Table of Contents
Advertisement
Introduction
A major concern for all systems administrators is maintaining the security of their computers. With
new exploits and vulnerabilities being found all the time, a proper patch management strategy is critical
to ensure the health and security of computer deployment.
Deep Freeze allows systems administrators to ensure the integrity of their computers against exploits
— even ones that have yet to be discovered. However, it introduces some challenges within the process
of applying patches because Deep Freeze does not discriminate — it removes both the good and the
bad changes and returns the computer to its original, pristine state on every restart.
There are several methods for integrating Deep Freeze with patch management. When properly done,
users can enjoy the bulletproof reliability of a Deep Freeze protected system and system administrators
can have the peace of mind that comes from knowing their systems are fully up to date.
This white paper discusses the different methods available to update software in a Deep Freeze
environment.
Scheduled Patch Maintenance
Scheduled patch maintenance allows the administrator to specify a period of time when the client
computers restart with Deep Freeze in a Thawed state. During this Maintenance Period, software
updates, Windows Updates, and antivirus definition updates can be scheduled. Scripts can be run and
batch files can be executed.
Scheduled patch maintenance is an appropriate strategy for computer labs. During certain times on
certain days of the week, labs are not in use. A Maintenance Period can be scheduled to run updates
during these times.
Maintenance Periods are configured using the Deep Freeze Configuration Administrator. The
Configuration Administrator is used to configure workstation installation files as well as configuration
files. Configuration files can be used to apply the changes to deployed computers through the Deep
Freeze Enterprise Console.
Depending on the policies in place, certain updates may need to be run. Windows and antivirus
updates tend to be the most frequent. The following information explains some of the update scenarios
encountered and the different methods available to handle these updates.
Scheduling Windows Updates
There are several different methods available to run a Windows update in a Frozen environment. Deep
Freeze can be set up to start a Windows update during a Maintenance Period. Deep Freeze can also
be set up to execute a batch file during the Maintenance Period. A batch file could be used to start the
Windows update process. Finally, another program could be used to start Windows updates during the
Deep Freeze Maintenance Period.
ENTERPRISE
3
Advertisement
Table of Contents
