Deep Freeze Enterprise User Guide

Security Notice

Deep Freeze does not protect against booting from a floppy drive or CD-ROM drive. The CMOS should be configured to prevent booting from the floppy drive or CD-ROM drive (i.e. set to boot to the hard drive) and the CMOS must be password protected. This is a normal precaution for most public access computers. The Windows Registry, the computer CMOS and the boot sector are protected by Deep Freeze from within Windows.

Technical Support

Every effort has been made to design this software for ease of use and to be problem free. If problems are encountered, contact Technical Support:

Deep Freeze Overview

About Deep Freeze

Deep Freeze enables administrators to protect a workstation’s operating system and software without restricting user access. With every system restart, Deep Freeze resets the computer to its original protected state – right down to the last byte. Computing environments are easier to manage, expensive computer assets are kept running at 100% capacity, and workstations enjoy full immunity from software misconfigurations, viruses, malware, and spyware. Deep Freeze can be easily deployed and maintained across an enterprise using a central Console. Technology coordinators now have the power to protect hundreds or thousands of computers across a LAN, WAN, or over the Internet, an invaluable feature for administrators of several remote sites.

Deep Freeze also features scheduled Maintenance Periods which allow updates and patches to be pushed out to workstations during times that best suit your organization. Since Deep Freeze’s ‘reboot-to-restore’ concept does not slow computers down or increase bootup times, it triumphs over image-based restoration technologies, which require both administrative initiation and system downtime in order to repair a system. Globally deployed in 50 countries, Deep Freeze provides bulletproof protection to over six million computers worldwide.

System Requirements

The Deep Freeze Configuration Administrator and the Enterprise Console support Windows 2000/XP/Vista (32 and 64 bit editions) along with 2000 and 2003 Server to function properly. Deep Freeze enabled workstations support Windows 95/98/Me/2000/XP/Vista (32 and 64 bit editions) and 10% free hard drive space. The hardware requirements are the same as the recommended requirements for the host operating system.

Deep Freeze Enterprise Files

Deep Freeze uses different colored icons to represent the functions of its components.

Files identified by a red icon should generally only be installed on an administrator computer, while yellow icons should generally only be installed on workstations:

Deep Freeze Configuration Administrator

The Configuration Administrator is intended to be installed only on the computer used to administrate Deep Freeze. The Configuration Administrator is used to create a customized Deep Freeze installation file pre-configured with passwords, schedules, Workstation Seeds, and the Enterprise Console. It is also able to generate One Time Passwords.

Once the Deep Freeze Configuration Administrator has been installed the Deep Freeze Enterprise Console installs automatically.

Installing the Configuration Administrator

Complete the following steps to install the Configuration Administrator:

1. Insert the CD-ROM from the media package into the CD-ROM drive.
2. Select Install Deep Freeze Enterprise Administrator in the window that appears on the desktop.
   
   If Deep Freeze has been downloaded via the Internet, double-click the file DF6Ent.exe to begin the installation process.
   The following screen appears:
   
   
   
   
3. Follow the steps presented. Read and accept the license agreement.
4. Click Install and the Configuration Administrator is installed on the computer.

Initializing with the Customization Code

Immediately after the installation is complete, the Deep Freeze 6 Enterprise Customization screen appears.

The administrator is required to enter a Customization Code to initialize the Configuration Administrator. The code must be at least eight characters long and may consist of any combination of alpha-numeric characters.

This code is not a password that can be used to access Deep Freeze. It is a unique identifier that encrypts the Configuration Administrator, the Enterprise Console, the workstation installation files, the One Time Password Generation System, and Deep Freeze Command Line Control.

The Customization Code ensures that no other administrators can access or control a workstation. Multiple Deep Freeze administrators controlling the same group of workstations should use a matching Customization Code.

After entering a Customization Code, the following dialog appears:

The Customization Code must be recorded and guarded with care. Faronics is unable to recover a lost or forgotten Customization Code!

Re-Initializing the Customization Code

If another administrator wants to create installation files with the same Configuration Administrator using a different Customization Code, the DFInit6.exe program should be run. This resets the existing Customization Code for the Configuration Administrator. Enter a new Customization Code. Click OK for the new Customization Code to become active.

Update Mode

Update Mode is an advanced feature of Deep Freeze Enterprise that requires an understanding of command line scripting.

The update command requires the administrator not change any of the default Deep Freeze directories or file locations.

Update Mode can be used to automatically create updated versions of existing files of Deep Freeze Enterprise by executing a special update command. This command completes two tasks:

1. Updates previous versions of the Deep Freeze Enterprise Console and the Deep Freeze Configuration Administrator. (Found in Faronics > Deep Freeze 6 Enterprise.)
2. Updates any user created files stored in the Faronics > Deep Freeze 6 Enterprise > Install Programs folder.
   The benefit of these updates is that a large amount of workstation installation files can receive customized updates to the configuration files created from an older version of the Deep Freeze Configuration Administrator.
   
   The command automatically updates files created by an administrator (.exe, .rdx) that are present in the Faronics > Deep Freeze 6 Enterprise > Install Programs directory, including the following sub-directories:
   
   • Workstation install files
   • Workstation Seed files

In the example below, the district office has received a new version of Deep Freeze Configuration Administrator and can automatically update any existing Deep Freeze Workstation Install files and Installation Seeds at a remote location.

The update command does not require a password, but does require a Customization Code. Use the following command syntax:

\PathToFile\DF6ent.exe /update=”Customization Code” c:\dfupdate.log

• PathToFile must be replaced with the actual path to the installation file (DF6ent.exe)
• DF6ent.exe must be the actual name of the installation file (it may differ if it was downloaded)
• Customization Code must be in quotes if there is a space in it
• Customization Code must match the old installation files’ Customization Code

The log file provides full details of exactly which files were updated.

The update process may take a few minutes to complete.

Update Mode does not update the existing version of Deep Freeze on workstations. Workstations must be updated using the Enterprise Console.

Using the Configuration Administrator

Open the Configuration Administrator by selecting the following path from the Start menu:

Start > All Programs > Faronics > Deep Freeze 6 Enterprise > Deep Freeze 6 Administrator

The Configuration Administrator is used to create a customized Deep Freeze installation program pre-configured with passwords, schedules, and other options.

There are three main tabs for accessing the various options available: Welcome, Configuration, and One Time Passwords.

Welcome Tab

The Welcome tab provides contact information for Faronics, including a link to the company and Technical Support Web sites.

Toolbar

The Toolbar is available at the top of every tab in the Configuration Administrator.

The buttons allow users to make a New configuration file (.rdx), to Open a saved configuration file, and to Save or Save As a configuration file. Users can also access the Help files from this toolbar.

The Create button allows users to create a Workstation Install Program and a Workstation Seed. (.exe) containing settings specified in the Configuration tab.

Selecting New opens the Configuration Administrator with default configuration settings. Changes made but not saved prior to selecting New will be lost.

File Menu

The File Menu contains the same options as those available on the Toolbar, with the additions of the option to choose from the available languages and Password Protection.

Password Protection

Password Protection offers an optional layer of security for the administrator.

To password protect access to the Configuration Administrator, complete the following steps:

1. Open the File menu and select Password Protection.
2. Check the Protect with password box.
3. Enter and confirm the password.
4. Click OK to set the password or Cancel to exit the dialog without setting a password.

Configuration Tab

The Configuration tab has six sub-tabs that are used to configure various options. After all the desired configuration options have been selected, a customized workstation installation program file is ready to be created. This program file can then be used to install a pre-configured version of Deep Freeze on workstations.

Passwords

Deep Freeze Enterprise allows the administrator to choose up to 15 passwords, in addition to the One Time Password Generation System.

To create a password, complete the following steps:

1. Check Enable on the appropriate line.
2. From the Type drop-down list, choose the preferred kind of password. The following options are available:
   
   Workstation: designated for use at a workstation.
   
   Command Line: for use with Command Line Controls; the Command Line Control tool (DFC.exe) does not function unless at least one Command Line password is defined.
   
   LANDesk: designated for use through the LANDesk Management Suite Console.
3. Optional: For Workstation passwords, check the User Change checkbox to allow a user to change the password at the workstation.
4. Enter the password.
5. To set a password to become active and expire on specified dates, check the Timeout checkbox and use the drop-down calendars to specify an Activation date and Expiration date.

Deep Freeze can use both One Time Passwords (OTPs) and fixed passwords. The OTP feature is always available and cannot be disabled. (For more information on OTP’s refer to the One Time Password section of the documentation.) The fixed workstation passwords, defined in the Passwords tab, are optional.

Drives

The Drives tab is used to select which drives are to be Frozen (protected by Deep Freeze) or Thawed (unprotected), and to create a ThawSpace—a virtual partition on a Frozen drive where data can be saved permanently.

Frozen Drives

By default, all drives are Frozen. To put a drive in a Thawed state, clear the checkbox of the preferred drive.

In the example above, the C: drive is checked, but not the D: drive. This results in all workstations with only a C: drive being Frozen. Workstations with a D: partition or drive have a Frozen C: drive and a Thawed D: partition or drive.

While only local drives (partitions or physical drives) can be Frozen, all drive letters are shown because the pre-configured installation file may be installed on many workstations with various hardware and software setups.

Thaw External Hard Drives

By default, external hard drives are Thawed. To put the external drives in a Frozen state, clear the checkboxes.

If the USB and/or IEEE 1394 (FireWire) external hard drives check boxes are cleared, the drive is Frozen or Thawed according to the letter each drive mounts to in the Frozen Drives section.

Therefore, if the USB hard drive checkbox is cleared but it mounts to letter F which happens to be checked in the Frozen Drives section, then that drive will be Frozen.

Network drives and removable media drives (floppy, memory keys, CD-RW, etc.) are not affected by Deep Freeze and therefore cannot be Frozen.

ThawSpace

ThawSpace is a virtual partition on a workstation that can be used to store programs, save files, or make permanent changes. All files stored in the ThawSpace are retained after a restart, even if the workstation is Frozen.

To create a ThawSpace using the Configuration Administrator, complete the following steps.

1. In the ThawSpace pane, check Create.
2. The ThawSpace Drive option is used to select the drive letter assigned to the ThawSpace.
   
   The default letter is T:, but it can be changed to any available letter. The next available letter is used if the selected drive letter already exists on a workstation when Deep Freeze is installed.
3. The Size option reflects the size of the ThawSpace; the default size is 1 GB and the minimum size is 16MB.
   
   Workstations running Windows 95/98/Me can host a maximum ThawSpace of 2GB. Workstations running Windows 2000/XP/Vista can host a maximum ThawSpace of 1 TB when using the NTFS file system or 4GB when using the FAT32 file system. If the workstation does not have enough free space to accommodate the selected ThawSpace size, the size of the ThawSpace is adjusted downward to ensure proper operation of the workstation.
4. Workstations running Windows 95/98/Me must use the FAT16 file system for a ThawSpace.
   Workstations running Windows 2000/XP/Vista use the NTFS file system by default, but this can be changed to FAT32 by selecting the radio button.
   
   Retain existing Thawspace is checked by default to prevent Thawspaces created during previous installations from being deleted.

A dialog is always displayed asking if the ThawSpace should be retained or deleted during an Attended Uninstall, regardless of whether Retain Existing ThawSpace has been checked. This option is not displayed if the uninstall is performed through the Console.

Restart/Shutdown

The Restart/Shutdown tab is used to schedule restarts or shutdowns.

Restart/Shutdown Schedule

To create a Restart/Shutdown schedule, complete the following steps:

1. In the Restart/Shutdown Schedule pane, check the days of the week the schedule will occur. Each day has its own drop down menu for action (restart or shutdown) and Time
   Optional: Check Set One Change All so all changes made apply to all schedules.
2. Choose Restart or Shutdown from the Restart/Shutdown drop-down list.
3. Enter the time the restart or shutdown is scheduled to happen in the Time field.

Idle Restart/Shutdown Schedule

In the Idle Restart/Shutdown Schedule pane, check Enable to configure a shutdown or restart after a specified period of inactivity. Choose Restart or Shutdown from the drop-down list, and indicate the number of minutes of inactivity that must pass before the workstation restarts or shuts down.

NOTE: Idle time is defined as no mouse or keyboard activity.

Notification

If the specified idle time passes, a dialog box appears on the workstation indicating that the workstation is about to restart or shutdown.

Enter the number of minutes this dialog will remain on the screen for in the Warn user for: field (one minute by default). When the dialog is displayed, the user has the option to cancel the restart or shutdown by using the keyboard or mouse.

Restart on Logoff

To have the workstation restart when a user logs off, check this option.

Only one Restart/Shutdown per day can be scheduled from this menu; if the workstation needs to be automatically restarted on a more frequent basis, the Idle Restart/Shutdown should be used, and/or the workstation shutdown task can be used. (For more information on scheduling refer to the Deep Freeze tasks section of the documentation).

Maintenance

The Maintenance tab is used to schedule a time when Deep Freeze is Thawed and when upgrades, new installations, maintenance, or any other permanent changes can be made.

To create and configure a Maintenance Schedule, complete the following steps:

1. Check the box beside each day of the week when the Scheduled Maintenance will happen.
   
   Optional: Check Set One Change All to apply certain changes made for one day of the week to all other days.
2. Enter the time to start the Scheduled Maintenance period and to restart the workstation into the Thawed state in the Start Time field.
3. Optional: Check Disable Keys to prevent the keyboard and mouse from functioning on the workstation during the Maintenance Period. If this option has been checked, the workstation displays the following dialog during the Maintenance Period:
   
   
   
   
4. From the Run drop-down list, choose an action to occur during the Maintenance Period.
   
   Choose Batch file to allow workstations to run a Batch file automatically during the Maintenance Period. A custom Batch file can be entered on the Advanced Maintenance tab.
   
   Choose the Windows Updates to allow workstations to automatically install critical updates for Windows 2000/XP/Vista during the Maintenance Period via the Internet or an SUS/WSUS server. The choice to use an SUS/WSUS server and specify the server’s IP address is configured on the Advanced Maintenance tab.
5. Enter the time to complete the Scheduled Maintenance period and to restart the workstation into the Frozen state in the Stop Time field.
   
   If the Stop Time precedes the Start Time, the Stop Time is assumed to be during the next day.
   
6. Optional: check the Shutdown box to shut the workstation down at the conclusion of the Maintenance Period instead of restarting it. If Shutdown is checked, the workstation is Frozen the next time it is started.

The Run Windows Updates feature does not actually perform updates, but makes the call to have the normal update method take place during the Maintenance Period.

If the computer is off at the start of the Maintenance Period, the maintenance will not occur.

The computer will not automatically turn on for the Maintenance Period unless a Wake-on-LAN call is scheduled in the Console. ( For more information on performing maintenance refer to the Deep Freeze tasks section of the documentation.)

Advanced Maintenance

The Advanced Maintenance tab is used to specify SUS or WSUS server and batch file options for a Scheduled Maintenance period.

Windows Update

To use an SUS (Microsoft Software Update Services) Server or a WSUS (Windows Software Update Services) Server for Windows critical updates, check the preferred option and enter the IP address. If Use SUS/WSUS Server is unchecked, Windows critical updates are downloaded via the internet for each workstation individually.

Microsoft SUS client and SUS server can be downloaded at: http://www.microsoft.com

Batch File

Enter a custom batch file to run during the Maintenance Period on days specified on the Maintenance tab. The same Batch file applies to all days that Run Bat File has been checked. The following options are available when running custom Batch files:

• To clear the current batch file, click New
• To load an existing file, click Open and browse to the location of the file
• To save the contents of the field, click Save and browse to the preferred save location

The batch file can be any command or series of commands that the command processor can run. Users can run custom scripts that require the use of a third-party scripting engine by calling the script from the batch file as if it was being run from the command line.

Run batch file with the Microsoft Network

From the drop-down menu, choose to run a batch file via the Microsoft Network.

By default, customized batch files execute using the local System account. If the updates to be deployed are located on file servers that require authentication, check Specified User Account and enter the account Login ID, Password, and Domain to access the file servers. This applies to Windows 2000/XP/Vista only.

Run batch file with the Novell Network

To run a batch file with the Novell Network, select it from the drop down menu and provide entries for Login ID, Password, Tree, Context and Server.

Miscellaneous

The Miscellaneous tab is used to configure the network settings used by the workstations to communicate with the Console, and configures various security options.

Network

Communication between the Deep Freeze Enterprise Console and workstations with Deep Freeze installed can use two different modes: LAN Mode or LAN/WAN Mode.

LAN: Check the LAN radio button to configure Deep Freeze to communicate within a Local Area Network (LAN).

LAN mode is a self-configuring mode that requires only a port number; the default port is 7725. The port number can be changed if it is in conflict with other programs on the LAN. In LAN mode, the Deep Freeze workstations and the Enterprise Console find each other through UDP broadcasts. These broadcasts only occur when workstations or the Enterprise Console are started, ensuring that there is little network traffic associated with workstation and Console communication.

LAN/WAN: Check the LAN/WAN radio button to configure Deep Freeze to communicate in both a LAN and a WAN (wide area network).

LAN/WAN can be used in either a LAN or WAN environment and over the Internet. This mode uses an IP address or the computer name, along with a port number, to allow communication between the Console and the managed workstations.
The following two methods are available to identify the Console:

• specify the Console IP, which must be static
• specify the Console Name, in which case the IP can be dynamic

When the Enterprise Console is behind a firewall or a NAT (network address translation) router, the firewall or router must be configured to allow traffic to pass through to the Enterprise Console. Depending on the firewall or router, workstations may need to be configured with the IP address of the firewall so that traffic can be forwarded.

These settings can be changed on local workstations using the Network tab. If these settings are changed, those changes will also need to be applied at the Console.

For more information on configuring and using Deep Freeze in a specific network environment, refer to Appendix A—Network Examples or contact Technical Support.

If a port number other than the default of 7725 (registered to Deep Freeze) is used, care should be taken to ensure that there are no conflicts with applications already running on the network. Well-known ports (0–1023) should be avoided and any Registered Ports (1024–49151) should be checked for conflicts before deployment.

A complete listing of the ports assigned to various applications can be found on the Internet Assigned Numbers Authority web site at http://www.iana.org/assignments/port-numbers.

Advanced Options

• Win 9x
  
  Prevent break outs from “Autoexec.bat”: Check this option if the Windows 9x workstations are using the autoexec.bat file to execute programs before Windows starts; this prevents users from aborting the execution of the autoexec.bat file and gaining access to the system in an unprotected state
  
  Use Hard reboot when Thawed: Check this option to force workstations to perform an immediate restart when leaving the Thawed state; this option should be selected if the workstations experience problems shutting down when leaving the Scheduled Maintenance period.
• Local Policies
  
  Enable Deep Freeze local policies: For enhanced security, Deep Freeze removes the following local privileges: debugging programs, modifying firmware, and changing the system time; uncheck this option to use existing privileges.
  
  Allow user to change the clock: Check this option to allow Frozen users to adjust the system clock.
  
• Disable Command Line options: This option is checked by default. Unchecking this option allows for further customization of the Deep Freeze installation program when using the Silent Install System; checking this option prevents the pre-existing configuration choices from being changed during installation.
  
• Stealth Mode
  
  Show Frozen icon in system tray: Check this option to display the icon to indicate that Deep Freeze is installed and the workstation is Frozen.
  
  Show Thawed icon in system tray: Check this option to display the icon to indicate that Deep Freeze is installed but the workstation is Thawed.
  
  If the options to show a Deep Freeze icon in the System Tray are unchecked, the keyboard shortcut CTRL+ALT+SHIFT+F6 must be used to access the logon dialog.
  
• Control Windows Updates: This option is checked by default. This option allows Deep Freeze to override any Group Policy settings pertaining to Windows Updates.

One Time Passwords Tab

The One Time Passwords tab is used to generate temporary passwords for Deep Freeze that expire at midnight on the day they were generated.

A One Time Password (OTP) can be useful if, for example, a Deep Freeze password is forgotten or if a configuration file was created without any passwords defined. An OTP can also be used to provide access to a workstation for an individual performing maintenance duties without requiring that individual to know the permanent Deep Freeze password.

To create an OTP, complete the following steps:

1. Select either Password valid for one use only or Password valid for multiple uses.
   All OTPs expire at midnight on the day they were created, regardless of type.
   
2. Enter the OTP Token from the workstation that requires the OTP into the Token field.
   The OTP Token for the workstation is located in the logon dialog, as shown below.
   
   
   
   
3. Click Generate.

The OTP Generator is also available in the Deep Freeze Enterprise Console in the Tools menu. Also note that the Deep Freeze Command Line interface does not support the use of One Time Passwords.

Creating Workstation Install Program and Workstation Seed

To create customized Deep Freeze installation program files with all of the options that were configured in the Configuration tab, click the Create button in the Configuration Administrator toolbar and select Create Workstation Install Program.

This file can then be used to install Deep Freeze on workstations using:

• Attended Install (install based on user input)
• Silent Install system (install that does not inform user of progress or provide messages during)
• Target Install (install program created by Deep Freeze for deployment on workstations)

For a target install, the Workstation Seed is included in this file; it is not necessary to install the Workstation Seed if the Full Workstation Installation program is going to be installed. The default file name for this program is DF6Wks.exe.

To create a Workstation Seed, click the Create button in the Configuration Administrator toolbar and select Create Workstation Seed. The Workstation Seed is a small program that allows administrators to remotely install and control workstations from the Enterprise Console. The Workstation Seed can be installed as part of a master image and then deployed via imaging software. All workstations on the LAN with the Workstation Seed installed are displayed in the Enterprise Console. The file name for this program is DF6WksSeed.exe.

All files are saved to the Install Programs folder within the Deep Freeze 6 Enterprise folder by default. Alternate locations can be chosen and the file name can be changed if desired. It is recommended that a naming convention is used if the administrator is creating multiple customized installation files.

Uninstalling the Configuration Administrator

Complete the following steps to uninstall the Configuration Administrator:

1. 1. Open the Add/Remove Programs utility in the Windows Control Panel by selecting the following path from the Start menu:
   Start > Control Panel > Add or Remove Programs
   
   
   
   
2. Select Deep Freeze Administrator - Enterprise and click the Change/Remove button.
3. Follow the steps presented and the Configuration Administrator will be uninstalled from the computer.

Uninstalling the Configuration Administrator from the Add or Remove Programs applet on the Console machine also removes the Console’s local service as well as the local service configuration including user defined groups and scheduled tasks.

Deep Freeze Enterprise Console

The Deep Freeze Enterprise Console displays the status of all Frozen, Thawed, and Target workstations on the network and allows the administrator to perform specific tasks on those workstations. Detailed status information is available with selective or group reporting.

The Enterprise Console allows administrators to remotely perform the following tasks:

• Immediately Target Install workstations
• Selectively Freeze, Thaw, or Thaw Locked one or more workstations
• Lock or Unlock selected workstations
• Dynamically update Restart/Shutdown, Maintenance, and Advanced Maintenance settings
• Restart or shutdown workstations
• Stop scheduled maintenance
• Power on workstations equipped with a Wake-on-LAN network card
  
• Update Deep Freeze software
• Schedule tasks directly from the Console
  
• Send messages to workstations
  
• Import groups and containers from Active Directory
  
• Generate One Time Passwords

The Console can only wake a workstation from a powered-down state if the workstation is properly configured to power on when a Wake-on-LAN packet is received.

Launching the Enterprise Console

The Enterprise Console is created when the Deep Freeze Configuration Administrator is installed. Open the Console by selecting the following path from the Start menu:
Start > All Programs > Faronics > Deep Freeze 6 Enterprise > Deep Freeze 6 Console

Activating the Enterprise Console

As a security feature of Deep Freeze Enterprise the OTP feature prevents unauthorized Deep Freeze Enterprise Console use. When the DF6Console.exe file is copied to a new workstation, the Console must be activated. When it is run for the first time on the new workstation, a dialog displays with an OTP Token.

The network administrator enters this token in the Configuration Administrator’s OTP Generation System. An OTP is generated. Enter it in the dialog and the Console will run.

The Enterprise Console runs on Windows 2000/XP/Vista, and 2000 and 2003 Server. The computer on which the Enterprise Console is installed must not have an installation of the Workstation Seed ( using the same port) or a full Deep Freeze installation.

Using the Enterprise Console

Launch the Enterprise Console by browsing to:
Start > All Programs > Faronics > Deep Freeze 6 Enterprise > Deep Freeze 6 Console

Status Icons

The Enterprise Console displays the status of the workstations on the local area network with the following icons beside or above the workstation name, depending on the view selected:

Workstations that have the Deep Freeze Workstation Seed installed but do not have Deep Freeze installed; Deep Freeze can only be remotely installed on workstations with this icon

Managing Communication Between the Console and Workstations

There are two types of connections from Console to workstation and Console to Console.

1. Local connections - connections that can only be accessed by the Console who hosts those connections
2. Remote control enabled connections - connections that can be accessed by the Console who hosts as well as other

Consoles connected remotely

A workstation can lose communication with the Console for any of the following reasons:

• The workstation is powered off manually or is shut down without warning
• The network is experiencing heavy traffic or outages
• The workstation’s network settings are changed to indicate a new Console

In most cases, communication with the workstation is re-established when the workstation is powered on or when the conditions causing the communications breakdown are rectified. It may take several minutes for the workstation to report back to the Console and re-establish communication. If communication cannot be re-established, contact Technical Support for troubleshooting steps.

Configuring the local service

The local service is a service that sets up and maintains connections to workstations.

Enabling the local service

By default the local service will be installed and enabled when the Console is first run. To enable the local service again if it has been disabled (and/or uninistalled) Select Tools followed by Network Configuration.

Select the Enable local service check box to enable it.

Disabling the local service

De-selecting the checkbox and clicking OK displays the option to either disable the local service or uninstall the local service.

Adding a local service Connection

To add local service connection select Tools followed by Network Configuration.

To add a connection select Add and specify the port number (7725 in this case). To enable the Console to be controlled remotely specify a password.

After selecting Add a connection that serves port 7725 will be created in the connections list of the local service as well as the in the network pane of the Console.

Editing or Removing a local service Connection

Once a local service connection has been added to it can be edited or removed through the Network Configuration option found in the Tools Menu.

To edit a local service connection perform the following steps:

1. First, ensure the Enable local service option is checked.
2. Select a port from the local service connections list and click edit.
   The edit dialog allows for the port to be controlled remotely and password protected.

To remove a port from the local service highlight the port and click Remove.

This does not delete the entry from the network pane in the Console, it simply removes it from the Local service connections list

To remove the entry form the network pane in the Console, select it and click the remove icon located in the sidebar.

Remote Consoles

A Remote Console is a Console that hosts one or more connections that allow other Consoles to connect through. Existing connections must be edited to allow them to be accessed remotely.

Setting up Remote Control Enabled Connections

To allow a connection to be accessed remotely perform the following steps:

1. Open the Tools menu, followed by Network Configurations.
2. Ensure the Enable local service option is checked.
3. Select a port from the list and click edit.
   
4. Ensure Allow Remote Control is checked.
   
5. Specify a password, this information is necessary to connect to the connection remotely.

Connecting to a Remote Console

Once a Remote Console has been established by the hosting Console it can be accessed by other Consoles from a different machine.

Select the connect to Remote Console icon in the side bar or by right-clicking on the network item. Upon selection the Connect to Remote Console dialog appears:

In the Connect to Remote Console dialog, specify the connection details such as Remote Console Name, Remote Console IP, port number and password. This information is provided by the administrator of the host Console. Once entered, this information can be retrieved by right-clicking a port in the Network and Groups Pane and selecting Properties.

If the connection to a Remote Console has been severed, it can be reconnected by clicking the Reconnect to Remote Console icon in the sidebar or by right-clicking on an entry in the Network and Groups pane.

View Options

The Enterprise Console has three view options: Icons, Details, and List. Use the View menu to select a preferred appearance.

The View menu can also be used to view the log for selected workstations or to remove the selected workstation(s) from History.

The View menu can also be used to view the log for selected workstations or to remove the selected workstation(s) from History.
If no workstations are selected, Clear History is available.

Managing Deep Freeze with the Console

The Enterprise Console contains a toolbar at the top of the screen that allows quick access to the functions of the Console.

These commands can also be accessed using the contextual menu, as shown below, that appears by right-clicking on a specific workstation.

When a particular action is chosen, the selected workstation performs the action and the status icons update accordingly.

Specific icons are disabled if the selected workstation does not support that action. For example, a workstation that has a Target Icon, will not show the option to be Thawed or Frozen, because the program has not been installed yet.

Updating Deep Freeze Software

To update Deep Freeze workstations with a new version of Deep Freeze, complete the following steps:

1. In the Configuration Administrator of the new version of Deep Freeze, create a blank workstation installation file.
2. In the Console, select the workstations to be updated; these workstations can be in either a Frozen or Thawed state.
3. Right-click, and select Update Deep Freeze from the contextual menu.
   Alternatively, click the icon in the Console toolbar.
   
4. A standard Open file window appears. Select the blank workstation file and click Open.
   
5. The selected workstations update to the new version of Deep Freeze software, but retain all settings from the current version.

This feature works only on workstations with Deep Freeze 6.0 and higher currently installed.

Sending Text Messages to Workstations

To send a text message to one or more workstations, complete the following steps:

1. Select the preferred computer(s) to send a message to.
2. Right-click, and select Send text message from the contextual menu.
   Alternatively, click the icon in the Console toolbar.
   
3. Type the message in the dialog that appears and click Send.
   
4. A dialog appears asking for confirmation to send the message to the selected workstations.
   
   Click OK to send or Cancel to close the dialog without sending the message.
   

Target Installing Deep Freeze

Complete the following steps to remotely install a Full Workstation Installation on any workstation that has the Workstation Seed installed.

1. Right-click on one or multiple workstations and select Install.
   
2. A dialog box appears, asking if the installation should proceed.
   
   Click OK.
   
   A dialog box appears to select the file to be installed on the remote workstation.
   
3. Select the installation file to use and click Open.
   
4. The workstation installs Deep Freeze and restarts.
   
5. Once the installation is complete, the Enterprise Console reflects the change in the workstation’s status, and shows it as Frozen.

Updating a Deep Freeze Configuration File

Complete the following steps to update the configuration on one or many workstation(s) with the settings of an existing .rdx file. (An .rdx file is a file containing the conditions specified in the Deep Freeze Configuration Administrator)

1. Right-click on the workstation(s) and select Update Configuration, as shown below.
   
   
   
   
2. A message appears asking for an existing .rdx file to be located.
   
   
   
   
3. Click OK.
   
   A standard Open File dialog appears to select an .rdx file.
   
4. Locate a file and click Open to update the configuration on the selected workstation(s) with the settings in the .rdx file.
   Click Cancel to cancel the configuration update.

If the Network options in the new configuration have changed, the workstation(s) may lose communication with the existing Enterprise Console. If communication with the workstations is lost, check the Network settings on the updated workstations to ensure that the port numbers and/or IP address of the Console have not been changed.

Changes to passwords take effect immediately. All other changes take effect after each workstation is restarted.

ThawSpace and/or Frozen Drives cannot be changed through updating the configuration file.

Dynamically Updating a Deep Freeze Configuration File

Complete the following steps to dynamically update the configuration on a single or multiple workstations.

1. Right-click on the workstation(s) and select Update Maintenance from the contextual menu.
   Or, select the desired workstation(s) and click the Update Maintenance icon in the toolbar.
   
2. A menu bar with six buttons appears at the bottom of the Workstations window.
   
   
   
3. Choose one of the following options:
   
   Click New to create a new sub-configuration set.
   
   Click Import to import the settings from an existing Deep Freeze Configuration file (.rdx) or Deep Freeze Workstation Installation File (.exe) into the sub-configuration window.
   
   In either case, a Configuration Screen, similar to the Configuration Administrator, appears containing a sub-configuration set of Restart/Shutdown, Maintenance, and Advanced Maintenance.
   
   
   
   
4. The three tabs on the Configuration Screen can be used to update the configuration on remote workstations.
   
   For further information about the options on each tab, refer to the sections in the Configuration Administrator documentation for Restart/Shutdown, Maintenance, and Advanced Maintenance.
   
   After the preferred configuration settings have been chosen, close the Configuration Screen.
   The following message appears:
   
   
   
   
5. Click OK.
   
6. In the Workstations window, select the desired workstation(s) to be dynamically updated with the new configuration settings.
   
7. Click Send on the menu bar to send the new configuration settings to the selected workstation(s).
   
   After sending the new configuration settings to the selected workstations, the following options are available:
   
   Click Save As to save the current settings of the Configuration Screen to a file. A standard Save File dialog displays where a location and file name can be specified.
   
   Click Edit at any time to re-open the Configuration Screen with the current settings intact.
   
   Click Close to clear the contents of the Configuration Screen and exit out of the dynamic configuration mode.

When updating the configuration on the workstation, the Restart/Shutdown, Maintenance, and Advanced Maintenance options are updated with the new settings.

On Windows 9x machines only, all changes take effect after the workstation is restarted.

Scheduling Deep Freeze Tasks

To schedule a Deep Freeze task in the Enterprise Console using the Scheduled Task Wizard, complete the following steps:

1. Open the Scheduled Task Wizard in one of the following ways:
   • click Scheduler in the Network and Groups pane and click the Add Task icon
   • right-click on Scheduler in the Network and Groups pane, and choose Add Task
   
   
   
   In either case, the following screen is displayed:

   

2. Double click the preferred task or select the task and click Next.
3. In the following screen, enter a name for the task and choose the preferred task execution schedule: Daily, Weekly, Monthly, or One time only.
   
   Task names must be unique; no two tasks can have the same name.
   
   
   
   
4. Click Next.
   
   Depending on the choice of task execution, the time and date configuration options that follow will vary:
   
   NOTE: The default start time for a task is five minutes from the current time.
   
   
   
   
5. Enter the preferred time and date for the task execution.
   
   NOTE: If the task is set to execute on a One time only basis, and the starting date is in the past, the task will not execute. If the task is set to execute on a Daily, Weekly or Monthly basis, and the starting date is in the past, the task will execute, but will start on the same day on the following week or month.
   
   Click Next.
6. The final screen of the wizard is a summary of the task that has just been created.
   
   Click Finish to complete the task schedule.
   
   
   

Assigning Workstations to Scheduled Tasks

After a task has been scheduled, it appears under the Scheduler in the Network and Groups section of the Console.

To assign workstations to a task, select the preferred computers from the Workstations pane in the Console and drag them onto the preferred task.

To see which computers are assigned to a specific task, click on the task. The assigned computers appear in the Workstations pane.

To delete a workstation from a task, click on the workstation and press Delete.

Executing a Task Immediately

To execute a task immediately, right-click the task and select Execute Task.

Deleting a Task

To delete a task, click on the task and press Delete.

Scheduled Task Properties

To see the properties of a task, right-click the task name and select View Properties.

The following screen displays:

The properties of a task cannot be changed after it has been created. Only the workstations that will execute the task can be changed by adding or deleting workstations.

Scheduled tasks will still execute even if the Enterprise Console is closed provided the local service is enabled and the network connections are not shutdown upon exiting the Console.

Managing Network and Groups

The Enterprise Console automatically arranges workstations by their workgroup or domain. Click on the appropriate workgroup or domain to view the workstations in that workgroup or domain.

The Enterprise Console can be used to define specific groups in order to arrange workstations.

Adding a New Group

To add a new group, complete the following steps:

1. In the Network and Groups pane, right-click on User Defined Groups and choose Add User Defined Group.
   The following dialog appears.
   
   
   
   
2. Enter the name of the group to be added and click Add.
   
   The group appears under User Defined Groups in the Network and Groups pane.

Building a User Defined Group Structure

After a group has been added, one or more sub-groups can be added below it, and further sub-groups can be added indefinitely as a way to differentiate between environments, as in the example shown below:

Importing Groups from Active Directory

If the group structure has already been designed within Active Directory, that structure can be imported directly into the Console.

To do this, open the Tools menu and choose Import user defined groups from Active Directory, or click the icon located in the sidebar.

The following dialog appears, enter the LDAP server information of the import location.

If the machine running the Enterprise Console has joined the desired domain and the current user has access privileges on the LDAP server click Use default LDAP host. The three fields will not require input.

Select Connect. The Active Directory hierarchy appears, select the desired entries and click Import.

Adding Workstations to a User Defined Group

Workstations can be added to a group by dragging them from the Workstations pane to the preferred group, or by using an automatic filter set during the creation of the groups.

Automatic group filtering allows workstations to be added to user defined groups automatically. The workstations are added based on their workstation name.

Wildcards (*, ?) can be used to add workstations based on a specific segment of the name.

Example: Lab1-* adds all workstations with names starting with Lab1- .

Sorting Groups Alphabetically

To sort the User Defined Groups alphabetically, right-click on User Defined Groups and choose Sort Groups Alphabetically.

Importing or Exporting Groups to File

To import groups from a file or export groups to a file, choose the preferred option from the Tools menu.

Viewing the Console Log File

The Enterprise Console keeps a log of the status and activity history of all connected workstations. The log stores information for the previous 48 hours. Information older than 48 hours is automatically deleted from the log.

To view the log file for one or many workstations, right-click on the workstation(s) and select Show Log for Selected Workstations.
To sort the log file, click on a preferred heading.

To export the log file as a .csv file, right-click and select Export to file, as shown:

Deep Freeze Console Shutdown

To shutdown the Deep Freeze Console select File followed by exit or click the close window button. Upon exit, choose to:

• Minimize the Console to the system tray.
  
  This does not stop the Console and keeps the connections active. The Deep Freeze Console icon appears in the system tray. Scheduled tasks will still execute. To reopen the Deep Freeze Enterprise Console, right-click its icon located in the taskbar and select Restore DF6 Console.
• Close Deep Freeze Console and leave the network connections running
  
  This closes the Console but keeps the connections to the workstations active. Scheduled tasks will still execute.
• Close Deep Freeze Console and shutdown network connections.
  
  This stops Console processes, closes the connections (including local service) and scheduled tasks will not be completed.

Once the set default option has been checked the dialog will not appear on future exits. To edit these settings select Tools from the menu followed by Exit Options.

Installing Deep Freeze

After a customized installation program file has been created using the Configuration Administrator, Deep Freeze can be deployed to workstations using an Attended Install, a Target Install, the Silent Install System, or as part of an imaging process.

All background utilities and antivirus software should be disabled and all applications should be closed prior to installation. These programs may interfere with the installation, which could result in Deep Freeze not functioning correctly.

The workstation restarts after any type of installation is completed. Deep Freeze must be in a Thawed state for any type of uninstall to succeed.

Any existing ThawSpace will be deleted during an uninstall if:

• the option to retain existing ThawSpace was not checked in the Configuration Administrator
• the ThawSpace was not created with Deep Freeze Enterprise Version 5 or later
• the ThawSpace is on a Windows 95/98/Me workstation

Attended Install or Uninstall

To install or uninstall Deep Freeze, complete the following steps:

1. Run the installation program file (DF6Wks.exe) on the workstation.
   The following screen appears.
   
   
   
   
2. Click Install to begin the installation. Follow the steps presented, then read and accept the license agreement. Deep Freeze installs and the workstation restarts.
   
   Click Uninstall to uninstall Deep Freeze. Uninstall can only be clicked if Deep Freeze has previously been installed. If there is an existing ThawSpace, Deep Freeze displays a dialog asking if it should be retained or deleted.

Uninstalling Deep Freeze

The Enterprise Console can be used to uninstall Deep Freeze completely or to uninstall Deep Freeze but leave the Workstation Seed. A workstation must be in a Thawed state in order to uninstall the program.

To uninstall Deep Freeze on a workstation and leave the Workstation Seed, right-click on the Thawed workstation(s) and select Uninstall - Leave Seed, as shown above. Or click the icon on the toolbar.
To completely uninstall Deep Freeze and the Workstation Seed, select the workstation(s) to be uninstalled and click the Uninstall icon on the Toolbar.

The workstation must be Thawed before Deep Freeze can be uninstalled. The Enterprise Console prompts for confirmation. Once the uninstall is confirmed, Deep Freeze uninstalls and the workstation restarts.

Silent Install or Uninstall

Deep Freeze can be rapidly installed to many workstations over a network using the Silent Install System. Any deployment utility that allows execution of a command line on a remote workstation can implement the Silent Install System. After the Silent Install is complete, the workstation immediately restarts.

The command line has the following options:

Example Command Line: DF6Wks.exe /Install /Freeze=C /PW=password

In the example, the Deep Freeze installation program file is named DF6Wks.exe. Only the C: drive will be Frozen. Any other drives on the workstation will be Thawed. If the workstation only has a C: drive, the [/Freeze] switch can be omitted. A password (password) will be created. After executing the command, Deep Freeze will install and the workstation will restart Frozen and ready to use.

The Silent Install System does not work without the [/Install] or [/Uninstall] switch.

Deep Freeze must be in a Thawed state before [/Uninstall] can be used.

To run the configuration command line options, Disable Command Line options on the Miscellaneous tab must be cleared.

Silent Install or Uninstall Using a Shortcut

Deep Freeze can be installed directly on a workstation without having to use the installation dialog box by completing the following steps.

1. Locate the Deep Freeze installation program file (DF6Wks.exe) on the target workstation.
2. Right-click on the icon and choose Create Shortcut.
3. Right-click on the shortcut and choose Properties.
4. Edit the path of the Target field by typing /install or /uninstall at the path’s end.

Example Shortcut Target: “C:\Documents and Settings\DF6Wks.exe” /install

Double-clicking on the new shortcut results in the immediate installation or uninstallation of Deep Freeze, followed by a restart of the workstation.

Deep Freeze must be in a Thawed state before /uninstall can be used.

Network Install on Multiple Workstations

The Silent Install System can also be used to install Deep Freeze on multiple workstations over a network. If the workstations on the network use logon scripts, the scripts can be used to install Deep Freeze on all networked workstations automatically. All workstations will restart Frozen and ready for use after installation has completed.

Use the following command line syntaxes to create an install error report log file:

• \\Server Name\Share Name\DF6Wks.exe /Install >> my.log

Installing Over Existing Deep Freeze Versions

Unless the Update Deep Freeze Software feature is used (for Deep Freeze 6.0 and higher), all existing Deep Freeze versions must be uninstalled prior to performing any new Deep Freeze installation.

Installing Using Imaging

Deep Freeze has been designed to work with all major imaging and desktop management software. Use either an Attended Install or the Silent Install System to install Deep Freeze on a master image.

Deep Freeze must be prepared for deployment before finalizing a master image. To prepare the master image for deployment, restart the workstation into a Thawed state and log on to Deep Freeze using the keyboard shortcut CTRL+SHIFT+ALT+F6. Select the Clone tab, and click Set Flag.

After imaging, the workstations require an additional restart for Deep Freeze to correctly detect the changes in disk configuration. If the workstations are imaged in an unattended mode, steps should be taken to ensure the workstations are restarted to allow the configuration to update.

To return to the Frozen state after imaging is complete, set Deep Freeze to Boot Thawed on next n number of restarts (in the master image) so that after n number of restarts, the workstation is automatically Frozen. Alternatively, use Deep Freeze Command Line Control to Freeze selected workstations.

Target Install

Deep Freeze can also be deployed using a Target Install from the Enterprise Console.

Managing Deep Freeze Workstations

Workstation Logon

Use one of the following ways to access Deep Freeze on a workstation.

• If the Deep Freeze icon is shown in the System Tray, hold down the SHIFT key and double-click the Deep Freeze icon
• Use the keyboard shortcut CTRL+SHIFT+ALT+F6

Either method brings up the logon dialog.

Enter the administrator password and click OK to log on to Deep Freeze.

As an additional security feature, Deep Freeze prevents dictionary attacks by automatically restarting the workstation after 10 unsuccessful login attempts.

Boot Control

The Boot Control tab is used to set the mode Deep Freeze will be in after the next restart.

Choose one of the following options:

Select the radio button next to the desired choice and click OK to save any changes. Clicking Apply and Reboot will save any changes and reboot the workstation immediately.

Network

The Network tab can be used to configure the network options on a workstation.

To choose either the LAN or the LAN/WAN method of communication, click the preferred radio button.

When the WAN radio button is selected, a valid IP address for the Enterprise Console must be entered in the Console IP field. The default port number can be changed by unchecking Use Default Port and entering the desired port number.

For further information on network configuration, refer to Appendix A.

Clone

The Clone tab is used to prepare master images for the deployment process. For more information refer to the Install Using Imaging section.

One Time Passwords

A One Time Password (OTP) can be generated using the Configuration Administrator or Enterprise Console. The administrator requires a token from the workstation in order to generate an OTP. The OTP Token for the workstation is located in the Deep Freeze logon dialog.

Refer to the Configuration Administrator documentation for more information about the One Time Password Generation System. An OTP can be used one or more times after it has been generated (depending on the options set when it was generated). All OTP passwords expire at midnight on the day they were created.

An OTP must be used to logon to Deep Freeze if no passwords were created for the Deep Freeze configuration file.

ThawSpace

ThawSpace is a virtual partition on a workstation that can be used to store programs, save files, or make permanent changes. All files stored in the ThawSpace are saved after a restart, even if the workstation is Frozen.

ThawSpace is only available if it was set to be created in the Deep Freeze Configuration Administrator.

Any existing ThawSpace is deleted during an uninstall if any of the following apply:

• the option to retain existing ThawSpace was not checked in the Configuration Administrator
• the ThawSpace was not created with Deep Freeze Professional Version 5 or later
• the ThawSpace is on a Windows 95/98/Me workstation

Permanent Software Installations, Changes, or Removals

Workstations must be Thawed for any permanent changes to take effect. Installation of software often requires one or more restarts to complete the installation.

It is recommended that the Boot Control tab is used to allow the workstation to restart with Deep Freeze Thawed until installations or changes are finished.

Deep Freeze Command Line Control (DFC.EXE)

The Deep Freeze Command Line Control (DFC) offers network administrators increased flexibility in managing Deep Freeze workstations. DFC works in combination with third-party enterprise management tools and/or central management solutions. This combination allows administrators to update workstations on the fly and on demand.

It is important to note that DFC is not a stand-alone application. DFC integrates seamlessly with any solution that can run script files, including standard run-once login scripts.

DFC commands require a password with command line rights. OTPs cannot be used.

List all commands by calling DFC without parameters.

The files are copied to C:\WINDOWS\system32\DFC.exe

DFC Return Values

On completion of any DFC command, the DFC returns the following values:

DFC Command Line Syntax

All Supported Operating Systems

Batch File Example

The example below shows how to check for a specific error level using a DOS Batch file:

Ports and Protocols Explained

The key to setting up the Deep Freeze architecture is knowing which ports to use. The important factor is knowing which ports are in use on the network and using ports that will not conflict with those. The default port, 7725 has been officially registered to Deep Freeze.

The following three components make up the Deep Freeze architecture:

• Client (with workstation or seed installed)
• Remote Console (local service enabled)
• Console (connects to the Remote Console)

As long as the clients and Remote Console connection use the same port there should not be any port conflicts between the different components:

Ports can also be used to divide the clients. If the local service is set up to run three ports (7725, 7724 and 7723), Consoles can connect to the three different ports to see a different set of clients under each port.

In the diagram above, the client(s) use both the TCP and UDP protocols to communicate with the Remote Console. The Console(s) that connects to the Remote Console uses only the TCP protocol to communicate with the Remote Console. It is important to remember the ports and protocols being used in order to prevent firewalls, switches or routers from blocking them.

Appendix A - Network Examples

The following examples show different scenarios involving local service or Remote Console.

• Example 1     Single Subnet, One Console
• Example 2     Multiple Subnets, One Console
• Example 3     Multiple Subnets, Remote Enabled Console
• Example 4     Multiple Subnets, Multiple local services

Each example explains how different Deep Freeze components interact in different networking environments.

NOTE: In the following examples, the client machines have either the Deep Freeze workstation installation or Workstation Seed installed. Both installs contain the communications component which talks to the Console/Remote Console. The difference between the workstation install and Workstation Seed is that the workstation install actually installs Deep Freeze while the Seed has only the communication component.

Example 1 - Single Subnet

In this environment, all client machines are contained in the same subnet as the Console machine. This environment does not require a remote controlled Console, although one could be used. In this example, the Remote Console is not used. This is the simplest networking environment. It is also the easiest to configure.

The following diagram shows the network topology:

The client machines, represented by the computer icons, are located on the same subnet as the Deep Freeze Enterprise Console machine, and are represented by the Deep Freeze Console icon. In this scenario, clients are using port A while the Console has setup a local service connection for the same port. This port is configured in the Deep Freeze Configuration Administrator in the Configuration tab on the Miscellaneous sub-tab, as shown below, before creating the workstation install/seed.

Example 2 - Multiple Subnets One local service

In this environment, the clients are located across more than one subnet. There is still only one Console being used. This environment does not require a Remote Console, although one could be used. The following diagram shows the network topology:

In this scenario (similar to example 1) both the clients and the connection hosted by the Console are using the same port. This port is configured in the Deep Freeze Configuration Administrator in the Configuration tab on the Miscellaneous sub-tab, before creating the workstation install/seed.

In order for the clients to be seen, they need to be configured to use a LAN/WAN connection. When the LAN/WAN option is selected, a Console IP entry box appears. Specify the IP of the machine tht will run the Console.

An example of these settings are shown in the Miscellaneous tab below:

Example 3 - Multiple Ports, Console Accessed Remotely

In this environment the clients are again located across multiple ports. In this case, more than one Console is being used. Multiple Consoles are accessed using a local service whose administrator (host) has released the connection information. The following diagram shows the network topology:

In this scenario, the host has set up a connection using the local service. Looking at the above diagram, three other Consoles connect to the host in order to see the clients according to their ports. The Consoles do not have to be a part of individual subnets as long as they can see the host.

More specifically, The Console connected through port A/B can see the host Console as well as each individual workstation assigned to ports A and B. The other Consoles connected through port B can see the host and only the workstations assigned to port B.

Example 4 - Multiple Subnets Multiple local services

In this example, there are two separate locations.

The following is a list of assumptions that are made regarding this particular example:

• the locations are spread apart and have only a minimal connection to each other
• there is a network administrator at each location who is responsible for looking after Deep Freeze at that location
• both locations need to be administered from a third location

In this example, the Remote Consoles are set up at each location and a local service is used

Location 1 (a computer lab on campus) uses port A to communicate with the clients and the connections hosted by the Console. The school library’s computers use port B, the Console in the technical support department uses the connections hosted by both lab and library Consoles.

Any console not directly communicating with a workstation should have the local service turned off
The following diagram shows the network topology:

The benefit of this setup is that it allows all the packets sent from the clients in the lab to be contained at that location. The less distance a packet must travel, the less chance there is of the packet failing.

The administrator in the lab can connect to the local service in the same location 1 but cannot connect to the local service in the library. The reason for this is that the lab administrator does not know the password to access the local service for the library. The same goes for the administrator in the library. If technical support knows the password to both local services (lab and library) the local service at both locations can be connected to, in order to administer all the clients.

Appendix B - Troubleshooting a Remote Console Connection

No Clients In the Console

The following are some common reasons why clients fail to appear in the Console.

1. Windows XP/Vista clients may have the XP/Vista firewall turned on.
   With SP1, the firewall must be turned off. With SP2, either the firewall must be turned off or the ports being used must be added to the Exceptions tab. Deep Freeze requires both TCP and UDP protocols; therefore, one exception should be added for each.
2. The Console and clients do not contain the correct network settings.
   If the Console is set up to run under one port and the clients are using another, they will not be able to see each other. Also, if the workstations are configured for LAN/WAN, the IP must be equal to the IP of the machine where the Console is running.
   
   The default LAN setup works as long as all the machines running the workstation and Console exist on the same subnet. However, if a VLAN is being run, or if there are several subnets where the clients exist, the workstation install must be configured to run under the LAN/WAN settings.
   
3. Something on the network is blocking the port used between the Console and the clients.
   Check for a connection using a ping. The clients are unable to send packets to the Console/Remote Console because there does not seem to be a route to the host. Attempting to ping the IP of the Console/Remote Console does not seem to work. To resolve this issue, make sure the two machines can connect to each other.
   
   If a server, router, or switch on the network is not allowing the port to get through, the clients will not be seen. By default, 7725 is the port being used.
   
4. The workstations were created under a different Customization Code than the Console.
   When the Deep Freeze Configuration Administrator is first run, a prompt for a Customization Code appears. This code is very important as it encrypts the software. This means that any workstations created are encrypted with this Customization Code. If a Console was created using another administrator that was installed with a different Customization Code, it cannot see workstations created under the original code. The workstations and Console must be created under a Configuration Administrator installed using the same exact Customization Code.

Port is in Use Error When Starting the Console

When attempting to start the Console, the error message Unable to start Console: Port is in use appears. There are several reasons why this error message may be appearing:

1. There is a Deep Freeze workstation or Workstation Seed installed under the same port as the Console.
   It is possible that the workstation install is in stealth mode (the icon does not appear in the system tray). The seed does not show an icon. The best test is to run a workstation install on the machine in question. If the uninstall option presents itself, the workstation or seed is installed and can be uninstalled. If the uninstall option does not appear, the workstation or seed is not installed.
   
   The simplest solution would be to first turn off the local service and then connect to a Console that can be accessed remotely.
   
2. Another program or service is using the port on this machine.
   This may involve running a port sniffer on the machine in question to see what ports are open. There are several tools available on the web to perform this action. The netstat.exe application found in Windows also should show whether the port Deep Freeze is using is already in use.
   
3. The network cable is unplugged.
   This message can occur if there is no network connection on the machine.

© 1999 - 2009 Faronics Corporation. All rights reserved. Deep Freeze, Faronics, Faronics Anti-Executable, Faronics System Profiler, FreezeX, and WINSelect are trademarks and/or registered trademarks of Faronics Corporation. All other company and product names are trademarks of their respective owners.