Advanced Settings Tab

Using Deep Freeze Cloud Console : Deep Freeze Service : Advanced Settings Tab

Advanced Settings Tab

Configure the following settings:

Advanced Options

•

Disable Command Line options - This option is selected by default. Clearing this check box allows for further customization of the Deep Freeze installation program when using the Silent Install System. Selecting this option prevents the pre-existing configuration choices from being changed during installation.

•

Protect Master Boot Record (MBR) - Select this check box if you want Deep Freeze to protect the Master Boot Record. If this option is selected, changes to the Master Boot Record are reversed on reboot when the computer is in a Frozen state.

•

Delay Frozen reboot to complete Windows updates - Select this option to delay reboot into a Frozen state if configuration or installation for Windows updates are pending. If you select this option and perform Windows updates (through means other than Deep Freeze), rebooting into a Frozen State will ensure that all Windows updates installation and configuration are completed before rebooting into a Frozen state.

If you select Delay Frozen reboot to complete Windows updates and install Deep Freeze, the installer checks if all Windows updates are completed. If the Windows updates are not completed, Deep Freeze installation will not proceed. Complete Windows updates and try installing Deep Freeze again.

If you disable Delay Frozen reboot to complete Windows updates and install Deep Freeze, ensure that all Windows updates are completed manually. Disabling this option may result in the computer being stuck in a reboot cycle due to incomplete Windows updates.

•

Enable Deep Freeze local policies - For enhanced security, Deep Freeze removes the following local privileges: debugging programs, modifying firmware, and changing the system time; clear this option to use existing privileges.

—

Allow user to change the clock - Select this option to allow Frozen users to adjust the system clock. Enable this feature during Daylight Savings to allow Windows to update the time automatically each season.

•

Manage Secure Channel Password — Secure Channel Password is a feature of all Windows operating systems and only applicable if the system is running in Windows Server Domain Environment. Secure Channel Password is used for secure communication between the server and workstations. The Secure Channel Password is automatically changed based on the operating system settings. While using Deep Freeze, the newly changed Secure Channel Password is lost on reboot. The Manage Secure Channel Password option avoids this situation. The Manage Secure Channel Password feature of Deep Freeze changes the value of the Group Policy Maximum machine account password age based on the Deep Freeze state (Frozen or Thawed).

—

Select the Manage Secure Channel Password option if you want Deep Freeze to manage Secure Channel Password.

When the workstation is Frozen: The workstation will not change the Secure Channel Password. This ensures that the secure communication between the server and the workstation is always maintained.

When the workstation is Thawed: The workstation will change the Secure Channel Password and sync the password with the server.

—

Do not select the Manage Secure Channel Password option if you do not want Deep Freeze to manage the Secure Channel Password.

When the workstation is Frozen: When the Secure Channel Password is changed and synced with the server, it resets to the old password on reboot.

When the workstation is Thawed: If the workstation is Thawed on the day the Secure Channel Password is changed, the new password takes affect and the workstation is synced with the server.

•

Restart on Logoff - Select this check box to Restart the computer automatically when it is logged off. If this option is selected, the computer is restarted when a user logs off in a Frozen state.

The Manage Secure Channel Password feature of Deep Freeze always overrides the Group Policy Maximum machine account password age.

Set the following in the Group Policy for the Manage Secure Channel Password feature to work:

Domain Controller: Refuse machine account password changes to Not Defined

Domain Member: Disable machine account password changes to Disabled

On Demand Cloud Relay Configuration (Optional)

The Cloud Agent installed on the computers report to the Cloud Relay. The Cloud Relay reports to the Deep Freeze Cloud. Real-time Deep Freeze actions can be performed on the computers through the Cloud Relay.

The following two methods are available to identify the Cloud Relay:

•

specify the Cloud Relay IP, which must be static

•

specify the Cloud Relay Name, in which case the IP can be dynamic (if valid DNS name resolution is available as part of the domain infrastructure).

When the Cloud Relay is behind a firewall or a NAT (network address translation) router, the firewall or router must be configured to allow traffic to pass through to the Enterprise Console. Depending on the firewall or router, computers may need to be configured with the IP address of the firewall so that traffic can be forwarded.

Deep Freeze automatically configures the required exceptions in the Windows Firewall. It is not required to configure the Windows Firewall manually.

Stealth Mode

•

Show Frozen icon in system tray - Select this option to display the icon to indicate that Deep Freeze is installed and the computer is Frozen.

•

Show Thawed icon in system tray - Select this option to display the icon to indicate that Deep Freeze is installed but the computer is Thawed.

Deep Freeze Command Line Control (DFC.EXE)

Deep Freeze Command Line Control (DFC) offers network administrators increased flexibility in managing Deep Freeze computers. DFC works in combination with third-party enterprise management tools and/or central management solutions. This combination allows administrators to update computers on the fly and on demand.

Using Deep Freeze Command Line will render the computers out of sync with the policy currently applied. To get the computers back in sync, reapply the policy.

It is important to note that DFC is not a stand-alone application. DFC integrates seamlessly with any solution that can run script files, including standard run-once login scripts.

DFC commands require a password with command line rights. OTPs cannot be used.

List all commands by calling DFC without parameters.

The files are copied to (32-bit)

<WINDOWS>\system32\DFC.exe

The files are copied to (64-bit)

<WINDOWS>\syswow64\DFC.exe

DFC Return Values

On completion of any DFC command, the DFC returns the following values:

Syntax

Description

0

SUCCESS or Boolean FALSE, for commands returning a Boolean result

1

Boolean TRUE

2 ERROR

User does not have administrator rights

3 ERROR

DFC command not valid on this installation

4 ERROR

Invalid command

5 - * ERROR

Internal error executing command

Deep Freeze Command Line Syntax

Deep Freeze has a maximum password limit of 63 characters. If a longer password is entered, the command will not be successful.

Syntax

Description

DFC password /BOOTTHAWED

Restarts computer in a Thawed state; only works on Frozen computers.

DFC password /THAWNEXTBOOT

Sets computer to restart Thawed the next time it restarts; only works on Frozen computers and does not force computer to restart.

DFC password /BOOTFROZEN

Restarts computer into a Frozen state; only works on Thawed computers.

DFC password /FREEZENEXTBOOT

Sets up computer to restart Frozen the next time it restarts; only works on Thawed computers and does not force computer to restart.

DFC get /ISFROZEN

Queries computer if it is Frozen. Returns error level 0 if Thawed. Returns 1 if Frozen.

DFC get /CLONE

Sets the clone flag for the purpose of imaging.

DFC password /CFG=[path] depfrz.rdx

Replaces Deep Freeze configuration information. Works on Thawed or Frozen computers. Password changes are effective immediately. Other changes require restart.

DFC get /version

Displays Deep Freeze version number.

DFC password /UPDATE=[path to installer file]

Sets up computer to restart in a Thawed state and install a Deep Freeze update.

DFC password /LOCK

Disables keyboard and mouse on computer. Works on Frozen or Thawed computer and does not require a restart.

DFC password /UNLOCK

Enables keyboard and mouse on computer. Works on Frozen or Thawed computer and does not require a restart.

DFC password /THAWLOCKNEXTBOOT

Sets up computer to restart in a Thawed state with keyboard and mouse disabled; only works on Frozen computers

DFC password /BOOTTHAWEDNOINPUT

Restarts computer in a Thawed state with keyboard and mouse disabled; only works on Frozen computers

DFC password /WU [/UNLOCK] [/NOMSG | /NOMESSAGE] [/THAW]

Windows Updates will be downloaded and installed on the workstation.

[/UNLOCK] Optional parameter to enable the Keyboard and Mouse during Windows Update.

[/NOMSG | /NOMESSAGE] Optional parameter to suppress all informational/warning messages from DeepFreeze during Windows Update.

[/THAW] Optional parameter to return the machine into Thawed State after completion of Windows Update.

DFC password /ENDTASK

Ends the ongoing Workstation Task and reboots into Frozen state. Batch File Task and Thawed Period Task end immediately. Windows Update Task is completed.

Syntax	Description
0	SUCCESS or Boolean FALSE, for commands returning a Boolean result
1	Boolean TRUE
2 ERROR	User does not have administrator rights
3 ERROR	DFC command not valid on this installation
4 ERROR	Invalid command
5 - * ERROR	Internal error executing command

Syntax	Description
DFC password /BOOTTHAWED	Restarts computer in a Thawed state; only works on Frozen computers.
DFC password /THAWNEXTBOOT	Sets computer to restart Thawed the next time it restarts; only works on Frozen computers and does not force computer to restart.
DFC password /BOOTFROZEN	Restarts computer into a Frozen state; only works on Thawed computers.
DFC password /FREEZENEXTBOOT	Sets up computer to restart Frozen the next time it restarts; only works on Thawed computers and does not force computer to restart.
DFC get /ISFROZEN	Queries computer if it is Frozen. Returns error level 0 if Thawed. Returns 1 if Frozen.
DFC get /CLONE	Sets the clone flag for the purpose of imaging.
DFC password /CFG=[path] depfrz.rdx	Replaces Deep Freeze configuration information. Works on Thawed or Frozen computers. Password changes are effective immediately. Other changes require restart.
DFC get /version	Displays Deep Freeze version number.
DFC password /UPDATE=[path to installer file]	Sets up computer to restart in a Thawed state and install a Deep Freeze update.
DFC password /LOCK	Disables keyboard and mouse on computer. Works on Frozen or Thawed computer and does not require a restart.
DFC password /UNLOCK	Enables keyboard and mouse on computer. Works on Frozen or Thawed computer and does not require a restart.
DFC password /THAWLOCKNEXTBOOT	Sets up computer to restart in a Thawed state with keyboard and mouse disabled; only works on Frozen computers
DFC password /BOOTTHAWEDNOINPUT	Restarts computer in a Thawed state with keyboard and mouse disabled; only works on Frozen computers
DFC password /WU [/UNLOCK] [/NOMSG \| /NOMESSAGE] [/THAW]	Windows Updates will be downloaded and installed on the workstation. [/UNLOCK] Optional parameter to enable the Keyboard and Mouse during Windows Update. [/NOMSG \| /NOMESSAGE] Optional parameter to suppress all informational/warning messages from DeepFreeze during Windows Update. [/THAW] Optional parameter to return the machine into Thawed State after completion of Windows Update.
DFC password /ENDTASK	Ends the ongoing Workstation Task and reboots into Frozen state. Batch File Task and Thawed Period Task end immediately. Windows Update Task is completed.