Advanced Settings Tab
Configure the following settings:
Advanced Options
• Disable Command Line options – This option is selected by default. Clearing this checkbox allows for further customization of the Deep Freeze installation program when using the Silent Install System. Selecting this option prevents the pre-existing configuration choices from being changed during installation.
• Protect MBR/GPT – Select this checkbox if you want Deep Freeze to protect the Master Boot Record. If this option is selected, changes to the Master Boot Record are reversed on reboot when the computer is in a Frozen state.
• Enable Deep Freeze local policies – For enhanced security, Deep Freeze removes the following local privileges: debugging programs, modifying firmware, and changing the system time; clear this option to use existing privileges.
• Allow user to change the clock – Select this option to allow Frozen users to adjust the system clock. Enable this feature during Daylight Savings to allow Windows to update the time automatically each season.
• Manage Virtual Memory – Enable this for rare cases where hardware with limited RAM may experience performance issues. Selecting this option allows Deep Freeze to manage the page file size.
| This option is disabled by default. The page file size will be adjusted to match the RAM size if this option is enabled, which will allocate more hard drive space on the workstation. |
• Manage Secure Channel Password – Secure Channel Password is a feature of all Windows operating systems and only applicable if the system is running in Windows Server Domain Environment. Secure Channel Password is used for secure communication between the server and computers. The Secure Channel Password is automatically changed based on the operating system settings. While using Deep Freeze, the newly changed Secure Channel Password is lost on reboot. The Manage Secure Channel Password option avoids this situation. The Manage Secure Channel Password feature of Deep Freeze changes the value of the Group Policy Maximum machine account password age based on the Deep Freeze state (Frozen or Thawed).
> Select the Manage Secure Channel Password option if you want Deep Freeze to manage Secure Channel Password.
When the computer is Frozen: The computer will not change the Secure Channel Password. This ensures that the secure communication between the server and the computer is always maintained.
When the computer is Thawed: The computer will change the Secure Channel Password and sync the password with the server.
> Do not select the Manage Secure Channel Password option if you do not want Deep Freeze to manage the Secure Channel Password.
When the computer is Frozen: When the Secure Channel Password is changed and synced with the server, it resets to the old password on reboot.
When the computer is Thawed: If the computer is Thawed on the day the Secure Channel Password is changed, the new password takes affect and the computer is synced with the server.
• Restart on Logoff – Select this checkbox to Restart the computer automatically when it is logged off. If this option is selected, the computer is restarted when a user logs off in a Frozen state.
| The Manage Secure Channel Password feature of Deep Freeze always overrides the Group Policy Maximum machine account password age. Set the following in the Group Policy for the Manage Secure Channel Password feature to work: Domain Controller: Refuse machine account password changes to Not Defined. Domain Member: Disable machine account password changes to Disabled. |
• Delay Frozen reboot to complete Windows updates – Select this option to delay reboot into a Frozen state if configuration or installation for Windows updates are pending. If you select this option and perform Windows updates (through means other than Deep Freeze), rebooting into a Frozen State will ensure that all Windows updates installation and configuration are completed before rebooting into a Frozen state.
| If you select Delay Frozen reboot to complete Windows updates and install Deep Freeze, the installer checks if all Windows updates are completed. If the Windows updates are not completed, Deep Freeze installation will not proceed. Complete Windows updates and try installing Deep Freeze again. If you disable Delay Frozen reboot to complete Windows updates and install Deep Freeze, ensure that all Windows updates are completed manually. Disabling this option may result in the computer being stuck in a reboot cycle due to incomplete Windows updates. |
• Retain Windows Event Logs – Select this option to retain Windows Event Logs. Deep Freeze creates a 100 MB ThawSpace and stores all Windows Event Logs so they are not erased upon reboot even when the computer is in a Frozen state. The log file is recycled once it reaches 100 MB. The log files contain events related to Application, Hardware, System and Security.
• Manage Local Administrator Password Solution – Local Administrator Password Solution (LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on Active Directory-joined or Windows Server Active Directory-joined machines.
When this option is enabled on systems where LAPS setup is detected, Deep Freeze will disable the ability of LAPS to change the configured local admin password in Frozen state and allow to do so in Thawed state. This feature ensures that the current admin password can be rotated only in Thawed state and remain synchronized with Active Directory.
On Demand Cloud Relay Configuration (Optional)
The Cloud Agent installed on the computers report to the Cloud Relay. The Cloud Relay reports to the Deep Freeze Cloud. Real-time Deep Freeze actions can be performed on the computers through the Cloud Relay.
The following two methods are available to identify the Cloud Relay:
• Specify the Cloud Relay IP, which must be static.
• Specify the Cloud Relay Name, in which case the IP can be dynamic (if valid DNS name resolution is available as part of the domain infrastructure).
When the Cloud Relay is behind a firewall or a NAT (network address translation) router, the firewall or router must be configured to allow traffic to pass through to the Enterprise Console. Depending on the firewall or router, computers may need to be configured with the IP address of the firewall so that traffic can be forwarded.
| Deep Freeze automatically configures the required exceptions in the Windows Firewall. It is not required to configure the Windows Firewall manually. |
Stealth Mode
• Show Frozen icon in system tray – Select this option to display the icon to indicate that Deep Freeze is installed and the computer is Frozen.
• Show Thawed icon in system tray – Select this option to display the icon to indicate that Deep Freeze is installed but the computer is Thawed.
| If the options to show the Deep Freeze icon in the System Tray are unchecked, the keyboard shortcut CTRL+ALT+SHIFT+F6 must be used to access the logon dialog. |
Deep Freeze Command Line Control (DFC.EXE)
Deep Freeze Command Line Control (DFC) offers network administrators increased flexibility in managing Deep Freeze computers. DFC works in combination with third-party enterprise management tools and/or central management solutions. This combination allows administrators to update computers on the fly and on demand.
| Using Deep Freeze Command Line will render the computers out of sync with the policy currently applied. To get the computers back in sync, reapply the policy. |
It is important to note that DFC is not a stand-alone application. DFC integrates seamlessly with any solution that can run script files, including standard run-once login scripts.
DFC commands require a password with command line rights. OTPs cannot be used.
List all commands by calling DFC without parameters.
The files are copied to (32-bit)
<WINDOWS>\system32\DFC.exe
The files are copied to (64-bit)
<WINDOWS>\syswow64\DFC.exe
DFC Return Values
On completion of any DFC command, the DFC returns the following values:
Syntax | Description |
---|
0 | SUCCESS or Boolean FALSE, for commands returning a Boolean result |
1 | Boolean TRUE |
2 ERROR | User does not have administrator rights |
3 ERROR | DFC command not valid on this installation |
4 ERROR | Invalid command |
5 – * ERROR | Internal error executing command |
Deep Freeze Command Line Syntax
| Deep Freeze has a maximum password limit of 63 characters. If a longer password is entered, the command will not be successful. |
Syntax | Description |
---|
DFC password /BOOTTHAWED | Restarts computer in a Thawed state; only works on Frozen computers. |
DFC password /THAWNEXTBOOT | Sets computer to restart Thawed the next time it restarts; only works on Frozen computers and does not force computer to restart. |
DFC password /BOOTFROZEN | Restarts computer into a Frozen state; only works on Thawed computers. |
DFC password /FREEZENEXTBOOT | Sets up computer to restart Frozen the next time it restarts; only works on Thawed computers and does not force computer to restart. |
DFC get /ISFROZEN | Queries computer if it is Frozen. Returns error level 0 if Thawed. Returns 1 if Frozen. |
DFC get /CLONE | Sets the clone flag for the purpose of imaging. |
DFC password /CFG=[path] depfrz.rdx | Replaces Deep Freeze configuration information. Works on Thawed or Frozen computers. Password changes are effective immediately. Other changes require restart. |
DFC get /version | Displays Deep Freeze version number. |
DFC password /UPDATE=[path to installer file] | Sets up computer to restart in a Thawed state and install a Deep Freeze update. |
DFC password /LOCK | Disables keyboard and mouse on computer. Works on Frozen or Thawed computer and does not require a restart. |
DFC password /UNLOCK | Enables keyboard and mouse on computer. Works on Frozen or Thawed computer and does not require a restart. |
DFC password /THAWLOCKNEXTBOOT | Sets up computer to restart in a Thawed state with keyboard and mouse disabled; only works on Frozen computers. |
DFC password /BOOTTHAWEDNOINPUT | Restarts computer in a Thawed state with keyboard and mouse disabled; only works on Frozen computers |
DFC password /WU [/UNLOCK] [/NOMSG | /NOMESSAGE] [/THAW] | Windows Updates will be downloaded and installed on the computer. [/UNLOCK] Optional parameter to enable the Keyboard and Mouse during Windows Update. [/NOMSG | /NOMESSAGE] Optional parameter to suppress all informational/warning messages from Deep Freeze during Windows Update. [/THAW] Optional parameter to return the machine into Thawed State after completion of Windows Update. |
DFC password /ENDTASK | Ends the ongoing Workstation Task and reboots into Frozen state. Batch File Task and Thawed Period Task end immediately. Windows Update Task is completed. |
DFC password /ENDTASK [/SHUTDOWN] | Ends the ongoing Workstation Task and reboots into Frozen state. Batch File Task and Thawed Period Task end immediately. Windows Update Task is completed. [/SHUTDOWN] Optional parameter to shut down the computer. |
DFC password /FORMATTHAWSPACE | Formats all the ThawSpaces on the computer. Data stored on the ThawSpaces will be deleted permanently. |
DFC password /DELETETHAWSPACE | Deletes all the ThawSpaces on the computer. Data stored on the ThawSpaces will be deleted permanently. |