Re: Deepfreeze - Why not?

[Chuck Keeler <keeler_c () MITCHELL EDU>]

Not sure why you wouldn't as long as you stick with Windows machines. We
have had some odd things happen on Mac's but with the new release we plan
to get back to them and get them frozen as well (who knows what Lion will
bring us).

As far as automating the updates, this has been addressed. We can schedule
a thaw in the middle of the night, apply the patches and then schedule
them to freeze again before students arrive the next day. In a pinch we
can thaw an entire lab, push a package for installation, and freeze the
machine again in a very short period of time. And thawing a single machine
is as easy as launching the Deep Freeze control panel on the machine,
logging in and rebooting thawed.

We also schedule a reboot of all frozen machines at 2AM to clear the
machine and set it back to original image.

Its not perfect in any respect but it has saved us allot of work in
viruses and re-imaging machines.

As far as forensics - If we know we need to look for something and the
machine wasn't rebooted we can pull whatever we need but if its been
rebooted the log files etc are gone. This hasn't caused us much of an
issue since we installed it.

Planning: You have to build your image and test all kinds of situations
with it before you make it production and freeze the machine since you
could freeze a problem inside the system without knowing. We have been
using it for about 6 years now.

___________________________________
Charles Keeler
Mitchell College
Office of Information Technology
Chief Technology Officer
(860) 701-5254





On 11/17/11 4:12 PM, "Sam Stelfox" <SStelfox () VTC VSC EDU> wrote:

> When I went down this course the most prominent answer was patches. Yes
> there is a way to boot into an override mode which will allow you to
> permanently install patches but there isn't any way to automate that. It
> means you have to go to each individual machine reboot it into the
> unprotected mode, run all of the patches (if a service pack comes out
> this can easily take an hour on a machine that isn't brandy new), then
> reboot and make sure DeepFreeze is still working.
>
> Now personally I haven't looked at it in a few years so it's possible
> they put out some sort of management tool to handle this. It doesn't
> really buy you much security in my opinion though if you don't give your
> users administrative privileges over the machines,  blow away their user
> profiles, have an up to date anti-virus/spyware/malware program on
> there, and re-image your labs on a semester to semester (or even a year
> to year basis).
>
> On 11/17/2011 04:05 PM, Sarazen, Daniel wrote:
> > Hi All,
> >
> > We have some folks who¹d like to see Deepfreeze installed on all lab
> > PCs, but the IT department is balking. What do people think is the best
> > reason to not install deepfreeze? Is there one?
> >
> > Thanks,
> >
> > Dan
>
> --
> Regards,
> Sam Stelfox
> Network Administrator
> Vermont Technical College


IMPORTANT WARNING: The information in this message (and the documents attached to it, if any) is confidential and may 
be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. 
If you are not the intended recipient, any disclosure, copying, distribution or any action taken, or omitted to be 
taken, in reliance on it is prohibited and may be unlawful. If you have received this message in error, please delete 
all electronic copies of this message (and the documents attached to it, if any), destroy any hard copies you may have 
created and notify me immediately by replying to this email. Thank you.