?
Solved

Terminal Servers and DeepFreeze

Posted on 2011-02-21
8
Medium Priority
?
888 Views
Last Modified: 2012-05-11
Any reason/s or cautions why we should not DeepFreeze our 2008 and earlier Terminal Servers?  The plan would be that the Terminal Servers would stay frozen unless we needed to add software and then we would unfreeze and refreeze.  
0
Comment
Question by:lineonecorp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 11

Accepted Solution

by:
yelbaglf earned 1200 total points
ID: 34948160
I've used DeepFreeze in school environments and warehouse shipping environments, but never have I used it on a Terminal Server or RDSH.  That being said, I understand it's use, but I'm not sure I see the value in having this on an RDSH.

What goal are you trying to achieve here?  Simply recovering from corrupt files or viruses, etc.?

Also, have a look at these 2 posts.  I have never had this issue in a domain environment, but it's a valid concern to make you aware of.
http://www.experts-exchange.com/Hardware/Servers/Q_23741503.html
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Remote_Desktop-Terminal_Services/Q_23540983.html

I realize your question didn't involve clients using DeepFreeze, but just so you know.
http://support.microsoft.com/kb/276212

Also, with good group policy consisting of folder redirection, you can keep your RDSH's cleaned up.  Obviously this doesn't address virues, etc., but that's what backups and images are for. :-)

With all that being said, if you feel unfreezing and freezing for updates, installations, etc. is not a hassle and nothing will regularly change on those servers, unless manually changed, then I don't see any obstacles too large to overcome when using DeepFreeze.
0
 

Author Comment

by:lineonecorp
ID: 34948688
Thanks for the info.
There are several reasons why I am thinking of this. As you mention being able to completely go back to a spotless Terminal Server after virus, etc. Also there may be all kinds of clutter that accumulates.

I am concerned about  time/credential issues?  For instance I go six months before I unfreeze and refreeze?  Also DeepFreeze does allow for the freezing of some drives/folders and not others with as you can choose a drive to freeze with standard DeepFreeze and their Igloo product lets you do more granular freezing.  I could easily redirect stuff I might want to keep onto the unfrozen partition.
0
 
LVL 11

Assisted Solution

by:yelbaglf
yelbaglf earned 1200 total points
ID: 34952273
Exactly, we used Igloo for cached Outlook profiles.  Without it, it is a nightmare having these recreated every single time a user opens Outlook. :-)


OK...good news taken from the DeepFreeze Enterprise deployment guide.

Manage Secure Channel Password — Secure Channel Password is a feature of all Windows
operating systems and only applicable if the system is running in Windows Server Domain
Environment. Secure Channel Password is used for secure communication between the server
and workstations. The Secure Channel Password is automatically changed based on the
operating system settings. While using Deep Freeze, the newly changed Secure Channel
Password is lost on reboot. The Manage Secure Channel Password option avoids this
situation. The Manage Secure Channel Password feature of Deep Freeze changes the value of
the Group Policy Maximum machine account password age based on the Deep Freeze state
(Frozen or Thawed).
— Select the Manage Secure Channel Password option if you want Deep Freeze to manage
Secure Channel Password.
When the workstation is Frozen: The workstation will not change the Secure Channel
Password. This ensures that the secure communication between the server and the
workstation is always maintained.
When the workstation is Thawed: The workstation will change the Secure Channel
Password and sync the password with the server.
— Do not select the Manage Secure Channel Password option if you do not want Deep Freeze
to manage the Secure Channel Password.
When the workstation is Frozen: When the Secure Channel Password is changed and
synced with the server, it resets to the old password on reboot.
When the workstation is Thawed: If the workstation is Thawed on the day the Secure
Channel Password is changed, the new password takes affect and the workstation is synced
with the server.
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 11

Assisted Solution

by:yelbaglf
yelbaglf earned 1200 total points
ID: 34952279
0
 

Author Comment

by:lineonecorp
ID: 34958444
Thanks a lot.  You've laid the options out for me very clearly.  So are you going to use it on your Terminal Servers now?
0
 
LVL 11

Assisted Solution

by:yelbaglf
yelbaglf earned 1200 total points
ID: 34961484
Honestly, I would, but we don't really have the need.  Our clusters are running on ESXi 4.1.  So we have backups, templates, OVF files, etc. to restore from if needed.  Also, we're using group policy to keep profile caches cleaned up on the servers.

I definitely think it makes sense, especially if the value is there for you, and it sounds like it is.
0
 

Author Comment

by:lineonecorp
ID: 34973063
I'll be the pioneer then. Thanks.
0
 
LVL 11

Expert Comment

by:yelbaglf
ID: 34975247
You're most welcome!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses
Course of the Month8 days, 12 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question