A Brief Introduction to Deep Freeze
by The Flatline
With the past few issues, I've noticed a few queries about a program called Deep Freeze.
Being someone who works with it on a day to day basis, I thought I might clear up a few murky areas and discuss some of its features/drawbacks to help illuminate both users and admins who might be using this software.
Deep Freeze is a program made by Hyper Technologies (www.deepfreezeusa.com) for Windows platforms, and is designed to be a deterrent to "hackers" (quoting the website here), virus solution, and maintenance tool.
Essentially, what the program does is take an image of your hard drive on installation and "freeze" the system, making any changes to the system after boot-up temporary. I have been hard pressed to find something Deep Freeze couldn't undo after taking basic precautions (more on those later).
Formatted drives are back on reboot, programs installed over a freeze are gone, a virus can even infect the system, and on a restart, it will be gone.
However, the computer isn't permanently frozen. The program can be uninstalled of course, once the computer itself is "thawed," but Deep Freeze can also temporarily disable itself for a time so that one may make changes as needed.
It quickly becomes apparent that it is vital on installation of Deep Freeze to have everything perfect on your computer before freezing it. Disabling Deep Freeze can be a pain in the ass and time consuming, so getting a good, clean, working install right out the gate is vital. Obviously, for an open lab/school environment, Deep Freeze is incredibly useful in keeping computers running with relatively few problems.
Unfortunately, I haven't taken a peek under the hood as it were to see just how Deep Freeze does what it does, but my bosses and I would be very interested if someone out there would take a look and get back to us on the mechanics of the program.
Deep Freeze currently has three major versions that I am aware of and have had experience with, two of which are outdated. The first is a standalone install, usable only in a Windows 95 or Windows 98 environment. This version is different from other versions in that it is the only one to have the disabling process before windows starts up. Watch the computer boot up. The windows splash screen should pop up for a moment before going to a black screen, and in the upper left-hand corner of the screen you should see five dots appear, one second apart from each other. This is your opportunity to hit Ctrl+F8 to access a password prompt.
After entering the password, you have numbered options available to you in a text screen, which you access by hitting the number. You can continue booting the computer, boot the computer thawed, or change the password. These are all pretty self-explanatory.
Note that this version has a few flaws in it. You can Ctrl+Break during boot-up, either to mess with how Windows starts up, or even in theory to prevent Deep Freeze from starting. (I haven't tried this yet; we migrated away from this version pretty quickly.)
Next, you have to thaw the computer on every reboot, so once the machine is thawed, you can keep it thawed by doing a soft-reboot in windows (left Shift as you click O.K. to restart on the Shutdown menu). Double-clicking on the "Frozen" icon 
in your task tray displays ASCII text as was mentioned in an article. This is text used for One-Time Password (OTP) generation.
Basically, this version allows you to call up Hyper Technologies and give them this code, and they reply with a password that is usable on that machine once. You can then reboot, use the OTP, and reset your password. Obviously, a little social engineering is all that's needed to defeat this. Hyper Technologies must have realized this, because it doesn't use this system anymore.
The next two versions of Deep Freeze come in two different flavors. The first is Standard, which retains the stand-alone method of installation of the old version and needs configuration on each computer. The second flavor is the Pro version, which comes as a console package, then creates individual, tailored. The two release versions more or less are identical, the only difference being that one supports Windows through Windows 2000, and the most recent also supports Windows XP.
The console is kind of nifty.
On install, it asks you for a string to make the console unique, so that one console won't affect every install of Deep Freeze out there. After that, it gives you the ability to create diskette-sized install packages for your computers.
By default, there is no set password, nor is there the ability to set a password. Default settings use only the OTP option, relocated from Hyper Technologies to the console.
However, if you want to have a static password, you have the option of setting up to five and the option to change any of those five passwords. You also have the option to freeze individual drives or all drives to schedule "maintenance time" (times of day where the computer reboots and is automatically thawed for a set period of time), an idle reboot timer (after x number of minutes of no keyboard/mouse activity, the computer reboots and refreshes itself in the process), the opportunity to create a "ThawSpace," which is basically a mini-file given a drive letter that isn't frozen by Deep Freeze, and the ability to lock out access to the clock/calendar, and disable the Ctrl+Break function at boot-up.
After all this is done, you save the configuration, create a setup file, and zap it to your diskette. You can also disable the "Deep Freeze" icon in the system tray, forcing the user to use the keystroke combination of Ctrl+Alt+Shift+F6 to get to the password prompt.
On the computer side, the computer now boots up frozen. If you hold down Alt+Shift and double-click the "Deep Freeze" icon (or use the above keystroke combination), a window will pop up prompting you for a password.
At the top of the window, you can see your OTP token to get a password from the console, as well as the version number. The latest one I'm aware of is somewhere around V4.20. Enter the password and you get three radio button options with the box labeled Status on Next Boot. The options are Boot Frozen, Boot Thawed on next [X] restarts" (X is configurable), and Boot Thawed (until you say otherwise). Also, it appears that the latest version will automatically allow the updating of daylight savings, without having to thaw the computer to change it. Perhaps this is the reason why Deep Freeze will block access to the clock now.
Uninstallation for all three versions involves thawing Deep Freeze. With the first two versions you can then go to the control panel and add/remove programs and remove it that way. The most recent version now requires that you run the setup file from your install disk with Deep Freeze thawed for the option to uninstall, so don't toss the install disks after you're done with them.
There are still some issues with Deep Freeze that I doubt can be avoided through programming. First, naturally, is the observation that booting to a floppy will prevent Deep Freeze from starting. Any admin worth his weight will turn off boot from floppy and password the BIOS to prevent tampering as is.
Second, System Restore in Windows XP has the ability to uninstall Deep Freeze, even while it's on and frozen, by simply restoring the computer to a point before when Deep Freeze is installed! It basically does to Deep Freeze what Deep Freeze does to the rest of the computer. Any sysadmin should disable System Restore in such a public setting as would justify Deep Freeze from being used.
With those two precautions in effect, it becomes very difficult to get around Deep Freeze. With the implementation of a central, unique console, security involving the OTP is a little better (admins have control over it now at least).
Finally one note on the usage of Deep Freeze on Windows NT-based machines. For some reason, Deep Freeze seems to be dependent on the SID. In an environment that uses image-casting software to deploy images to multiple computers, Deep Freeze screws up royally after running Sysprep or refreshing the SID, usually requiring a format to fix the problem.
It's important to pull it off before refreshing the SID, and then put it back on.
Speaking of imaging, one weird quirk with Symantec GHOST and Deep Freeze is that occasionally, when performing a hard reset on a computer or rebooting after the computer has reached the It is now safe to shut down your computer. screen, it will prompt you with a screen saying Operating System not found. It's a minor annoyance, as a reboot fixes the problem, and it's rather rare.
Actually keep a copy of Deep Freeze around for my home computer. Why? It makes a great sandbox to play around in.
I can do anything I want and screw up my system as much as possible, and the fix is only a reboot away. Anyone wanting to fool around on a computer with Deep Freeze on it can do so without worrying about messing up the software.
You can even power off or reset the computer without the proper shutdown procedure. Deep Freeze doesn't care if Windows shut down improperly - it restores it to a nice state anyway.
Hopefully you've gained a little bit better understanding of this program. It's becoming more widely used in the world, and understanding its strengths and weaknesses helps the curious better use or appreciate the program. It's also a great example of how a strong piece of software can be bypassed due to the ignorance of an administrator.