+ Post New Thread
Results 1 to 10 of 10
Windows Server 2008 R2 Thread, Deep Freeze in Technical; We are migrating away from Novell to Server 2008 R2 AD this summer One of my personal goals is to ...
  1. #1

    Join Date
    Jan 2007
    Posts
    948
    Thank Post
    8
    Thanked 34 Times in 26 Posts
    Rep Power
    21

    Deep Freeze

    We are migrating away from Novell to Server 2008 R2 AD this summer

    One of my personal goals is to remove the need for Deep Freeze! Can a computer be protected just as well via the group policies available within Server 2008 R2? (I'm not an expert on the subject by any means!).

    We will be using mainly XP workstations until at least Summer 2012

  2. #2


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,097
    Thank Post
    203
    Thanked 2,383 Times in 1,763 Posts
    Rep Power
    703

  3. #3
    farmerste's Avatar
    Join Date
    Mar 2007
    Location
    uk
    Posts
    339
    Thank Post
    100
    Thanked 23 Times in 20 Posts
    Rep Power
    21
    have you thought of trying cleanslate from fortresgrand?, it can be configured to work well with almost any anti-virus suite etc, might be worth a peek.
    much easier than group policy tweaking in my view

  4. #4


    Join Date
    Jan 2009
    Posts
    1,077
    Thank Post
    136
    Thanked 193 Times in 135 Posts
    Rep Power
    146
    Yes............but they also thought of the name 'Bing'.

    Say no more.


  5. #5

    Join Date
    Feb 2011
    Posts
    5
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    We are not using Deep Freeze with our Windows 7 Pro client machines and have not encountered any notable problems for the six months that we have done so.

    We use a GPO to erase the user profile after so many days. This has the same effect Deep Freeze does, at the user profile level, but would not protect the client in the same way anywhere else in the file structure (in C:\windows for example).

    Besides making sure students and teachers are not admins, we configure the same GPO to automatically reject UAC elevation (so the prompt never even appears).

    Only downside: the CONTENT of the user profiles is deleted but not the top level folder. So we have a multiplication of folders like this:

    User1
    User1.001
    User1.002
    User1.003

    etc.

    Logon time seems to take longer on Windows 7 than on XP when the user profile needs to be created afresh too.

    EDIT - unfortunately, I do not believe the erase profile settings exists for XP (and obviously not the UAC one).

  6. #6

    Join Date
    Jul 2009
    Location
    Ryde
    Posts
    118
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    10
    hey, we came from novell + Zenworks, migrated to 2003 + zenworks 6 years ago and then last year binned zenworks and moved to 2008r2, plus hyper-v/scvmm and App-v instead of zenworks. we also had deep freeze before and it sounds bad, but we didnt put AV on curric machines as it slowed them right down (old p4's, 256mb ram xp) we now have new workstations and win7 enterprise accross the board and have binned deep freeze as it was such a pain, also not patch management/SCCM friendly. we lock the machines right down via GPO and delete local profiles periodically and we have AV locally now.

    much better IMO.

  7. #7

    Join Date
    Jan 2009
    Location
    Northants
    Posts
    131
    Thank Post
    3
    Thanked 9 Times in 9 Posts
    Rep Power
    12
    We've never used deep freeze and for the IT suite and classroom PC's the lockdowns with GPO work a treat. The students only see the icons they need, they don't have access to the c: drive and can't launch EXE's from Temp Folders, USB or My doc's meaning it would be very hard for them to affect the computer. Group policy to delete profiles on logo off seems to work on XP mostly as long as the UserProfileHive cleanup tool is installed. Staff are the problem as we have historically given them way too much access(local admins on PC's), and closing that down is an issue.

  8. #8
    TheLibrarian
    Guest
    I do not believe a computer can be protected just as well with locked down group policies, I am not arguing that a computer can't be protected that way because it can just not as comprehensively as with DeepFreeze.

    The opinion within this establishment is keep DeepFreeze - we reviewed it recently.

    It does get in the way of any updates to the PC / patch management if you do not configure any maintenance time.

    It guarantees a uniformity of operation across entire suites (with the obvious caveat that the maintenance happens across all PCs uniformly).

    We have tested PCs without DeepFreeze and we do feel we would be fairly safe to remove DeepFreeze but that is only fairly safe. We no longer have the time to go fixing operating systems that get broken, this time got eaten up with other tasks after we started relying on DeepFreeze to keep our suites in working order.


    As with any security there is a trade off against functionality / usability - for our establisment we considered keeping DeepFreeze to be a no-brainer.


    For completeness it should be noted that staff here are given administrator level access to local machines - this could cause problems if we did not have DeepFreeze.

  9. Thanks to TheLibrarian from:

    farmerste (23rd March 2011)

  10. #9
    MRJoboo's Avatar
    Join Date
    Mar 2009
    Location
    Atlanta, GA
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We are actually in the progress of getting rid of Deep Freeze in our schools. We have worked for a few months on getting a GPO in place where the students couldn't do any damage to the workstations. We think we have a good one in place with tweaks and tricks all over the place. With the new group policy preferences in 2008R2, it is possible to replace Deep Freeze. Good luck!

  11. #10


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,097
    Thank Post
    203
    Thanked 2,383 Times in 1,763 Posts
    Rep Power
    703
    Quote Originally Posted by TheLibrarian View Post
    I do not believe a computer can be protected just as well with locked down group policies, I am not arguing that a computer can't be protected that way because it can just not as comprehensively as with DeepFreeze.
    What happens when your domain controllers get compromised?

    Last edited by Arthur; 22nd April 2011 at 03:15 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Deep Freeze 6
    By cpjitservices in forum Network and Classroom Management
    Replies: 0
    Last Post: 12th January 2011, 09:13 AM
  2. Deep Freeze Doubt
    By ajkannan83 in forum Educational Software
    Replies: 3
    Last Post: 12th November 2010, 03:53 PM
  3. Deep Freeze
    By ahunter in forum How do you do....it?
    Replies: 0
    Last Post: 5th October 2010, 09:50 AM
  4. Deep Freeze and Sophos
    By googlemad in forum How do you do....it?
    Replies: 1
    Last Post: 25th November 2008, 08:33 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •