Freezing system State

[PC_LOAD_LETTER]

here's an interesting one, but it is a linux bootcd that runs a program designed specifically to backup c-drives on XP machines.

CDriveBack -- sourceforge project -- http://www.lccdigital.com/content/view/65/62/

PING sounds interesting -- will it "kiosk" an XP machine?

I'm using 98se happily now in a 733P3, but would like to move to new hardware. I am reluctant to move to XP until there was a way by which I can sector-by-sector restore my C-drive on every shutdown (from MBR to ORIGINAL swap file to the last slackspace). In my dream, a normal shutdown would (1) shutdown XP and reboot to a new os, then (2) run a restore image program on a minimal c-drive (c-drive has os and programs only), then (3) restore default boot to XP for next startup and then (4) turn off. An optional shutdown would make an new reference image, built after adding new software while not connected, with full awareness and knowledge of the machine's owner. Every startup would be absolutely identical, no matter how many personalities (unauthorized by me) have been fudging with my bits 'n ... while connected. I don't care about any of Bill Gate's illusory conveniences. Any data to be retained would be on other drives (which is not hard to do). If I can reboot the same everytime, thenI don't care what "other powers" want to do to my HDD while connected -- they can have at to their heart's delight. But when I go to sleep at night, I want to know that come morning, my machine starts off right.

Has anyone done this? Deep Freeze looks interesting, but it's my suspicion that they have back doors too, and if they were discovered, no one would ever know, nor would it be in their interest to announce it.

I manage around 200 machines on deepfreeze and I can tell you its not hack proof but its as close as you're going to get.

you can set the machines to auto login to a user/power user account thats locked down with GP, disable to secondary logon service (to prevent runas from being used) then set deepfrreze to 'reboot on logout' and there is NO way for a local user to access your admin account. As for users messing with files, I have personally taken a XP SP2 machine, frozen it, logged on as administrator, escalated to SYSTEM level privledges, made a quick and dirty .bat file to zap every file in the c:\windows folder, ran it, watched it run untill the PC BSODed and autorebooted and watched reboot into a fresh working version of XP with all files and settings intact. If it can live through that, i think it can take anything our students can dish out.

//P.S. Mods sorry for veering off topic. if this gets too out of hand, feel free to split this off into another topic.

[MrCobra]

Deep Freeze looks interesting, but it's my suspicion that they have back doors too, and if they were discovered, no one would ever know, nor would it be in their interest to announce it.

Deep Freeze is not as secure as Faronics claims. There are "unfreeze" programs that can bypass the lockdown.

[PC_LOAD_LETTER]

Deep Freeze looks interesting, but it's my suspicion that they have back doors too, and if they were discovered, no one would ever know, nor would it be in their interest to announce it.

Deep Freeze is not as secure as Faronics claims. There are "unfreeze" programs that can bypass the lockdown.

Yeah your referring to

http://usuarios.arnet.com.ar/fliamarconato/pages/emain.html

which stopped working well over a year ago (I've used it to unfreeze some machines that were frozen prior to my employment with an unknown password)

Current version of deepfreeze is 6.30.220.1871

all of our classroom PCs run through a proxy and i can see the sites the students visit and occasionally one of them will find that site and i have a little laugh about it (i could block it but its more fun to let them try and fail)

I haven't verified it personally but supposedly in 6.xx if DF detects tampering of this sort the password prompt is disabled until reboot (and the tampering would be undone by said reboot)

Im not saying its unhackable -just saying no one has hacked it and published results in over a year.

[Idontwantspam]

Any word on how well Microsoft's Steady State works? It's free, and Deep Freeze is definitely not. Also, how does D.F. hold up to a boot disk (BartPE, etc.) being used to delete the restore partition, or something of that manner? Of course, you could just disable booting from a CD from the BIOS, but if one weren't to do that...

[puntoMX]

Any word on how well Microsoft's Steady State works? It's free, and Deep Freeze is definitely not.

I tried to install Microsoft's Steady State, but it didn’t work on my UA install, so I would be surprised if it did on PE... I still have to fin out what it “needs” to run…

[Idontwantspam]

Don't think it's meant for unattended...

[DigeratiPrime]

Ive been meaning to try SteadyState myself. BTW these programs don't protect you from security vulnerabilities, they just quickly refresh your computer to a given state. They do not stop people from installing malicious software, abusing a network, using a boot cd or usb drive, etc.

[PC_LOAD_LETTER]

actually steadystate does (in a kinda group policies for dummies sorta way), I was playing with it today on a machine i took out of service and was gonna image and I locked down an administrator user using the maximum setting and literally the only thing i could do was click start, highlight Programs, Accessories, Accessibility or Logoff. that was it.

Ctrl+Shift+Esc, Ctrl+Alt+Del, WIN+D, WIN+R, No CD/USB Autorun, No changing the start menu or clock, no changing the desktop(which had nothing on it), and no launching browser. (even had a white/blacklist of .exes to use)

Once I enabled IE by logging out and using Ctrl+Alt+Del 2x to show the classic login (SteadyState hid all admins on the welcome -nice touch), IE was in SUPER lockdown mode.

No Toolbar Buttons, No Favorites, No Options, No Help, No View Fullscreen, No View Source, No Open or Save as, No Page Right-Clicking, No VBS, Javascript, or Flash(ActiveX).

It made me smile and do my "Evil IT Guy" laugh I would never deploy a machine in this state for anything other than a kiosk but its always nice to know the option was there. The best part was after logging in as admin, NONE of the GPs applied to the locked down user affected the admin account (which isnt impossible to do manually i know but pretty sweet when it works without tinkering)

But this is because all the apps present on the system obey the rules of the OS(mostly) if this machine got hit with a virus, rootkit, or malware (however unlikely with the OS so restricted) then the infection would likely stay resident on the PC untill caught by an good AV program or the system was rebooted and of course it could possibly through a reboot with steadystate -i have no test data for that scenario in steadystate (YET) as for persistence with Deepfreeze, I've had machines with some pretty nasty rootkits installed that got wiped out on a simple reboot.

I'll prolly piece together a little review/comparison of deepfreeze vs steadystate once I have a better idea of steadystates features.

[Idontwantspam]

On the steadystate site it says it's only available for XP Home and Pro. Is there any way to make it work on Media Center Edition or not?

[DigeratiPrime]

On the steadystate site it says it's only available for XP Home and Pro. Is there any way to make it work on Media Center Edition or not?

Did you try installing it on MCE, did you get an error? If you did you could probably edit the installer or registry so it would install. Otherwise there are ways to install MCE on XP Pro.

[PC_LOAD_LETTER]

my guess is it would work on MCE but i haven't tried it. MCE is just XP SP2 with a few extra apps