Solved

Terminal Servers and DeepFreeze

Posted on 2011-02-21
8
867 Views
Last Modified: 2012-05-11
Any reason/s or cautions why we should not DeepFreeze our 2008 and earlier Terminal Servers?  The plan would be that the Terminal Servers would stay frozen unless we needed to add software and then we would unfreeze and refreeze.  
0
Comment
Question by:lineonecorp
  • 5
  • 3
8 Comments
 
LVL 11

Accepted Solution

by:
yelbaglf earned 300 total points
ID: 34948160
I've used DeepFreeze in school environments and warehouse shipping environments, but never have I used it on a Terminal Server or RDSH.  That being said, I understand it's use, but I'm not sure I see the value in having this on an RDSH.

What goal are you trying to achieve here?  Simply recovering from corrupt files or viruses, etc.?

Also, have a look at these 2 posts.  I have never had this issue in a domain environment, but it's a valid concern to make you aware of.
http://www.experts-exchange.com/Hardware/Servers/Q_23741503.html
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Remote_Desktop-Terminal_Services/Q_23540983.html

I realize your question didn't involve clients using DeepFreeze, but just so you know.
http://support.microsoft.com/kb/276212

Also, with good group policy consisting of folder redirection, you can keep your RDSH's cleaned up.  Obviously this doesn't address virues, etc., but that's what backups and images are for. :-)

With all that being said, if you feel unfreezing and freezing for updates, installations, etc. is not a hassle and nothing will regularly change on those servers, unless manually changed, then I don't see any obstacles too large to overcome when using DeepFreeze.
0
 

Author Comment

by:lineonecorp
ID: 34948688
Thanks for the info.
There are several reasons why I am thinking of this. As you mention being able to completely go back to a spotless Terminal Server after virus, etc. Also there may be all kinds of clutter that accumulates.

I am concerned about  time/credential issues?  For instance I go six months before I unfreeze and refreeze?  Also DeepFreeze does allow for the freezing of some drives/folders and not others with as you can choose a drive to freeze with standard DeepFreeze and their Igloo product lets you do more granular freezing.  I could easily redirect stuff I might want to keep onto the unfrozen partition.
0
 
LVL 11

Assisted Solution

by:yelbaglf
yelbaglf earned 300 total points
ID: 34952273
Exactly, we used Igloo for cached Outlook profiles.  Without it, it is a nightmare having these recreated every single time a user opens Outlook. :-)


OK...good news taken from the DeepFreeze Enterprise deployment guide.

Manage Secure Channel Password — Secure Channel Password is a feature of all Windows
operating systems and only applicable if the system is running in Windows Server Domain
Environment. Secure Channel Password is used for secure communication between the server
and workstations. The Secure Channel Password is automatically changed based on the
operating system settings. While using Deep Freeze, the newly changed Secure Channel
Password is lost on reboot. The Manage Secure Channel Password option avoids this
situation. The Manage Secure Channel Password feature of Deep Freeze changes the value of
the Group Policy Maximum machine account password age based on the Deep Freeze state
(Frozen or Thawed).
— Select the Manage Secure Channel Password option if you want Deep Freeze to manage
Secure Channel Password.
When the workstation is Frozen: The workstation will not change the Secure Channel
Password. This ensures that the secure communication between the server and the
workstation is always maintained.
When the workstation is Thawed: The workstation will change the Secure Channel
Password and sync the password with the server.
— Do not select the Manage Secure Channel Password option if you do not want Deep Freeze
to manage the Secure Channel Password.
When the workstation is Frozen: When the Secure Channel Password is changed and
synced with the server, it resets to the old password on reboot.
When the workstation is Thawed: If the workstation is Thawed on the day the Secure
Channel Password is changed, the new password takes affect and the workstation is synced
with the server.
0
 
LVL 11

Assisted Solution

by:yelbaglf
yelbaglf earned 300 total points
ID: 34952279
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:lineonecorp
ID: 34958444
Thanks a lot.  You've laid the options out for me very clearly.  So are you going to use it on your Terminal Servers now?
0
 
LVL 11

Assisted Solution

by:yelbaglf
yelbaglf earned 300 total points
ID: 34961484
Honestly, I would, but we don't really have the need.  Our clusters are running on ESXi 4.1.  So we have backups, templates, OVF files, etc. to restore from if needed.  Also, we're using group policy to keep profile caches cleaned up on the servers.

I definitely think it makes sense, especially if the value is there for you, and it sounds like it is.
0
 

Author Comment

by:lineonecorp
ID: 34973063
I'll be the pioneer then. Thanks.
0
 
LVL 11

Expert Comment

by:yelbaglf
ID: 34975247
You're most welcome!
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
CA moved to another server - now errors 19 71
Published Certificates in AD 2 12
FlexNet and ususweb.dll 3 13
lync 2013 7 31
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now