Putting User Changes on Ice


Any system administrator is sure to tell you that one of the more frustrating aspects of the job is trying to track down and troubleshoot configuration changes made to a client system by an end user—and understandably so.

While most users like to dabble with desktop themes and backgrounds some take it a bit further by making changes to hardware, network or printer settings. All too often, the result is a call to the system administrator. For those who maintain these systems, trying to track down and correct end-user changes can be a time-consuming task multiplied by the number of system on the network.

Over time, many approaches and solutions to this problem have been developed. Some organizations developed polices aimed at preventing user changes. Tools like Mandatory Profiles are often implemented, and many third-party utilities are readily available that limit access to configurable areas on client systems. The approaches vary in both their level of control and their success when it comes to preventing user changes.

As any administrator will tell you, these solutions often come up short, as users are often very persistent when it comes to changing system settings. Unlike the old saying, which contends that prevention is better than cure, in this case at least, perhaps the solution lies not in the prevention but in a cold cure.

For many intranets, one possible cure is a product from Hyper Technologies appropriately named Deep Freeze. The Deep Freeze utility, as the name suggests, literally freezes the configuration of a PC. Once installed, any changes to the PC — that means files added, files deleted, configuration changes etc. — are restored to their original state on rebooting. Files that were added are removed, files that were deleted are replaced, and configuration changes are undone so that the PC configuration remains the same as when the system was frozen.

So just how good is the freezing process? It's quite impressive. With the product installed, all attempts to cause a problem with a frozen system created nothing more than temporary problems. A press of the reset button brings everything back as it was before. Even an attempt at formatting a frozen drive, which appeared to be successful, was corrected by the reboot. In fact, the folks at Hyper Technologies are so confident in their product that at tradeshows they offer $500 to anyone who can crash a frozen system. It would appear that the only thing more difficult than corrupting a frozen system is removing the smile from the system administrator's face.

There are currently two versions of Deep Freeze available, Deep Freeze Standard and Deep Freeze Professional. Deep Freeze standard is designed for freezing a single PC or a small number of PC's. Once the Standard version is installed, the freezing status of the system is configured on a system-by-system basis. Deep Freeze Standard was the original offering from Hyper Technologies, and while it is useful in many environments, it has one significant drawback: if you want to save anything to the hard disk you need to have a second hard drive installed or physically partition the primary hard drive. This allows you to 'freeze' the C: drive, while the D: drive is unfrozen and documents and other files can be saved to it. These workaround solutions are often too cumbersome and impractical for many environments.

Deep Freeze Professional does not suffer this deficit, which makes it far better suited for use on corporate intranets than the Standard edition. Deep Freeze Professional allows you to create a "thawspace" in which data can be saved and will not be lost on reboot. This thawspace is recognized as a separate partition by the system and given its own drive letter designation. Once installed, a common strategy is to simply redirect the Windows My Documents folder to the thawspace, making the transition to saving to the thawspace invisible to the end user. As with the Standard version, everything saved outside of this thawspace will disappear upon reboot.

Deep Freeze Professional requires that you create installation disk sets with preset configurations that can be installed on groups of systems. These configurations include the size of thawspace to use (up to 2047 MB); whether to schedule an automatic reboot to refresh configuration; and idle time restart. The Professional version also includes some useful features oriented to centralized administration environments such as scheduled shutdowns and restarts; 'thawed' maintenance periods; and remote freeze and thaw from the command line.

Once Deep Freeze is installed, the only sign the program is present is a small icon in the system tray. When the system is in a frozen state, the icon shows a PC inside an ice cube. When unfrozen, a red cross flashed over the icon to make sure that you are aware of the state of the freeze. When making the installation disks, it is possible to run the program in stealth mode that simply means that the Deep Freeze icon does not appear in the Windows Taskbar.

Save for perhaps a modest delay in booting, which is presumably created by the program checking and repairing where necessary, there are no noticeable performance impacts when Deep Freeze is installed

One of the biggest issues that face the widespread deployment of Deep Freeze are those applications that require writing files to drives which are frozen. A good example might be an e-mail client that does not allow you to redirect the folders that hold message files to another (thawed) location. The result would be that each time the user reboots their system, all of their retrieved e-mail messages would be lost. Other situations that can cause problems include updating virus definition files, and programs that like to make changes or store files on the hard drive although some of these problems can be taken care of by configuring scheduled maintenance periods.

Perhaps less a consideration, at least from the system administrator's point of view, is that basic user tasks like changing the color scheme; deleting or adding items on the desktop; and even changing the time are blocked. You may be happy with this level of control, and users may not be in a position to expect to make such changes, but likewise it may be hard to explain to a user that they cannot download and install the Simpsons desktop theme.

In most cases, the deployment of Deep Freeze on a network will mean that the system administrator will visit client systems for hardware related problems only. However, in many corporate environments, the level of control that products like Deep Freeze bring may be just a little too strong. In other environments such as schools and colleges, Deep Freeze can dramatically reduce or eliminate the amount of time spent troubleshooting and correcting problems with systems. How cool is that? Read Full Article


Post a Comment