• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 909
  • Last Modified:

Terminal Servers and DeepFreeze

Any reason/s or cautions why we should not DeepFreeze our 2008 and earlier Terminal Servers?  The plan would be that the Terminal Servers would stay frozen unless we needed to add software and then we would unfreeze and refreeze.  
  • 5
  • 3
4 Solutions
I've used DeepFreeze in school environments and warehouse shipping environments, but never have I used it on a Terminal Server or RDSH.  That being said, I understand it's use, but I'm not sure I see the value in having this on an RDSH.

What goal are you trying to achieve here?  Simply recovering from corrupt files or viruses, etc.?

Also, have a look at these 2 posts.  I have never had this issue in a domain environment, but it's a valid concern to make you aware of.

I realize your question didn't involve clients using DeepFreeze, but just so you know.

Also, with good group policy consisting of folder redirection, you can keep your RDSH's cleaned up.  Obviously this doesn't address virues, etc., but that's what backups and images are for. :-)

With all that being said, if you feel unfreezing and freezing for updates, installations, etc. is not a hassle and nothing will regularly change on those servers, unless manually changed, then I don't see any obstacles too large to overcome when using DeepFreeze.
lineonecorpAuthor Commented:
Thanks for the info.
There are several reasons why I am thinking of this. As you mention being able to completely go back to a spotless Terminal Server after virus, etc. Also there may be all kinds of clutter that accumulates.

I am concerned about  time/credential issues?  For instance I go six months before I unfreeze and refreeze?  Also DeepFreeze does allow for the freezing of some drives/folders and not others with as you can choose a drive to freeze with standard DeepFreeze and their Igloo product lets you do more granular freezing.  I could easily redirect stuff I might want to keep onto the unfrozen partition.
Exactly, we used Igloo for cached Outlook profiles.  Without it, it is a nightmare having these recreated every single time a user opens Outlook. :-)

OK...good news taken from the DeepFreeze Enterprise deployment guide.

Manage Secure Channel Password — Secure Channel Password is a feature of all Windows
operating systems and only applicable if the system is running in Windows Server Domain
Environment. Secure Channel Password is used for secure communication between the server
and workstations. The Secure Channel Password is automatically changed based on the
operating system settings. While using Deep Freeze, the newly changed Secure Channel
Password is lost on reboot. The Manage Secure Channel Password option avoids this
situation. The Manage Secure Channel Password feature of Deep Freeze changes the value of
the Group Policy Maximum machine account password age based on the Deep Freeze state
(Frozen or Thawed).
— Select the Manage Secure Channel Password option if you want Deep Freeze to manage
Secure Channel Password.
When the workstation is Frozen: The workstation will not change the Secure Channel
Password. This ensures that the secure communication between the server and the
workstation is always maintained.
When the workstation is Thawed: The workstation will change the Secure Channel
Password and sync the password with the server.
— Do not select the Manage Secure Channel Password option if you do not want Deep Freeze
to manage the Secure Channel Password.
When the workstation is Frozen: When the Secure Channel Password is changed and
synced with the server, it resets to the old password on reboot.
When the workstation is Thawed: If the workstation is Thawed on the day the Secure
Channel Password is changed, the new password takes affect and the workstation is synced
with the server.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

lineonecorpAuthor Commented:
Thanks a lot.  You've laid the options out for me very clearly.  So are you going to use it on your Terminal Servers now?
Honestly, I would, but we don't really have the need.  Our clusters are running on ESXi 4.1.  So we have backups, templates, OVF files, etc. to restore from if needed.  Also, we're using group policy to keep profile caches cleaned up on the servers.

I definitely think it makes sense, especially if the value is there for you, and it sounds like it is.
lineonecorpAuthor Commented:
I'll be the pioneer then. Thanks.
You're most welcome!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now