Terminal Servers and DeepFreeze

Posted on 2011-02-21
Last Modified: 2012-05-11
Any reason/s or cautions why we should not DeepFreeze our 2008 and earlier Terminal Servers?  The plan would be that the Terminal Servers would stay frozen unless we needed to add software and then we would unfreeze and refreeze.  
Question by:lineonecorp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 11

Accepted Solution

yelbaglf earned 300 total points
ID: 34948160
I've used DeepFreeze in school environments and warehouse shipping environments, but never have I used it on a Terminal Server or RDSH.  That being said, I understand it's use, but I'm not sure I see the value in having this on an RDSH.

What goal are you trying to achieve here?  Simply recovering from corrupt files or viruses, etc.?

Also, have a look at these 2 posts.  I have never had this issue in a domain environment, but it's a valid concern to make you aware of.

I realize your question didn't involve clients using DeepFreeze, but just so you know.

Also, with good group policy consisting of folder redirection, you can keep your RDSH's cleaned up.  Obviously this doesn't address virues, etc., but that's what backups and images are for. :-)

With all that being said, if you feel unfreezing and freezing for updates, installations, etc. is not a hassle and nothing will regularly change on those servers, unless manually changed, then I don't see any obstacles too large to overcome when using DeepFreeze.

Author Comment

ID: 34948688
Thanks for the info.
There are several reasons why I am thinking of this. As you mention being able to completely go back to a spotless Terminal Server after virus, etc. Also there may be all kinds of clutter that accumulates.

I am concerned about  time/credential issues?  For instance I go six months before I unfreeze and refreeze?  Also DeepFreeze does allow for the freezing of some drives/folders and not others with as you can choose a drive to freeze with standard DeepFreeze and their Igloo product lets you do more granular freezing.  I could easily redirect stuff I might want to keep onto the unfrozen partition.
LVL 11

Assisted Solution

yelbaglf earned 300 total points
ID: 34952273
Exactly, we used Igloo for cached Outlook profiles.  Without it, it is a nightmare having these recreated every single time a user opens Outlook. :-)

OK...good news taken from the DeepFreeze Enterprise deployment guide.

Manage Secure Channel Password — Secure Channel Password is a feature of all Windows
operating systems and only applicable if the system is running in Windows Server Domain
Environment. Secure Channel Password is used for secure communication between the server
and workstations. The Secure Channel Password is automatically changed based on the
operating system settings. While using Deep Freeze, the newly changed Secure Channel
Password is lost on reboot. The Manage Secure Channel Password option avoids this
situation. The Manage Secure Channel Password feature of Deep Freeze changes the value of
the Group Policy Maximum machine account password age based on the Deep Freeze state
(Frozen or Thawed).
— Select the Manage Secure Channel Password option if you want Deep Freeze to manage
Secure Channel Password.
When the workstation is Frozen: The workstation will not change the Secure Channel
Password. This ensures that the secure communication between the server and the
workstation is always maintained.
When the workstation is Thawed: The workstation will change the Secure Channel
Password and sync the password with the server.
— Do not select the Manage Secure Channel Password option if you do not want Deep Freeze
to manage the Secure Channel Password.
When the workstation is Frozen: When the Secure Channel Password is changed and
synced with the server, it resets to the old password on reboot.
When the workstation is Thawed: If the workstation is Thawed on the day the Secure
Channel Password is changed, the new password takes affect and the workstation is synced
with the server.
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

LVL 11

Assisted Solution

yelbaglf earned 300 total points
ID: 34952279

Author Comment

ID: 34958444
Thanks a lot.  You've laid the options out for me very clearly.  So are you going to use it on your Terminal Servers now?
LVL 11

Assisted Solution

yelbaglf earned 300 total points
ID: 34961484
Honestly, I would, but we don't really have the need.  Our clusters are running on ESXi 4.1.  So we have backups, templates, OVF files, etc. to restore from if needed.  Also, we're using group policy to keep profile caches cleaned up on the servers.

I definitely think it makes sense, especially if the value is there for you, and it sounds like it is.

Author Comment

ID: 34973063
I'll be the pioneer then. Thanks.
LVL 11

Expert Comment

ID: 34975247
You're most welcome!

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question