Domain: deepfreezeusa.com
Stories and comments across the archive that link to deepfreezeusa.com.
Comments · 31
-
Re:Flawed methodology
Are you allowing IE and OE to run? Because if you don't have a real firewall then they can still be launched. How about Noscript and Adblock? The reason I ask is I have almost the same situation: Two boys,teenagers at that,whom I let loose on the laptop all the time. They are doing the same things as yours,gaming(Games:youngest Lunia,oldest FPS)social sites(Oldest Myspace) and Youtube. I scan the machine monthly with both an online and offline scanner and found nothing. Nada zip zilch squat. So either your kids are clicking on the ZOMG LOOK AT TH1S! kind of junk,or you have a security hole the size of Texas that you missed.
Try logging what is going on to find out what they are REALLY doing,since I am smelling something fishy. But if you don't want to go to the hassle try this which is what we used to sell to those that couldn't quit clicking on the stupid virus emails. With Deepfreeze the machine will revert to however it was when you installed it on next reboot. Takes a little bit to set up but once done you won't have to worry about that PC again.And as always this is my 02c,YMMV
-
deep freeze
Deep Freeze won't completely fix any problems that are already there either on the computer or in the relationship, but it can "freeze" the hard drive, or drives so that any changes made to them won't stay on the next reboot. There are ways to work around it if you boot from a floppy, but just remove the floppy drive and you are set. Deep Freeze's website is http://www.deepfreezeusa.com/
... also a great secondary use for deep freeze is to use it on main OS's drive so that it'll keep whatever virii or other problems you run in to, whether it's that time limited demo software's timer or something else from remembering that it's been installed once you reboot. Makes an awesome little sandbox, and lots of universities use it to keep students from installing junk on the comptuers for good - even though it does arguably encourage downloading and installing software since it lets most record of downloaded and installed stuff, warez or otherwise, from being too traceable once you reboot,... which leaves some kiddies installing time delay demos over and over and over without any repurcussions. -
Want to know the most ironic thing about this?
One of the most ironic things about schools fighting piracy is that a lot of system admins at schools across the nation have installed Deepfreeze from http://www.deepfreezeusa.com/ That program allows the main OS on the hard drive to be "frozen" while secondary internal or external drives can be unfrozen and still saved too. What's super duper ironic about this sort of junk is that it allows any student at any time to download whatever software they want to the computer, time limit demos, or otherwise, reboot, and the computer will forget the stuff was ever installed... therby letting the student install whatever stuff they want at any time, erasing most, but not all, signs the install ever happened. There's been many articles about this software in 2600 hacker mag. The more they fight piracy the more they are actually encouraging it. It's sort of like if you want people to walk on the grass, be sure to put up big signs that say please don't walk on the grass.
-
Here's a way around it...
Use Deep Freeze. http://www.deepfreezeusa.com/ - it makes all changes to the "frozen" drive be temporary til you reboot. If you aren't manually deleting things and it is, you can then blame the software... Deep Freeze has been in several 2600 Magazine Articles for a lot of reasons... it's a great little sandbox to play in... System Admins at colleges and high schools use it to keep their main os from being corrupted by users - users find ways around it though.
In theory, Deep Freeze also can let you reinstall a time limited demo software thousands of times to the frozen C: drive or similar places so long as main OS is on C:... what that means is system admins by using Deep Freeze are really sort of just asking people to pirate in a roundabout way... it's a wonder RIAA and/or BSA hasn't chased down all users of Deep Freeze yet. Of course, they won't since it'll make schools look bad, and show the RIAA and BSA's true faces.... -
Re:Or maybe you could just use a stable OS.
Deepfreeze is a program that will wipe out changes to a computer upon reboot. I work for my local school board and we use it on quite a few systems and it works great for us.... especially when we had that Sasser outbreak.
-
Re:Plug-n-play IDE drives a solution?
Would it be possible for people to bring in their own disks (USB disks, perhaps? How cheap can you make a 10GB USB disk?) with their own copy of HL installed and play off those? They're using their own copy, and not copying it, and not having it installed on multiple machines (read: hard drives), so the license is satisfied.
From what I see, there's no problem installing anything on a mobilehard drive. While some agressive lawyers may attempt to say that's piracy, nothing in a EULA states that a software package can only run on one specific computer or hardware configuration. Those things sometimes exist, but those are an exception rather than the rule (and those terms are ignored anyway).
Of course, Steam seems to keep track of absoluite paths in order to identify the location of the Steam cache files. If you want to get it working on such a mobile harddrive, you need to delete the "ClientRegistry.blob" file in the steam directory (and re-update the client - not an efficient way of handing bandwidth. )
If users has that kind of access to the computer, then you probably want to give them access to a program known as DeepFreeze. If you use it, you can give your customers as much control over your computer as you want, while at the same time lock them out from doing changes to the network. (Usually, power user permissions combined with allowing the Windows installer to use escalated permissions is sufficient, but there are some applications that still demand "Administrator" privilages without a good reason.)
The cybercafe could also turn a blind eye to what users do--they could, for instance, not kick out (condone) people who bring in cd/dvd images of their Steam directories, along with their exported registry keys. (Someone could write a little program that allows for "temporary" registry keys, so people don't cause any permanent damage to the machines.) All the mess gets cleaned up at the end of the day in any event as the disks are reloaded from a pristine image.
DeepFreeze cleans up everything - including virus infections. There are ways to get around DeepFreeze, but they aren't that well known.
-
Re:I hate this shit, SO much...
Have you looked into using a product like Deep Freeze? It locks the HDD down in such a manner that you can install whatever you want to but upon rebooting it returns to the state it was in when Deep Freeze was installed. Just have everybody save to removable media, a network share, or make DF ignore a particular directory and the problem is solved. I've used this as a solution in a couple of small private schools and it works like a charm.
Dok -
Re:Mission
Windows has such a feature called "System Restore" or even getting a 3rd party program "Norton Ghost" would solve your issues.
Also ... for someone trying to keep many systems the same all the time (only doing simple work like word processing or the such) install a program called Deepfreeze and it can "freeze" your drives so when you reboot it goes back to a safe setting. This of course can be disabled to install new things.
If you where to use ONLY Certified Products for windows im sure your issues would happen alot less. Installing Kazaa and all these "dirty" 3rd party programs will eventually lead to issues.
In my long time of fixing machines I noticed the "triple combo" I like to use while fixing my machine.
Norton Windoctor
Lavasoft Ad-Aware (or somthing of the kind)
Norton Speed disk (not really needed but does make some speed improvements)
These 3 will usually fix a machine to the point where it is usable. Removing some of the slowness and such. Heck it made a Windows ME install last almost 2 years doing it weekly.
Windows XP SP2 solves ALOT of these issues. Microsoft has made you almost FORCED to keep a AV scanner running , Firewall and Automatic Windows updates. If you don't have one of these running the new "security center" will bitch at you till you do. The new Windows XP firewall is similar to Nortons where you can set what programs are to have access to the net. (unlike the old firewal which basicly blocked all ports and made direct connections almost impossible). The new automatic update wizard is also very impressive and Windows update has a much cleaner GUI. I can't wait till that one comes out in final.
It's no so much the Operating system as it is the user of it. You install the wrong shit, stuff will break.
Im done rambling :) -
Windows is an option...
I find that most people's parents a) Do not know how to use Linux or Mac OS b) Have little interest in learning them c) Require even more tech support if you do get them to switch somehow As a result, I find its best to just make do with windows. In some cases, products such as Deep Freeze and other such apps will do a fine job of preventing a computer from being messed up. Other times just configuring the computer properly and explaining a thing or two to the users will suffice. I have my folks on windows 2000 using the administrator account. Other then a hard drive failure (hardly their fault), they have not had a lick of trouble despite not being technologically inclined. Simply dismissing because they won't switch to operating systems doesn't do anybody any good.
-
Deep Freeze
Where I work, we use Deep Freeze to keep people from installing unwanted software. You can freeze some sections of the hard drive (such as C:\windows), and unfreeze others. I find it useful to have an unfrozen D:, and set "my documents" etc to point somewhere there.
Of course, this doesn't work well with XP (needs updates for those nasty worms), but in that case you'd just have to make your family members underprivileged users.
My aunt is getting a new computer and High Speed. I'm putting strong consideration into turning their old box into a 'nix server/firewall... maybe with a proxy that blocks .EXE or .ZIP files (and a special username to download the ones they need). That gives me SSH access to their network, a way to have it call my server to update dynamic IP's, and I can tunnel VNC as needed. Email could also be fetched through here and stripped of nasties using mailscanner/spamassassin/others -
Re:Another story; and programmers vs. techs
Actually one program I found REALLY good for things like that is "Deep Freeze". It lets boot up and you notice nothing different but you CAN'T change the drive. Once you reboot it will go back to normal. Your user could delete the windows dir, it would break then simply reboot and it comes back. This would be good for more public computers not as much a "personal" computer. You can always "thaw" a drive if you wanted to tho.
Deepfreeze USA
Here is a nifty link if your intrested -
Re:You know, a thought [OT]
Interesting idea, but there's actually already a Windows equivalent of exactly that. I'm not sure how widespread it is (though I do know my University uses it on all non-faculty machines), but it's called Deep Freeze. Basically, the admin sets up a machine to a 'stock' state and then activates Deep Freeze which completely sets it clean after every reboot.
Anyone have any idea how this actually works? They claim that it "does not use an image" and I've heard talk that it somehow sits between the BIOS and OS, but I've been unable to find any solid info. It is vulnerable to an attack using, say, a Knoppix disc, but from within Windows, you can change anything you want, down to reformatting the drive and it'll be fixed when the computer's restarted. I'm curious as to how they pull this off. -
What most schools use and cheap
I've used the demo of this program and works like a charm.
Heres a snippet from the webpage
My Kids are always messing up my computer - How do I purchase Deep Freeze for home use and what should I know?
Purchase the Deep freeze Home Edition
You must be aware that that absolutely nothing can be saved to or deleted from a Deep Freeze enabled system. If Deep Freeze is enabled and you save any document, it will simply not be there the next time the system is re-started. There is no way to "recover" saved work, so please make sure that you disable Deep Freeze during a session when you want to makes changes.
There is also no way to recover your Deep Freeze Password, so please ensure that you do not forget or lose it.
If you have more that one partition or fixed drive you can save your data by leaving one or more of them unfrozen. During installation, Deep Freeze will automatically detect that you have more than one fixed drive or partition, and will ask you if you which ones other than C: that you want to "freeze."
Our Deep Freeze Home Edition is identical to Deep Freeze Standard and it operates just like our 60 Day Evaluation Version. Deep Freeze Professional is designed for large deployments and is not available in a home version. -
Re:Preventing Spyware?
Deep Freeze. Once it's installed on a machine, unless they use a boot disk, all changes are transitory. You could even reformat the HD, and it would look like you really did, but after you restart, all changes are gone. You can even define "safe" folders where this doesn't happen, like a shared documents folder.
It's a pain for end users, but if you are already re-imaging daily, it's the same effect without the work. -
Re:spyware kills. don't do it.
Perhaps you should consider Deep Freeze. A simple reboot, and EVERY change to the machine is wiped. Even a hard disk format. Every boot is like having a freshly installed OS. Sounds too good to be true I know, but try the demo out. It doesn't require any special hardware either.
It keeps the labs at my school spyware free and virus free. -
Re:Don't let users install software
If he plans on running Windows (which it sounded like) Deep Freeze should solve the software installing problem. Won't prevent them from installing a hardware based keyboard tap though.
-
Suggestions
Some suggestion, I work as a manager at a local university computer lab. Firs tthing is pick yourself up a copy of norton ghost. Second thing is buy licenses for Deep Freeze the best program ever as far as i'm concerend. Don't have to worry about people messing with settings and even allows them to install their own programs. I really, really, really love that program - it makes my job 10x easier.
Also, don't go with dell or gateway as your computer manufactures. Get somebody who specializes in corporate support, like Omnitech, they offer a 5 year warranty, online RMA's and no hassle returns of defective equipment as well as a parts closet. We are very happy with them -
Re:Why can't more public terminals just use Ghost?Cornell's CIT computer labs use PC-Rdist.
At Cornell's endowed libraries, we use Deep Freeze.
-
Re:easy everything solution
I know one piece of software that does they, they used to use it at my high school, it worked pretty well. It's called Deep Freeze, you could do anything you wanted to the computer, and when you rebooted the system was back just the way it was before, with all software installed during the last session gone, everything. You can find it here
-
Re:The ads probably should be legal
If you have the money, try Deepfreeze. We use it at my university, and it's very handy in terms of keeping everything clean.
-
Deep Freeze?
Have any of you tried Deep Freeze? We run at my university and it works under the same premise of Clean Slate; however, I've found it to be faster to boot up. Also, I have yet to hear of some way around it -- it really does an amazing job.
-
Re:This software...Oh yes, at our school board (Halton School Board in Ontario) we use software called Deep Freeze. Which worked great (people would download and install MSN, mIRC, Quake II, etc. and it would disappear next time the computer was turned on) until some of the computer-oriented kids used a miniscule (literally, asking a teacher that didn't know much about the system) to get the Deep Freeze password.
We then had every computer in the school getting installed with many games and chat programs every time the computer got turned on. Not only that, the password was changed so the teachers couldn't change it back.
My point is this: perfect physical security is nothing without dedication by the humans that have to use it.
-
Re:Hehehehe...
There is a software solution for Windows called DeepFreeze. It works very well. I love seeing the look on faces when they delete random
.dlls or change wallpaper only to find that they magically re-appear when the system reboots. -
The simplest Solution
I have dealt with this more times than I choose to recall. I have found that the best way to deal with this problem is to make the solution invisible to the end user. Almost all programs by default will save files to the users home directory (By default this is "c:\My Documents"). If you change each computer so that the default home directory is a shared drive on the server, you greatly reduce your overhead, and this is much easier to do than you would think.
Start by making sure that a home directory is defined for each user account (I don't have a good link for this off of the top of my head, but I can find one if you need
Modify the following script to conform to your network, and place it on your server, and a link to it in the startup folder of each computer.
Restart the computer, and check to see if the P: drive (I use P: for Personal Drive, but you can use whatever you wish) is correctly mapped.
Right click on the My Documents folder and click on properties. In the Target box, enter p:\ then click on OK
Move the contents of the existing My documents folder to the new directory on the server.
In most cases, the end user will not even know the change was made, and most the data is now in one place where it is easy to back up, and make sure does not get lost. You will have to reconfigure some software to use the new default locations, but that should not be too bad.
To make the computers even more hassle free, after you have reconfigured all of the programs to store all of its information on the server, consider installing Deep Freeze on each computer so that no changes can be made to them without approval.
Sample Startnet.bat script
REM This script file logs the WIN 9x computer onto the server from the internal network.
REM This script resides on the server in a public directory, and is run from the startup programs folder
REM Connect to root shared directory
net use g: \\server\share /y
REM Connect to other directories as needed
REM Connect to the users home directory on the server
net use p: /home /y
REM Connect to the HP 2200 B&W Laser Printer @ reception
net use lpt1 \\server\hp2200 /ySample Startnet.bat script
@ECHO OFF
REM This script file logs the WIN 2k computer onto the server from the internal network.REM This script resides on the windows 2k/xp computer in the startup programs folder. This needs to be modified for each user
REM Connect to the shared directory that has the 9x script
net use x: \\server\share /y domain\userID password
REM ** Call the Windows 9x script to finish connecting to the server **
x:\startnet.bat -
Why ghost when you can freeze?
Constantly ghosting drives when people screw up there machines is only going to be a make work project. If you've got a network drive for them to use, and you don't want them to be mucking with the machine anyways, why let them?
Deep Freeze will stop them for you. Lets the users do whatever they want to the HD, but once the machine is rebooted, back to a clean state. So anything saved that was on the local disk ain't there anymore, except what should be. As a benifit, this will render you virus free too, as it can't do anything.
This one got installed at my school last year. It certainly was a nasty shock for the people that were used to saving gobs of stuff on the hard drives and coming back to the same machines. Some most entertaining cries of dispair as they sat down at the machine they were using yesterday and went looking for their files. But they did quickly switch to using the network to save everything... -
Install deep freeze
Deep Freeze reimages the hard drive to an older state on every startup(except when disabled). It is quick, and would teach the users to always hold on to their data, knowing that it wouldn't be there after a restart. It forces backups, and also keeps your machines in a good condition.(They won't be able to install anything harmful either, since it will be erased after the next restart.)
-
Re:Real brilliant.
>If his thin client catches on fire, it takes like 5 minutes to restore it.
If a workstation sets on fire, you replace it with a backup workstation, pop in a ghost boot disk, and wait for the image to download (could be anything from 5 minutes to 10 hours depending on how crappy your network is :).
>If you need help on an application, just take your smartcard to your co-workers desk and ask him to look at it
In a company with standard software in the ghost images (which is how any company with more than a handful of computers should be managing the software on their workstations) all the computers have the same basic software. No need for smartcards.
>And from an admin point, I just finished patching 20 boxes for known security holes. Wouldn't it be great to just patch one server?
Seriously, take a look into Symantec Ghost and Zenworks. They'll save you so much time you'll hardly believe it!
One image can serve for hundreds of computers. When you patch a computer all you'll need to do is update the image once (so that new ghost installs already have the fix) and push the upgrade onto clients with Zenworks.
That's going to take you about the same amount of time as patching the server and testing it with a few clients.
If you're worried about people saving their work onto their harddrives, tell them the harddrives are cleaned automatically every login (a little popup box that says its doing this will work wonders for re-inforcement) and that anything you want to keep for more than that session must be saved to the network drive.
Software like DeepFreeze can not only stop 90% of workers screwing up their systems by installing crappy software, but it will also enforce your "don't save to the hard drive" policy. The other 10% who are smart enough to work around DeepFreeze are smart enough to listen to your "don't save to the hard drive" policy because they've seen you ghost machines, and they've seen hard drives crash.
BTW: Bob takes more care of his computer when he knows that if it breaks he doesn't have a computer until its repaired!
If your company requires Unix, a little work with NIS and NFS could do wonders (and ghost will still work, although there's always dd if you're desparate)... -
Deep Freeze
This program is really annoying for students, but can solve all you problems. It's called Deep Freeze and it restores the hard drive back to a set state whenever the computer is restarted. Go here.
-
Citrix ICA + Winterms in a highschool Environment
I personally unboxed and setup two entire labs worth of winterm machines (60 of them, all told.) The sixty machines, plus monitors, ran my employer back $30,000, though this is likely after educational/government discounts and stuff.
The software on the server side (Citrix Metaframe XP) actually seems to be working quite well. Thoughts that I had about this thin client scenario:
1) These labs are ideally suited to general use by the public, i.e. web browsing and word processing in a library or drop-in type environment. They're absolutely awful for anything else, such as photoshop, programming, video editing, etc.
2) There's no floppies on these things. Hopefully every student/user has a personal account with the server. This solution works well if you've got some means for your users to access their files from home. We've got a student-directed email server that works really well for this.
3) The IT ramifications are huge. These computers do not break. There are no moving parts; inside the winterms themselves there's just a heat sinked celeron 300. We've got them velcroed and tied down pretty tight. I suppose you could spill mountain dew in the ventillation holes, but you'd have to be pretty malicious about that. We've got no food/drink policies in labs anyway. But, with computers that don't break, what do we do? The only thing you could do to keep your job if you switched over entirely to thin clients would be to learn how to administrate the servers.
4) The cost of the hardware has got to be nothing compared to the cost of the software. I think we've got 4 gigs of ram and 4 procs split between two load-balanced NT boxes behind these 60 machines. I stress tested them with self-refeshing internet explorer pages while running several office apps. The servers performed pretty well. Big caveat: network infrastructure. Make sure your beaureaucrats allow you to keep the server on the LAN as opposed to the WAN or else you'll probably run into bandwidth problems, especially if you're not switched.
Bottom line: Thin clients are way cool for libraries and stuff, but they're not revolutionary by any means. (Heh! I love saying that! The cycles of history never cease to boggle my mind.) Don't give up your desktops just yet, though; these things are usually pretty lightweight. If you're looking to secure a couple of publically abused windows boxes, you should look into software solutions before hardware solutions. I suggest deepfreeze, a package that pretty much re-images the computer every time you reboot it (! This practically defeats the purpose of group policies!) DeepFreezeUSA.com
A final thought: you know how people are always saying, "Bah! You don't need 1ghz cpus to word process!" Well, newfangled thin clients are the ultimate manifestation of that sentiment. -
What about deep freeze?
At my school we have Deep Freeze. It basicly takes the whole hd image*(at time of install) and puts it in a oversized mrb. It seems a little bit better than cutting off registry access, because users can install things temporarily without the risk of messing up anything on the computer. You can also temporarily disable it if you need to update the image. (It takes a few mins though, as you need to log in as admin, then disable it with another password, then restart the computer, make any necessary changes, then restart again.)
*Note: It might not a real image, and if its not its something similar though, as the website claims it Moves beyond the image and restore process; Does Not Image. I don't know exactly what it is though -
Deep Freeze
http://www.deepfreezeusa.com
Deep Freeze is a very interesting application for locking a system down. You can modify the system to your hearts content but rebooting results in the original system and data being there. It fakes any system write and instead keeps a copy of changed things in memory. You can have certain drives unfrozen so people can save their work though. Although it is aimed at educational places, it can be used in a business environment.