Advanced options – Faronics Deep Freeze Enterprise User Manual
Page 52
Deep Freeze Enterprise User Guide
52
|
Using Deep Freeze Configuration Administrator
When the Enterprise Console is behind a firewall or a NAT (network address translation) router,
the firewall or router must be configured to allow traffic to pass through to the Enterprise
Console. Depending on the firewall or router, computers may need to be configured with the IP
address of the firewall so that traffic can be forwarded.
For more information on configuring and using Deep Freeze in a specific network environment,
refer to
or contact Technical Support.
If a port number other than the default of 7725 (registered to Deep Freeze) is used, care should be
taken to ensure that there are no conflicts with applications already running on the network.
Well-known ports (0–1023) should be avoided and any Registered Ports (1024–49151) should be
checked for conflicts before deployment.
A complete listing of the ports assigned to various applications can be found on the Internet
Assigned Numbers Authority web site at
http://www.iana.org/assignments/port-numbers
.
Advanced Options
•
Disable Command Line options - This option is selected by default. Clearing this check box
allows for further customization of the Deep Freeze installation program when using the
Silent Install System. Selecting this option prevents the pre-existing configuration choices
from being changed during installation.
•
Enable Deep Freeze local policies - For enhanced security, Deep Freeze removes the following
local privileges: debugging programs, modifying firmware, and changing the system time;
clear this option to use existing privileges.
•
Allow user to change the clock - Select this option to allow Frozen users to adjust the system
clock. Enable this feature during Daylight Savings to allow Windows to update the time
automatically each season.
•
Manage Secure Channel Password — Secure Channel Password is a feature of all Windows
operating systems and only applicable if the system is running in Windows Server Domain
Environment. Secure Channel Password is used for secure communication between the server
and workstations. The Secure Channel Password is automatically changed based on the
operating system settings. While using Deep Freeze, the newly changed Secure Channel
Password is lost on reboot. The Manage Secure Channel Password option avoids this
situation. The Manage Secure Channel Password feature of Deep Freeze changes the value of
Deep Freeze automatically configures the required exceptions in the Windows
Firewall. It is not required to configure the Windows Firewall manually.
It is recommended to use ports in the unallocated range above 49152. Using Port
Segmentation, you can isolate a lab or building by port number by configuring the
Port Number on the workstations and in the Deep Freeze Enterprise Console.
Using this method, you can provide management functions for a specific set of
workstations and not your entire organization. UDP and TCP port exceptions for
these ports will be required. For more information, refer to
Ports, Console Accessed Remotely
.