Faronics Deep Freeze Enterprise User Manual
Page 53
Advanced Options Tab
|
53
Deep Freeze Enterprise User Guide
the Group Policy Maximum machine account password age based on the Deep Freeze state
(Frozen or Thawed).
— Select the Manage Secure Channel Password option if you want Deep Freeze to manage
Secure Channel Password.
When the workstation is Frozen: The workstation will not change the Secure Channel
Password. This ensures that the secure communication between the server and the
workstation is always maintained.
When the workstation is Thawed: The workstation will change the Secure Channel
Password and sync the password with the server.
— Do not select the Manage Secure Channel Password option if you do not want Deep Freeze
to manage the Secure Channel Password.
When the workstation is Frozen: When the Secure Channel Password is changed and
synced with the server, it resets to the old password on reboot.
When the workstation is Thawed: If the workstation is Thawed on the day the Secure
Channel Password is changed, the new password takes affect and the workstation is synced
with the server.
•
Restart on Logoff - Select this check box to Restart the computer automatically when it is
logged off. If this option is selected, the computer is restarted when a user logs off in a Frozen
state.
•
Protect Master Boot Record (MBR) - Select this check box if you want Deep Freeze to protect
the Master Boot Record. If this option is selected, changes to the Master Boot Record are
reversed on reboot when the computer is in a Frozen state.
Example
On a Windows Domain Environment using Windows Server 2008 R2 that manages multiple
workstations, Secure Channel Password is used for secure communication between the server and
workstations.
In Deep Freeze Configuration Administrator, go to the Advanced Options tab and select Manage
Secure Channel Password. Create the Workstation Install file and deploy it to the workstation.
Set the following in the Group Policy for the Manage Secure Channel Password feature to work:
Domain Controller: Refuse machine account password changes to Not Defined
Domain Member: Disable machine account password changes to Disabled
When the workstation is Frozen, the Secure Channel Password does not change. When the
workstation is Thawed, the Secure Channel Password is changed at the workstation and synced
with the server.
The Manage Secure Channel Password feature of Deep Freeze always overrides
the Group Policy Maximum machine account password age.
Set the following in the Group Policy for the Manage Secure Channel Password
feature to work:
Domain Controller: Refuse machine account password changes to Not Defined
Domain Member: Disable machine account password changes to Disabled