Tuesday, May 26, 2009

Command the burn of Deep Freeze

A few months ago I was working for on a clients network who had a third party come in and setup their network. Unfortunately, many of the PCs were setup with deep freeze. Now for those of you that don't know, deep freeze is this amazing program that allows administrators to lock the hard drive so that users can install software,
download files, etc and then as soon as you reboot the system is back to defaults.
(image Source: http://blog.eches.net/wp-content/uploads/2007/10/deep-freeze-panel.gif)

When you want to change the settings you have to use a keyboard shortcut, Ctl+Alt+Shift+F6 in order to get to a login screen. Then once you type the password, you can "Thaw" the system. Each Thaw/ Freezed session is determined on how the system was told to boot. The screen gives options to Thaw it once and then once you have rebooted, re-Thaw system on reboot -- without logging back into the Deep freeze control panel.

You can figure out if a system is running deep freeze by looking for the following icon in the systray:

(polar bear, symbal of deep freeze)

However, this didn't work so well for me as I was wanting to install the newest version of office and setup the desktop icons with some new shortcuts, because, you guessed it, they had forgotten the password... So I was left with no way to get the computer changed or was I?

It turns out that Windows 2000, XP (and Vista too I am pretty sure,) have this save mode setting called safemode Command Prompt. Which loads the system with only the minimal components and a command prompt, and this is what allowed me to get access to the system and make changes with out Deep Freeze stopping me.


The how to:

  1. First reboot the computer
  2. Press F8 at boot
  3. Select "Safe Mode" with Command Prompt
  4. Wait for the Desktop to load. It will load windows just as in normal, but it will have a cmd window open... some systems may be locked, so you might need to try default usernames such as username=Adminstartor, password="", or whatever admin user you can get access to.
  5. At the black window that shows C:\ type,"explorer"
  6. This will start windows explorer which will allow you to do most system changes that are needed.

The only limitation of this hack is the fact that many programs will not install, however you can change (or delete Deep Freeze) permanently from the following folders and when you return to normal mode you will have complete control:

c:\program files\hypert~1\deepfr~1
c:\windows\system\iosubsys\persifrz.vxd
(you can easily delete both of these from the command line or explorer)

For more extensive information on deep freeze check out:
Source: http://www.governmentsecurity.org/forum/index.php?showtopic=123
(it is old but seems to still have relevancy)

Just remember you could get in a lot of trouble for modify business or school network computer systems... and I won't be there to thaw you out ;-)