Educause Security Discussion mailing list archives
Re: Deepfreeze - Why not?
From: Chuck Keeler <keeler_c () MITCHELL EDU>
Date: Thu, 17 Nov 2011 16:29:40 -0500
Not sure why you wouldn't as long as you stick with Windows machines. We have had some odd things happen on Mac's but with the new release we plan to get back to them and get them frozen as well (who knows what Lion will bring us). As far as automating the updates, this has been addressed. We can schedule a thaw in the middle of the night, apply the patches and then schedule them to freeze again before students arrive the next day. In a pinch we can thaw an entire lab, push a package for installation, and freeze the machine again in a very short period of time. And thawing a single machine is as easy as launching the Deep Freeze control panel on the machine, logging in and rebooting thawed. We also schedule a reboot of all frozen machines at 2AM to clear the machine and set it back to original image. Its not perfect in any respect but it has saved us allot of work in viruses and re-imaging machines. As far as forensics - If we know we need to look for something and the machine wasn't rebooted we can pull whatever we need but if its been rebooted the log files etc are gone. This hasn't caused us much of an issue since we installed it. Planning: You have to build your image and test all kinds of situations with it before you make it production and freeze the machine since you could freeze a problem inside the system without knowing. We have been using it for about 6 years now. ___________________________________ Charles Keeler Mitchell College Office of Information Technology Chief Technology Officer (860) 701-5254 On 11/17/11 4:12 PM, "Sam Stelfox" <SStelfox () VTC VSC EDU> wrote:
When I went down this course the most prominent answer was patches. Yes there is a way to boot into an override mode which will allow you to permanently install patches but there isn't any way to automate that. It means you have to go to each individual machine reboot it into the unprotected mode, run all of the patches (if a service pack comes out this can easily take an hour on a machine that isn't brandy new), then reboot and make sure DeepFreeze is still working. Now personally I haven't looked at it in a few years so it's possible they put out some sort of management tool to handle this. It doesn't really buy you much security in my opinion though if you don't give your users administrative privileges over the machines, blow away their user profiles, have an up to date anti-virus/spyware/malware program on there, and re-image your labs on a semester to semester (or even a year to year basis). On 11/17/2011 04:05 PM, Sarazen, Daniel wrote:Hi All, We have some folks who¹d like to see Deepfreeze installed on all lab PCs, but the IT department is balking. What do people think is the best reason to not install deepfreeze? Is there one? Thanks, Dan-- Regards, Sam Stelfox Network Administrator Vermont Technical College
IMPORTANT WARNING: The information in this message (and the documents attached to it, if any) is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken, or omitted to be taken, in reliance on it is prohibited and may be unlawful. If you have received this message in error, please delete all electronic copies of this message (and the documents attached to it, if any), destroy any hard copies you may have created and notify me immediately by replying to this email. Thank you.
Current thread:
- Deepfreeze - Why not? Sarazen, Daniel (Nov 17)
- Re: Deepfreeze - Why not? Crary, Gregory (Nov 17)
- Re: Deepfreeze - Why not? Mclaughlin, Kevin (mclaugkl) (Nov 17)
- Re: Deepfreeze - Why not? Allen Wood (Nov 17)
- Re: Deepfreeze - Why not? Sam Stelfox (Nov 17)
- Re: Deepfreeze - Why not? Chuck Keeler (Nov 17)
- Re: Deepfreeze - Why not? Mark Monroe (Nov 17)
- Re: Deepfreeze - Why not? Heath Barnhart (Nov 17)
- Re: Deepfreeze - Why not? Gibson, Nathan J. (HSC) (Nov 17)
- Re: Deepfreeze - Why not? Rob Whalen (Nov 17)
- Re: Deepfreeze - Why not? Mclaughlin, Kevin (mclaugkl) (Nov 17)
- Re: Deepfreeze - Why not? Michael Sana (Nov 17)
- Re: Deepfreeze - Why not? Schoenefeld, Keith P. (Nov 17)
- Re: Deepfreeze - Why not? Ryan Hiebert (Nov 17)
- Re: Deepfreeze - Why not? Dave Koontz (Nov 17)
- Re: Deepfreeze - Why not? Mclaughlin, Kevin (mclaugkl) (Nov 17)
- Re: Deepfreeze - Why not? Crary, Gregory (Nov 17)
- <Possible follow-ups>
- Re: Deepfreeze - Why not? SCHALIP, MICHAEL (Nov 17)