations, maintenance, or any other permanent changes can be made.

To create and configure a Maintenance Schedule, complete the following steps:

1.

Check the box beside each day of the week when the Scheduled Maintenance will happen.
Optional: Check Set One Change All to apply certain changes made for one day of the week
to all other days.

2.
3.

Enter the time to start the Scheduled Maintenance period and to restart the workstation into
the Thawed state in the Start Time field.
Optional: Check Disable Keys to prevent the keyboard and mouse from functioning on the
workstation during the Maintenance Period. If this option has been checked, the workstation
displays the following dialog during the Maintenance Period:

17

3<B3@>@7A3

4.

From the Run drop-down list, choose an action to occur during the Maintenance Period.
Choose Batch file to allow workstations to run a Batch file automatically during the
Maintenance Period. A custom Batch file can be entered on the Advanced Maintenance tab.

5.

6.

Choose the Windows Updates to allow workstations to automatically install critical updates
for Windows 2000/XP/Vista during the Maintenance Period via the Internet or an SUS/
WSUS server. The choice to use an SUS/WSUS server and specify the servers IP address is
configured on the Advanced Maintenance tab.
Enter the time to complete the Scheduled Maintenance period and to restart the workstation
into the Frozen state in the Stop Time field.
If the Stop Time precedes the Start Time, the Stop Time is assumed to be during the next
day.
Optional: check the Shutdown box to shut the workstation down at the conclusion of the
Maintenance Period instead of restarting it. If Shutdown is checked, the workstation is Frozen
the next time it is started.
The Run Windows Updates feature does not actually perform updates, but makes the
call to have the normal update method take place during the Maintenance Period.
If the computer is off at the start of the Maintenance Period, the maintenance will not
occur.
The computer will not automatically turn on for the Maintenance Period unless a
Wake-on-LAN call is scheduled in the Console. ( For more information on performing
maintenance refer to the Deep Freeze tasks section of the documentation.)

18

3<B3@>@7A3

Advanced Maintenance
The Advanced Maintenance tab is used to specify SUS or WSUS server and batch file options for a
Scheduled Maintenance period.

Windows Update
To use an SUS (Microsoft Software Update Services) Server or a WSUS (Windows Software Update
Services) Server for Windows critical updates, check the preferred option and enter the IP address.
If Use SUS/WSUS Server is unchecked, Windows critical updates are downloaded via the internet for
each workstation individually.
Microsoft SUS client and SUS server can be downloaded at: [Link]
Batch File
Enter a custom batch file to run during the Maintenance Period on days specified on the Maintenance
tab. The same Batch file applies to all days that Run Bat File has been checked. The following options
are available when running custom Batch files:
To clear the current batch file, click New
To load an existing file, click Open and browse to the location of the file
To save the contents of the field, click Save and browse to the preferred save location
The batch file can be any command or series of commands that the command processor can run. Users
can run custom scripts that require the use of a third-party scripting engine by calling the script from
the batch file as if it was being run from the command line.
Run batch file with the Microsoft Network

From the drop-down menu, choose to run a batch file via the Microsoft Network.
By default, customized batch files execute using the local System account. If the updates to be deployed
are located on file servers that require authentication, check Specified User Account and enter the
account Login ID, Password, and Domain to access the file servers. This applies to Windows 2000/XP/
Vista only.
Run batch file with the Novell Network

To run a batch file with the Novell Network, select it from the drop down menu and provide entries for
Login ID, Password, Tree, Context and Server.

19

3<B3@>@7A3

Miscellaneous
The Miscellaneous tab is used to configure the network settings used by the workstations to communicate
with the Console, and configures various security options.

Network
Communication between the Deep Freeze Enterprise Console and workstations with Deep Freeze
installed can use two different modes: LAN Mode or LAN/WAN Mode.
LAN: Check the LAN radio button to configure Deep Freeze to communicate within a Local Area
Network (LAN).
LAN mode is a self-configuring mode that requires only a port number; the default port is 7725. The
port number can be changed if it is in conflict with other programs on the LAN. In LAN mode, the
Deep Freeze workstations and the Enterprise Console find each other through UDP broadcasts. These
broadcasts only occur when workstations or the Enterprise Console are started, ensuring that there is
little network traffic associated with workstation and Console communication.
LAN/WAN: Check the LAN/WAN radio button to configure Deep Freeze to communicate in both a
LAN and a WAN (wide area network).
LAN/WAN can be used in either a LAN or WAN environment and over the Internet. This mode uses
an IP address or the computer name, along with a port number, to allow communication between the
Console and the managed workstations.
The following two methods are available to identify the Console:
specify the Console IP, which must be static
specify the Console Name, in which case the IP can be dynamic
When the Enterprise Console is behind a firewall or a NAT (network address translation) router,
the firewall or router must be configured to allow traffic to pass through to the Enterprise Console.
Depending on the firewall or router, workstations may need to be configured with the IP address of the
firewall so that traffic can be forwarded.
These settings can be changed on local workstations using the Network tab. If these settings are changed,
those changes will also need to be applied at the Console.
20

3<B3@>@7A3

For more information on configuring and using Deep Freeze in a specific network environment, refer
to Appendix ANetwork Examples or contact Technical Support.
If a port number other than the default of 7725 (registered to Deep Freeze) is used, care
should be taken to ensure that there are no conflicts with applications already running
on the network. Well-known ports (01023) should be avoided and any Registered
Ports (102449151) should be checked for conflicts before deployment.
A complete listing of the ports assigned to various applications can be found on the
Internet Assigned Numbers Authority web site at [Link]
port-numbers.
Advanced Options
Win 9x
Prevent break outs from [Link]: Check this option if the Windows 9x workstations
are using the [Link] file to execute programs before Windows starts; this prevents users
from aborting the execution of the [Link] file and gaining access to the system in an
unprotected state
Use Hard reboot when Thawed: Check this option to force workstations to perform an immediate
restart when leaving the Thawed state; this option should be selected if the workstations
experience problems shutting down when leaving the Scheduled Maintenance period.
Local Policies
Enable Deep Freeze local policies: For enhanced security, Deep Freeze removes the following
local privileges: debugging programs, modifying firmware, and changing the system time;
uncheck this option to use existing privileges.
Allow user to change the clock: Check this option to allow Frozen users to adjust the system
clock.
Disable Command Line options: This option is checked by default. Unchecking this option
allows for further customization of the Deep Freeze installation program when using the Silent
Install System; checking this option prevents the pre-existing configuration choices from being
changed during installation.
Stealth Mode
Show Frozen icon in system tray: Check this option to display the
Deep Freeze is installed and the workstation is Frozen.

icon to indicate that

Show Thawed icon in system tray: Check this option to display the
Deep Freeze is installed but the workstation is Thawed.

icon to indicate that

If the options to show a Deep Freeze icon in the System Tray are unchecked, the keyboard
shortcut CTRL+ALT+SHIFT+F6 must be used to access the logon dialog.
Control Windows Updates: This option is checked by default. This option allows Deep Freeze
to override any Group Policy settings pertaining to Windows Updates.

21

3<B3@>@7A3

One Time Passwords Tab

The One Time Passwords tab is used to generate temporary passwords for Deep Freeze that expire at
midnight on the day they were generated.
A One Time Password (OTP) can be useful if, for example, a Deep Freeze password is forgotten or if
a configuration file was created without any passwords defined. An OTP can also be used to provide
access to a workstation for an individual performing maintenance duties without requiring that
individual to know the permanent Deep Freeze password.

To create an OTP, complete the following steps:

1.

Select either Password valid for one use only or Password valid for multiple uses.
All OTPs expire at midnight on the day they were created, regardless of type.

2.

Enter the OTP Token from the workstation that requires the OTP into the Token field.
The OTP Token for the workstation is located in the logon dialog, as shown below.

OTP token

3.

Click Generate.
The OTP Generator is also available in the Deep Freeze Enterprise Console in the
Tools menu. Also note that the Deep Freeze Command Line interface does not
support the use of One Time Passwords.

22

3<B3@>@7A3

Creating Workstation Install Program and Workstation Seed

To create customized Deep Freeze installation program files with all of the options that were configured
in the Configuration tab, click the Create button in the Configuration Administrator toolbar and select
Create Workstation Install Program.
This file can then be used to install Deep Freeze on workstations using:

Attended Install (install based on user input)

Silent Install system (install that does not inform user of progress or provide messages
during)
Target Install (install program created by Deep Freeze for deployment on workstations)

For a target install, the Workstation Seed is included in this file; it is not necessary to install the
Workstation Seed if the Full Workstation Installation program is going to be installed. The default file
name for this program is [Link].
To create a Workstation Seed, click the Create button in the Configuration Administrator toolbar and
select Create Workstation Seed. The Workstation Seed is a small program that allows administrators to
remotely install and control workstations from the Enterprise Console. The Workstation Seed can be
installed as part of a master image and then deployed via imaging software. All workstations on the
LAN with the Workstation Seed installed are displayed in the Enterprise Console. The file name for
this program is [Link].
All files are saved to the Install Programs folder within the Deep Freeze 6 Enterprise folder by default.
Alternate locations can be chosen and the file name can be changed if desired. It is recommended that
a naming convention is used if the administrator is creating multiple customized installation files.

23

3<B3@>@7A3

Uninstalling the Configuration Administrator

Complete the following steps to uninstall the Configuration Administrator:
1.

Open the Add/Remove Programs utility in the Windows Control Panel by selecting the
following path from the Start menu:
Start > Control Panel > Add or Remove Programs

2.

Select Deep Freeze Administrator - Enterprise and click the Change/Remove button.

3.

Follow the steps presented and the Configuration Administrator will be uninstalled from
the computer.
Uninstalling the Configuration Administrator from the Add or Remove Programs
applet on the Console machine also removes the Consoles local service as well as
the local service configuration including user defined groups and scheduled tasks.

24

3<B3@>@7A3

Deep Freeze Enterprise Console

The Deep Freeze Enterprise Console displays the status of all Frozen, Thawed, and Target workstations
on the network and allows the administrator to perform specific tasks on those workstations. Detailed
status information is available with selective or group reporting.
The Enterprise Console allows administrators to remotely perform the following tasks:
Immediately Target Install workstations
Selectively Freeze, Thaw, or Thaw Locked one or more workstations

Lock or Unlock selected workstations

Dynamically update Restart/Shutdown, Maintenance, and Advanced Maintenance settings
Restart or shutdown workstations

Stop scheduled maintenance

Power on workstations equipped with a Wake-on-LAN network card
Update Deep Freeze software
Schedule tasks directly from the Console
Send messages to workstations
Import groups and containers from Active Directory

Generate One Time Passwords

The Console can only wake a workstation from a powered-down state if the workstation
is properly configured to power on when a Wake-on-LAN packet is received.
Launching the Enterprise Console
The Enterprise Console is created when the Deep Freeze Configuration Administrator is installed.
Open the Console by selecting the following path from the Start menu:
Start > All Programs > Faronics > Deep Freeze 6 Enterprise > Deep Freeze 6 Console
Activating the Enterprise Console
As a security feature of Deep Freeze Enterprise the OTP feature prevents unauthorized Deep Freeze
Enterprise Console use. When the [Link] file is copied to a new workstation, the Console
must be activated. When it is run for the first time on the new workstation, a dialog displays with an
OTP Token.

The network administrator enters this token in the Configuration Administrators OTP Generation
System. An OTP is generated. Enter it in the dialog and the Console will run.
The Enterprise Console runs on Windows 2000/XP/Vista, and 2000 and 2003 Server.
The computer on which the Enterprise Console is installed must not have an installation
of the Workstation Seed ( using the same port) or a full Deep Freeze installation.

25

3<B3@>@7A3

Using the Enterprise Console

Launch the Enterprise Console by browsing to:
Start > All Programs > Faronics > Deep Freeze 6 Enterprise > Deep Freeze 6 Console

Status Icons
The Enterprise Console displays the status of the workstations on the local area network with the
following icons beside or above the workstation name, depending on the view selected:
Workstations that have the Deep Freeze Workstation Seed installed but do not have
Deep Freeze installed; Deep Freeze can only be remotely installed on workstations
with this icon
Workstations with Deep Freeze installed in a Frozen state
Workstations with Deep Freeze installed in a Thawed state
Workstations with Deep Freeze installed in a Thawed Locked state
Workstations that are currently powered down
Workstations that are currently in maintenance mode
Workstations whose communication with the Console has been interrupted
Workstations that have been locked
26

3<B3@>@7A3

Managing Communication Between the Console and

Workstations
There are two types of connections from Console to workstation and Console to Console.
1. Local connections - connections that can only be accessed by the Console who hosts those
connections
2. Remote control enabled connections - connections that can be accessed by the Console who
hosts as well as other Consoles connected remotely
A workstation can lose communication with the Console for any of the following reasons:

The workstation is powered off manually or is shut down without warning

The network is experiencing heavy traffic or outages
The workstations network settings are changed to indicate a new Console

In most cases, communication with the workstation is re-established when the workstation is powered
on or when the conditions causing the communications breakdown are rectified. It may take several
minutes for the workstation to report back to the Console and re-establish communication. If
communication cannot be re-established, contact Technical Support for troubleshooting steps.

Configuring the local service

The local service is a service that sets up and maintains connections to workstations.
Enabling the local service
By default the local service will be installed and enabled when the Console is first run. To enable
the local service again if it has been disabled (and/or uninistalled) Select Tools followed by Network
Configuration.

Select the Enable local service check box to enable it.

Disabling the local service
De-selecting the checkbox and clicking OK displays the option to either disable the local service or
uninstall the local service.

27

3<B3@>@7A3

Adding a local service Connection

To add local service connection select Tools followed by Network Configuration.
To add a connection select Add and specify the port number (7725 in this case). To enable the
Console to be controlled remotely specify a password.
After selecting Add a connection that serves port 7725 will be created in the connections list of the
local service as well as the in the network pane of the Console.

Editing or Removing a local service Connection

Once a local service connection has been added to it can be edited or removed through the Network
Configuration option found in the Tools Menu.
To edit a local service connection perform the following steps:
1.
2.

First, ensure the Enable local service option is checked.

Select a port from the local service connections list and click edit.
The edit dialog allows for the port to be controlled remotely and password protected.

To remove a port from the local service highlight the port and click Remove.
This does not delete the entry from the network pane in the Console, it simply removes it
from the Local service connections list
To remove the entry form the network pane in the Console, select it and click the remove icon
located in the sidebar.

28

3<B3@>@7A3

Remote Consoles
A Remote Console is a Console that hosts one or more connections that allow other Consoles to connect through. Existing connections must be edited to allow them to be accessed remotely.
Setting up Remote Control Enabled Connections
To allow a connection to be accessed remotely perform the following steps:
1.
2.
3.
4.
5.

Open the Tools menu, followed by Network Configurations.

Ensure the Enable local service option is checked..
Select a port from the list and click edit.
Ensure Allow Remote Control is checked.
Specify a password, this information is necessary to connect to the connection remotely.

Connecting to a Remote Console

Once a Remote Console has been established by the hosting Console it can be accessed by other
Consoles from a different machine.
Select the connect to Remote Console icon in the side bar
or by right-clicking on the network item. Upon selection the Connect to Remote Console dialog appears:

In the Connect to Remote Console dialog, specify the connection details such as Remote Console
Name, Remote Console IP, port number and password. This information is provided by the administrator of the host Console. Once entered, this information can be retrieved by right-clicking a port in
the Network and Groups Pane and selecting Properties.
If the connection to a Remote Console has been severed, it can be reconnected by
clicking the Reconnect to Remote Console icon in the sidebar
or by right-clicking
on an entry in the Network and Groups pane.

29

3<B3@>@7A3

View Options
The Enterprise Console has three view options: Icons, Details, and List. Use the View menu to select
a preferred appearance.
The View menu can also be used to view the log for selected workstations or to remove the selected
workstation(s) from History.

The View menu can also be used to view the log for selected workstations or to remove the selected
workstation(s) from History.
If no workstations are selected, Clear History is available.
Managing Deep Freeze with the Console
The Enterprise Console contains a toolbar at the top of the screen that allows quick access to the
functions of the Console.

These commands can also be accessed using the contextual menu, as shown below, that appears by
right-clicking on a specific workstation.

30

3<B3@>@7A3

When a particular action is chosen, the selected workstation performs the action and the status icons
update accordingly.
Specific icons are disabled if the selected workstation does not support that action. For example, a
workstation that has a Target Icon, will not show the option to be Thawed or Frozen, because the
program has not been installed yet.
Updating Deep Freeze Software
To update Deep Freeze workstations with a new version of Deep Freeze, complete the following steps:
1.
2.
3.

In the Configuration Administrator of the new version of Deep Freeze, create a blank
workstation installation file.
In the Console, select the workstations to be updated; these workstations can be in either a
Frozen or Thawed state.
Right-click, and select Update Deep Freeze from the contextual menu.
Alternatively, click the

4.
5.

icon in the Console toolbar.

A standard Open file window appears. Select the blank workstation file and click Open.
The selected workstations update to the new version of Deep Freeze software, but retain all
settings from the current version.
This feature works only on workstations with Deep Freeze 6.0 and higher currently
installed.

Sending Text Messages to Workstations

To send a text message to one or more workstations, complete the following steps:
1.
2.

Select the preferred computer(s) to send a message to.

Right-click, and select Send text message from the contextual menu.
Alternatively, click the

3.
4.

icon in the Console toolbar.

Type the message in the dialog that appears and click Send.
A dialog appears asking for confirmation to send the message to the selected workstations.
Click OK to send or Cancel to close the dialog without sending the message.

31

3<B3@>@7A3

Target Installing Deep Freeze

Complete the following steps to remotely install a Full Workstation Installation on any workstation
that has the Workstation Seed installed.
1. Right-click on one or multiple workstations and select Install.
2. A dialog box appears, asking if the installation should proceed.
Click OK.
A dialog box appears to select the file to be installed on the remote workstation.
3. Select the installation file to use and click Open.
4. The workstation installs Deep Freeze and restarts.
5. Once the installation is complete, the Enterprise Console reflects the change in the workstations
status, and shows it as Frozen.

32

3<B3@>@7A3

Updating a Deep Freeze Configuration File

Complete the following steps to update the configuration on one or many workstation(s) with the
settings of an existing .rdx file. (An .rdx file is a file containing the conditions specified in the Deep
Freeze Configuration Administrator)
1.

Right-click on the workstation(s) and select Update Configuration, as shown below.

2.

A message appears asking for an existing .rdx file to be located.

3.

Click OK.

4.

A standard Open File dialog appears to select an .rdx file.

Locate a file and click Open to update the configuration on the selected workstation(s) with
the settings in the .rdx file.
Click Cancel to cancel the configuration update.
If the Network options in the new configuration have changed, the workstation(s) may
lose communication with the existing Enterprise Console. If communication with the
workstations is lost, check the Network settings on the updated workstations to ensure
that the port numbers and/or IP address of the Console have not been changed.
Changes to passwords take effect immediately. All other changes take effect after each
workstation is restarted.
ThawSpace and/or Frozen Drives cannot be changed through updating the
configuration file.

33

3<B3@>@7A3

Dynamically Updating a Deep Freeze Configuration File

Complete the following steps to dynamically update the configuration on a single or multiple
workstations.

2.

Right-click on the workstation(s) and select Update Maintenance from the contextual menu.
Or, select the desired workstation(s) and click the Update Maintenance icon in the toolbar.
A menu bar with six buttons appears at the bottom of the Workstations window.

3.

Choose one of the following options:

1.

Click New to create a new sub-configuration set.

Click Import to import the settings from an existing Deep Freeze Configuration file (.rdx) or
Deep Freeze Workstation Installation File (.exe) into the sub-configuration window.
In either case, a Configuration Screen, similar to the Configuration Administrator, appears
containing a sub-configuration set of Restart/Shutdown, Maintenance, and Advanced
Maintenance.

4. The three tabs on the Configuration Screen can be used to update the configuration on remote
workstations.
For further information about the options on each tab, refer to the sections in the
Configuration Administrator documentation for Restart/Shutdown, Maintenance, and
Advanced Maintenance.
After the preferred configuration settings have been chosen, close the Configuration Screen.
The following message appears:

5. Click OK.
6. In the Workstations window, select the desired workstation(s) to be dynamically updated with
the new configuration settings.
34

3<B3@>@7A3

7. Click Send on the menu bar to send the new configuration settings to the selected
workstation(s).
After sending the new configuration settings to the selected workstations, the following
options are available:
Click Save As to save the current settings of the Configuration Screen to a file. A standard Save
File dialog displays where a location and file name can be specified.
Click Edit at any time to re-open the Configuration Screen with the current settings intact.
Click Close to clear the contents of the Configuration Screen and exit out of the dynamic
configuration mode.
When updating the configuration on the workstation, the Restart/Shutdown,
Maintenance, and Advanced Maintenance options are updated with the new settings.
On Windows 9x machines only, all changes take effect after the workstation is
restarted.

35

3<B3@>@7A3

Scheduling Deep Freeze Tasks

To schedule a Deep Freeze task in the Enterprise Console using the Scheduled Task Wizard, complete
the following steps:
1. Open the Scheduled Task Wizard in one of the following ways:

click Scheduler in the Network and Groups pane and click the Add Task icon

right-click on Scheduler in the Network and Groups pane, and choose Add Task

In either case, the following screen is displayed:

2.

36

Double click the preferred task or select the task and click Next.

3<B3@>@7A3

3.

In the following screen, enter a name for the task and choose the preferred task execution
schedule: Daily, Weekly, Monthly, or One time only.
Task names must be unique; no two tasks can have the same name.

4.

Click Next.
Depending on the choice of task execution, the time and date configuration options that
follow will vary:
NOTE: The default start time for a task is five minutes from the current time.

5.

Enter the preferred time and date for the task execution.
NOTE: If the task is set to execute on a One time only basis, and the starting date is in the
past, the task will not execute. If the task is set to execute on a Daily, Weekly or Monthly
basis, and the starting date is in the past, the task will execute, but will start on the same day
on the following week or month.
Click Next.

37

3<B3@>@7A3

6.

The final screen of the wizard is a summary of the task that has just been created.
Click Finish to complete the task schedule.

Assigning Workstations to Scheduled Tasks

After a task has been scheduled, it appears under the Scheduler in the Network and Groups section of
the Console.

To assign workstations to a task, select the preferred computers from the Workstations pane in the
Console and drag them onto the preferred task.
To see which computers are assigned to a specific task, click on the task. The assigned computers
appear in the Workstations pane.

38

3<B3@>@7A3

To delete a workstation from a task, click on the workstation and press Delete.
Executing a Task Immediately
To execute a task immediately, right-click the task and select Execute Task.

Deleting a Task
To delete a task, click on the task and press Delete.
Scheduled Task Properties
To see the properties of a task, right-click the task name and select View Properties.
The following screen displays:

The properties of a task cannot be changed after it has been created. Only the workstations that will
execute the task can be changed by adding or deleting workstations.
Scheduled tasks will still execute even if the Enterprise Console is closed provided
the local service is enabled and the network connections are not shutdown upon
exiting the Console.

39

3<B3@>@7A3

Managing Network and Groups

The Enterprise Console automatically arranges workstations by their workgroup or domain. Click on
the appropriate workgroup or domain to view the workstations in that workgroup or domain.
The Enterprise Console can be used to define specific groups in order to arrange workstations.
Adding a New Group
To add a new group, complete the following steps:
1. In the Network and Groups pane, right-click on User Defined Groups and choose Add User
Defined Group.
The following dialog appears.

2. Enter the name of the group to be added and click Add.

The group appears under User Defined Groups in the Network and Groups pane.
Building a User Defined Group Structure
After a group has been added, one or more sub-groups can be added below it, and further sub-groups
can be added indefinitely as a way to differentiate between environments, as in the example shown
below:

40

3<B3@>@7A3

Importing Groups from Active Directory

If the group structure has already been designed within Active Directory, that structure can be imported
directly into the Console.
To do this, open the Tools menu and choose Import user defined groups from Active Directory, or click
the icon located in the sidebar.

The following dialog appears, select either the Microsoft tab or the Novell tab.
Enter the LDAP server information of the import location. The option to login anonymously is also
available. If this box is not checked a login ID and password are required.

Select Connect. The Active Directory hierarchy appears, select the desired entries and click Import.

41

3<B3@>@7A3

Adding Workstations to a User Defined Group

Workstations can be added to a group by dragging them from the Workstations pane to the preferred
group, or by using an automatic filter set during the creation of the groups.
Automatic group filtering allows workstations to be added to user defined groups automatically. The
workstations are added based on their workstation name.
Wildcards (*, ?) can be used to add workstations based on a specific segment of the name.
Example: Lab1-* adds all workstations with names starting with Lab1- .
Sorting Groups Alphabetically
To sort the User Defined Groups alphabetically, right-click on User Defined Groups and choose Sort
Groups Alphabetically.
Importing or Exporting Groups to File
To import groups from a file or export groups to a file, choose the preferred option from the Tools
menu.
Viewing the Console Log File
The Enterprise Console keeps a log of the status and activity history of all connected workstations.
The log stores information for the previous 48 hours. Information older than 48 hours is automatically
deleted from the log.
To view the log file for one or many workstations, right-click on the workstation(s) and select Show Log
for Selected Workstations.
To sort the log file, click on a preferred heading.
To export the log file as a .csv file, right-click and select Export to file, as shown:

42

3<B3@>@7A3

Deep Freeze Console Shutdown

To shutdown the Deep Freeze Console select File followed by exit or click the close window button.
Upon exit, choose to:
Minimize the Console to the system tray.
This does not stop the Console and keeps the connections active. The Deep Freeze Console
icon appears in the system tray. Scheduled tasks will still execute. To reopen the Deep
Freeze Enterprise Console, right-click its icon located in the taskbar and select Restore DF6
Console.
Close Deep Freeze Console and leave the network connections running
This closes the Console but keeps the connections to the workstations active. Scheduled
tasks will still execute.
Close Deep Freeze Console and shutdown network connections.
This stops Console processes, closes the connections (including local service) and
scheduled tasks will not be completed.

Once the set default option has been checked the dialog will not appear on future exits. To edit these
settings select Tools from the menu followed by Exit Options.

43

3<B3@>@7A3

Installing Deep Freeze

After a customized installation program file has been created using the Configuration Administrator,
Deep Freeze can be deployed to workstations using an Attended Install, a Target Install, the Silent Install
System, or as part of an imaging process.
All background utilities and antivirus software should be disabled and all applications should be closed
prior to installation. These programs may interfere with the installation, which could result in Deep
Freeze not functioning correctly.
The workstation restarts after any type of installation is completed. Deep Freeze must be in a Thawed
state for any type of uninstall to succeed.
Any existing ThawSpace will be deleted during an uninstall if:
the option to retain existing ThawSpace was not checked in the Configuration
Administrator
the ThawSpace was not created with Deep Freeze Enterprise Version 5 or later
the ThawSpace is on a Windows 95/98/Me workstation
Attended Install or Uninstall
To install or uninstall Deep Freeze, complete the following steps:
1. Run the installation program file ([Link]) on the workstation.
The following screen appears.

2.

Click Install to begin the installation. Follow the steps presented, then read and accept the
license agreement. Deep Freeze installs and the workstation restarts.
Click Uninstall to uninstall Deep Freeze. Uninstall can only be clicked if Deep Freeze has
previously been installed. If there is an existing ThawSpace, Deep Freeze displays a dialog
asking if it should be retained or deleted.

44

3<B3@>@7A3

Uninstalling Deep Freeze

The Enterprise Console can be used to uninstall Deep Freeze completely or to uninstall Deep Freeze
but leave the Workstation Seed. A workstation must be in a Thawed state in order to uninstall the
program.

To uninstall Deep Freeze on a workstation and leave the Workstation Seed, right-click on the Thawed
workstation(s) and select Uninstall - Leave Seed, as shown above. Or click the
icon on the
toolbar.
To completely uninstall Deep Freeze and the Workstation Seed, select the workstation(s) to be
uninstalled and click the Uninstall icon
on the Toolbar.
The workstation must be Thawed before Deep Freeze can be uninstalled. The Enterprise
Console prompts for confirmation. Once the uninstall is confirmed, Deep Freeze
uninstalls and the workstation restarts.

45

3<B3@>@7A3

Silent Install or Uninstall

Deep Freeze can be rapidly installed to many workstations over a network using the Silent Install
System. Any deployment utility that allows execution of a command line on a remote workstation can
implement the Silent Install System. After the Silent Install is complete, the workstation immediately
restarts.
The command line has the following options:
Syntax

Description

[/Install]

Install Deep Freeze using installation file

Install only the specified Workstation Seed file
Uninstall Deep Freeze
Uninstall Deep Freeze and leave the Workstation Seed installed
Set a password during installation
Allow system clock to be changed
Freeze only drives listed (Thaw all others)
Thaw only drives listed (Freeze all others)
Exempt external USB hard disks from protection (Windows 2000/XP/
Vista only)
Exempt external FireWire hard disks from protection (Windows 2000/
XP/Vista only)

[/Install /Seed]
[/Uninstall]
[/Uninstall /Seed]
[/PW=password]
[/AllowTimeChange]
[/Freeze=C,D,...]
[/Thaw=C,D,...]
[/USB]
[/FireWire]

Example Command Line:

[Link] /Install /Freeze=C /PW=password

In the example, the Deep Freeze installation program file is named [Link]. Only the C: drive will
be Frozen. Any other drives on the workstation will be Thawed. If the workstation only has a C: drive,
the [/Freeze] switch can be omitted. A password (password) will be created. After executing the
command, Deep Freeze will install and the workstation will restart Frozen and ready to use.
The Silent Install System does not work without the [/Install] or [/Uninstall] switch.
Deep Freeze must be in a Thawed state before [/Uninstall] can be used.
To run the configuration command line options, Disable Command Line options on the
Miscellaneous tab must be cleared.
Silent Install or Uninstall Using a Shortcut
Deep Freeze can be installed directly on a workstation without having to use the installation dialog box
by completing the following steps.
1.
2.
3.
4.

Locate the Deep Freeze installation program file ([Link]) on the target workstation.
Right-click on the icon and choose Create Shortcut.
Right-click on the shortcut and choose Properties.
Edit the path of the Target field by typing /install or /uninstall at the paths end.

Example Shortcut Target:C:\Documents

and Settings\[Link] /install

Double-clicking on the new shortcut results in the immediate installation or uninstallation of Deep
Freeze, followed by a restart of the workstation.
Deep Freeze must be in a Thawed state before /uninstall can be used.
46

3<B3@>@7A3

Network Install on Multiple Workstations

The Silent Install System can also be used to install Deep Freeze on multiple workstations over a
network. If the workstations on the network use logon scripts, the scripts can be used to install Deep
Freeze on all networked workstations automatically. All workstations will restart Frozen and ready for
use after installation has completed.
Use the following command line syntaxes to create an install error report log file:

\\Server Name\Share Name\[Link] /Install >> [Link]

Installing Over Existing Deep Freeze Versions

Unless the Update Deep Freeze Software feature is used (for Deep Freeze 6.0 and higher), all existing
Deep Freeze versions must be uninstalled prior to performing any new Deep Freeze installation.
Installing Using Imaging
Deep Freeze has been designed to work with all major imaging and desktop management software. Use
either an Attended Install or the Silent Install System to install Deep Freeze on a master image.
Deep Freeze must be prepared for deployment before finalizing a master image. To prepare the master
image for deployment, restart the workstation into a Thawed state and log on to Deep Freeze using the
keyboard shortcut CTRL+SHIFT+ALT+F6. Select the Clone tab, and click Set Flag.

After imaging, the workstations require an additional restart for Deep Freeze to correctly detect the
changes in disk configuration. If the workstations are imaged in an unattended mode, steps should be
taken to ensure the workstations are restarted to allow the configuration to update.
To return to the Frozen state after imaging is complete, set Deep Freeze to Boot Thawed on next n number
of restarts (in the master image) so that after n number of restarts, the workstation is automatically
Frozen. Alternatively, use Deep Freeze Command Line Control to Freeze selected workstations.
Target Install
Deep Freeze can also be deployed using a Target Install from the Enterprise Console.

47

3<B3@>@7A3

Managing Deep Freeze Workstations

Workstation Logon
Use one of the following ways to access Deep Freeze on a workstation.
If the Deep Freeze icon is shown in the System Tray, hold down the SHIFT key and doubleclick the Deep Freeze icon
Use the keyboard shortcut CTRL+SHIFT+ALT+F6
Either method brings up the logon dialog.

Enter the administrator password and click OK to log on to Deep Freeze.

As an additional security feature, Deep Freeze prevents dictionary attacks by automatically restarting
the workstation after 10 unsuccessful login attempts.
Boot Control
The Boot Control tab is used to set the mode Deep Freeze will be in after the next restart.

Choose one of the following options:

Boot Frozen

to ensure that the workstation is Frozen the next time it is restarted

Boot Thawed on next to ensure that the workstation is Thawed each time it is restarted for
the next specified number of restarts. When that number of restarts is
exceeded, the workstation will boot Frozen.
Boot Thawed
to ensure that the workstation is Thawed each time it is restarted
Select the radio button next to the desired choice and click OK to save any changes. Clicking Apply and
Reboot will save any changes and reboot the workstation immediately.

48

3<B3@>@7A3

Network
The Network tab can be used to configure the network options on a workstation.

To choose either the LAN or the LAN/WAN method of communication, click the preferred radio
button.
When the WAN radio button is selected, a valid IP address for the Enterprise Console must be entered
in the Console IP field. The default port number can be changed by unchecking Use Default Port and
entering the desired port number.
For further information on network configuration, refer to Appendix A.
Clone
The Clone tab is used to prepare master images for the deployment process. For more information refer
to the Install Using Imaging section.
One Time Passwords
A One Time Password (OTP) can be generated using the Configuration Administrator or Enterprise
Console. The administrator requires a token from the workstation in order to generate an OTP. The
OTP Token for the workstation is located in the Deep Freeze logon dialog.

Refer to the Configuration Administrator documentation for more information about the One Time
Password Generation System. An OTP can be used one or more times after it has been generated
(depending on the options set when it was generated). All OTP passwords expire at midnight on the
day they were created.
An OTP must be used to logon to Deep Freeze if no passwords were created for the Deep Freeze
configuration file.

49

3<B3@>@7A3

ThawSpace
ThawSpace is a virtual partition on a workstation that can be used to store programs, save files, or make
permanent changes. All files stored in the ThawSpace are saved after a restart, even if the workstation
is Frozen.
ThawSpace is only available if it was set to be created in the Deep Freeze Configuration
Administrator.
Any existing ThawSpace is deleted during an uninstall if any of the following apply:
the option to retain existing ThawSpace was not checked in the Configuration
Administrator
the ThawSpace was not created with Deep Freeze Professional Version 5 or later
the ThawSpace is on a Windows 95/98/Me workstation
Permanent Software Installations, Changes, or Removals
Workstations must be Thawed for any permanent changes to take effect. Installation of software often
requires one or more restarts to complete the installation.
It is recommended that the Boot Control tab is used to allow the workstation to restart with Deep
Freeze Thawed until installations or changes are finished.

50

3<B3@>@7A3

Deep Freeze Command Line Control ([Link])

The Deep Freeze Command Line Control (DFC) offers network administrators increased flexibility
in managing Deep Freeze workstations. DFC works in combination with third-party enterprise
management tools and/or central management solutions. This combination allows administrators to
update workstations on the fly and on demand.
It is important to note that DFC is not a stand-alone application. DFC integrates seamlessly with any
solution that can run script files, including standard run-once login scripts.
DFC commands require a password with command line rights. OTPs cannot be used.
List all commands by calling DFC without parameters.
The files are copied to C:\WINDOWS\system32\[Link]
DFC Return Values
On completion of any DFC command, the DFC returns the following values:
Value

Description

SUCCESS or Boolean FALSE, for commands returning a Boolean result

Boolean TRUE
ERROR - User does not have administrator rights
ERROR - DFC command not valid on this installation
ERROR - Invalid command
ERROR - Internal error executing command

1
2
3
4
5 - *

51

3<B3@>@7A3

DFC Command Line Syntax

All Supported Operating Systems
Syntax

Description

DFC password /BOOTTHAWED

Restarts workstation in a Thawed state; only works

on Frozen workstations

DFC password /THAWNEXTBOOT

Sets workstation to restart Thawed the next time

it restarts; only works on Frozen workstations and
does not force workstation to restart

DFC password /BOOTFROZEN

Restarts workstation into a Frozen state; only

works on Thawed workstations

DFC password /FREEZENEXTBOOT

Sets up workstation to restart Frozen the next time

it restarts; only works on Thawed workstations
and does not force workstation to restart

DFC get /ISFROZEN

Queries workstation if it is Frozen. Returns 0 if

Thawed. Returns 1 if Frozen.

DFC password /CFG=[path] [Link]

Replaces Deep Freeze configuration information.

Works on Thawed or Frozen workstations.
Password changes are effective immediately. Other
changes require restart.

DFC get /version

Displays Deep Freeze version number.

Windows 2000 and Higher

DFC

password

/UPDATE=[path

installer file]

DFC password /LOCK

DFC password /UNLOCK

DFC password /THAWLOCKNEXTBOOT

DFC password /BOOTTHAWEDNOINPUT

52

to

Sets up workstation to restart in a Thawed state

and install a Deep Freeze update
Disables keyboard and mouse on workstation.
Works on Frozen or Thawed workstation and does
not require a restart.
Enables keyboard and mouse on workstation.
Works on Frozen or Thawed workstation and does
not require a restart
Sets up workstation to restart in a Thawed state
with keyboard and mouse disabled; only works on
Frozen Workstations
Restarts workstation in a Thawed state with
keyboard and mouse disabled; only works on
Frozen workstations

3<B3@>@7A3

Batch File Example

The example below shows how to check for a specific error level using a DOS Batch file:
@ECHO OFF
[Link] get /isfrozen
IF Errorlevel 5 GOTO Error5
IF Errorlevel 4 GOTO Error4
IF Errorlevel 3 GOTO Error3
IF Errorlevel 2 GOTO Error2
IF Errorlevel 1 GOTO Error1

This section checks the

Errorlevel that DFC provides to
the operating system.

IF Errorlevel 0 GOTO Error0

:Error5
Echo Errorlevel 5
Goto END
:Error4
Echo Errorlevel 4
Goto END
:Error3
Echo Errorlevel 3
Goto END
:Error2
Echo Errorlevel 2

This section contains the

actions that should be
performed for each Errorlevel.

Goto END
:Error1
Echo Errorlevel 1
Goto END
:Error0
Echo Errorlevel 0
Goto END
:END

Actions can be placed between the ECHO Errorlevel # statement and the Goto END statement for
each of the detected error levels. To use this Batch file to automatically Thaw a Frozen workstation, the
following section of the Batch file would have to change to the following:
:Error1
Echo Errorlevel 1
[Link] password /BOOTTHAWED
Echo
Goto END

53

3<B3@>@7A3

Ports and Protocols Explained

The key to setting up the Deep Freeze architecture is knowing which ports to use. The important factor
is knowing which ports are in use on the network and using ports that will not conflict with those. The
default port, 7725 has been officially registered to Deep Freeze.
The following three components make up the Deep Freeze architecture:

Client (with workstation or seed installed)

Remote Console (local service enabled)
Console (connects to the Remote Console)

As long as the clients and Remote Console connection use the same port there should not be any port
conflicts between the different components:

Client
Uses Port A

Connects
on
Port A

B1>C2>

Remote Console
Connections use
Port A

Connects
on
Port A

B1>

Console

Local Service
Enabled
Ports can also be used to divide the clients. If the local service is set up to run three ports (7725, 7724
and 7723), Consoles can connect to the three different ports to see a different set of clients under each
port.
In the diagram above, the client(s) use both the TCP and UDP protocols to communicate with the
Remote Console. The Console(s) that connects to the Remote Console uses only the TCP protocol to
communicate with the Remote Console. It is important to remember the ports and protocols being
used in order to prevent firewalls, switches or routers from blocking them.

54

3<B3@>@7A3

Appendix A - Network Examples

The following examples show different scenarios involving local service or Remote Console.

Example 1
Example 2
Example 3
Example 4

Single Subnet, One Console

Multiple Subnets, One Console
Multiple Subnets, Remote Enabled Console
Multiple Subnets, Multiple local services

Each example explains how different Deep Freeze components interact in different networking
environments.
NOTE: In the following examples, the client machines have either the Deep Freeze workstation
installation or Workstation Seed installed. Both installs contain the communications component
which talks to the Console/Remote Console. The difference between the workstation install and
Workstation Seed is that the workstation install actually installs Deep Freeze while the Seed has
only the communication component.

55

3<B3@>@7A3

Example 1 - Single Subnet

In this environment, all client machines are contained in the same subnet as the Console machine.
This environment does not require a remote controlled Console, although one could be used. In this
example, the Remote Console is not used. This is the simplest networking environment. It is also the
easiest to configure.
The following diagram shows the network topology:

Subnet 1

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

The client machines, represented by the computer icons, are located on the same subnet as the Deep
Freeze Enterprise Console machine, and are represented by the Deep Freeze Console icon. In this
scenario, clients are using port A while the Console has setup a local service connection for the same
port. This port is configured in the Deep Freeze Configuration Administrator in the Configuration tab
on the Miscellaneous sub-tab, as shown below, before creating the workstation install/seed.

56

3<B3@>@7A3

Example 2 - Multiple Subnets One local service

In this environment, the clients are located across more than one subnet. There is still only one Console
being used. This environment does not require a Remote Console, although one could be used. The
following diagram shows the network topology:

Subnet 1

Subnet 2

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

>=@B/

[Link]
In this scenario (similar to example 1) both the clients and the connection hosted by the Console are
using the same port. This port is configured in the Deep Freeze Configuration Administrator in the
Configuration tab on the Miscellaneous sub-tab, before creating the workstation install/seed.
In order for the clients to be seen, they need to be configured to use a LAN/WAN connection. When
the LAN/WAN option is selected, a Console IP entry box appears. Specify the IP of the machine that
will run the Console.
An example of these settings are shown in the Miscellaneous tab below:

57

3<B3@>@7A3

Example 3 - Multiple Ports, Console Accessed Remotely

In this environment the clients are again located across multiple ports. In this case, more than one
Console is being used. Multiple Consoles are accessed using a local service whose administrator (host)
has released the connection information. The following diagram shows the network topology:

Subnet 1

Subnet 2

>=@B/

>=@B/

>=@B/

>=@B0

>=@B0

>=@B0

>=@B/

>=@B/

>=@B/

>=@B0

>=@B0

>=@B0

Host

>=@B/0

>=@B0

>=@B/
>=@B0

>=@B0

In this scenario, the host has set up a connection using the local service. Looking at the above diagram,
three other Consoles connect to the host in order to see the clients according to their ports. The
Consoles do not have to be a part of individual subnets as long as they can see the host.
More specifically, The Console connected through port A/B can see the host Console as well as each
individual workstation assigned to ports A and B. The other Consoles connected through port B can
see the host and only the workstations assigned to port B.

58

3<B3@>@7A3

Example 4 - Multiple Subnets Multiple local services

In this example, there are two separate locations.
The following is a list of assumptions that are made regarding this particular example:

the locations are spread apart and have only a minimal connection to each other
there is a network administrator at each location who is responsible for looking after Deep
Freeze at that location
both locations need to be administered from a third location

In this example, the Remote Consoles are set up at each location and a local service is used
Location 1 (a computer lab on campus) uses port A to communicate with the clients and the connections
hosted by the Console. The school librarys computers use port B, the Console in the technical support
department uses the connections hosted by both lab and library Consoles.
Any console not directly communicating with a workstation should have the local service turned off
The following diagram shows the network topology:
:]QObW]\CaW\U>]`b/
AcP\Sb

AcP\Sb 

:]QObW]\ CaW\U>]`b0
AcP\Sb

AcP\Sb 
:]QObW]\CaW\U>]`b/
AcP\Sb

AcP\Sb 

:]QObW]\ CaW\U>]`b0
AcP\Sb

AcP\Sb 
:]QObW]\CaW\U>]`b/
AcP\Sb

>=@B1

:]QObW]\ CaW\U>]`b0

AcP\Sb 

AcP\Sb

>=@B/

AcP\Sb 

>=@B0

>=@B1

>=@B1

>=@B/

>=@B/

>=@B0

>=@B0

The benefit of this setup is that it allows all the packets sent from the clients in the lab to be contained
at that location. The less distance a packet must travel, the less chance there is of the packet failing.
The administrator in the lab can connect to the local service in the same location 1 but cannot connect
to the local service in the library. The reason for this is that the lab administrator does not know the
password to access the local service for the library. The same goes for the administrator in the library.
If technical support knows the password to both local services (lab and library) the local service at both
locations can be connected to, in order to administer all the clients.

59

3<B3@>@7A3

Appendix B - Troubleshooting a Remote Console Connection

No Clients In the Console
The following are some common reasons why clients fail to appear in the Console.
1. Windows XP/Vista clients may have the XP/Vista firewall turned on.

With SP1, the firewall must be turned off. With SP2, either the firewall must be turned off or the ports
being used must be added to the Exceptions tab. Deep Freeze requires both TCP and UDP protocols;
therefore, one exception should be added for each.
2. The Console and clients do not contain the correct network settings.

If the Console is set up to run under one port and the clients are using another, they will not be able to
see each other. Also, if the workstations are configured for LAN/WAN, the IP must be equal to the IP
of the machine where the Console is running.
The default LAN setup works as long as all the machines running the workstation and Console exist
on the same subnet. However, if a VLAN is being run, or if there are several subnets where the clients
exist, the workstation install must be configured to run under the LAN/WAN settings.
3. Something on the network is blocking the port used between the Console and the
clients.

Check for a connection using a ping. The clients are unable to send packets to the Console/Remote
Console because there does not seem to be a route to the host. Attempting to ping the IP of the Console/
Remote Console does not seem to work. To resolve this issue, make sure the two machines can connect
to each other.
If a server, router, or switch on the network is not allowing the port to get through, the clients will not
be seen. By default, 7725 is the port being used.
4. The workstations were created under a different Customization Code than the
Console.

When the Deep Freeze Configuration Administrator is first run, a prompt for a Customization Code
appears. This code is very important as it encrypts the software. This means that any workstations created
are encrypted with this Customization Code. If a Console was created using another administrator
that was installed with a different Customization Code, it cannot see workstations created under the
original code. The workstations and Console must be created under a Configuration Administrator
installed using the same exact Customization Code.

60

3<B3@>@7A3

Port is in Use Error When Starting the Console

When attempting to start the Console, the error message Unable to start Console: Port is in use appears.
There are several reasons why this error message may be appearing:
1. There is a Deep Freeze workstation or Workstation Seed installed under the same port
as the Console.

It is possible that the workstation install is in stealth mode (the icon does not appear in the system tray).
The seed does not show an icon. The best test is to run a workstation install on the machine in question.
If the uninstall option presents itself, the workstation or seed is installed and can be uninstalled. If the
uninstall option does not appear, the workstation or seed is not installed.
The simplest solution would be to first turn off the local service and then connect to a Console that can
be accessed remotely.
2. Another program or service is using the port on this machine.

This may involve running a port sniffer on the machine in question to see what ports are open. There
are several tools available on the web to perform this action. The [Link] application found in
Windows also should show whether the port Deep Freeze is using is already in use.
3. The network cable is unplugged.

This message can occur if there is no network connection on the machine.

61