Knowledgebase
How are Windows Updates handled on Deep Freeze protected computers?
Posted by Adam Zilliax on 11 July 2012 08:11 PM

Overview

Deep Freeze Enterprise provides the ability to automate Windows Update by scheduling them to be installed at a specified time. The Administrator can simply incorporate the Windows Update settings into the workstation install file and specify whether the updates should be downloaded from the Microsoft Website or from their own WSUS.

With the release of v7.5, Deep Freeze also provides the ability to cache Windows updates during a Frozen session. In other words, Deep Freeze will download the updates on a Frozen workstation and retain them for installation during a Thawed session. If a Windows Update Workstation Task is scheduled, Deep Freeze will install the updates. Additionally, you can configure the settings to detect the completion of the installation so the machine can automatically reboot Frozen (or shutdown) once complete.

Windows Update functionality

The user can choose to either download the Windows Update from Microsoft Website or from their own WSUS when performing Windows Update.

The user can choose the following download options for Windows Update:

  • Download all the updates during the Windows Update Task schedule and sets the Windows Update settings to “Never check for updates” when the computer is Frozen.
  • Download the updates in the ThawSpace (cache) even in Frozen state and sets the Windows Update settings to “Download updates but let me choose whether to install them”.

When the computer is scheduled to run the Windows Update Task, it will perform the following:

  1. Display the message before the Task is performed if “Show message” is selected in the Windows Update Task.
  2. Allow the user to cancel the Task if “Allow the user to cancel event” is selected in the Windows Update Task.
  3. Restart the machine in a Thawed state.
  4. Set the Deep Freeze Status to “Applying Windows Update” in DF Enterprise Console under the Status column.
  5. Disable keyboard and mouse if “Disable keyboard and mouse” is selected in the Windows Update Task.
  6. Display the message during the Task being performed if “Show message” is selected in the Windows Update Task.
  7. Check for updates by connecting to either Microsoft Windows Update Website or WSUS as determined by the Windows Update settings.  If there are updates, then continue, otherwise reboot the workstation Frozen (depends on set End time).
  8. Apply the Windows Updates.  This may require multiple reboots.
  9. Set the computer to Frozen state when it reaches the Windows Update Task End time or when Windows Update completes (depends on settings).

10.  Shutdown the computer if the “Shutdown after Task” is selected in the Windows Update Task or reboot if not selected.

Windows Update Caching

If “Cache Windows updates” is selected under the Windows Update tab, Deep Freeze will create a 2 GB ThawSpace for Windows Update caching when installed or when the workstation is Thawed.  At this time, the Windows Update folder (%windir%\SoftwareDistribution) will be mounted as a folder and Thawed.  Any contents within the Windows Update folder will be removed.

After the Windows Update installation has successfully completed in the Windows Update state, Deep Freeze will remove the downloaded files (ie – %windir%\SoftwareDistribution) with the exception of the “DataStore” folder (until it reaches 1 GB).  It will skip over locked files or files in use.

Known issues:

On v7.50, Cache created for Windows Update caching mounts with a significant delay on Windows workstations running on Apple hardware. 

Windows Update Download Criteria

If the Windows Update files are being obtained from WSUS, then it will download only the approved fixes.

If the Windows Update files are being obtained from the Microsoft Update Website, then it will only download critical and security fixes.  Note, this will not download service packs since it is not categorize as a critical nor security fixes.

Deep Freeze Windows Update Log File

The Deep Freeze Windows Update Log File provides a detailed record of Deep Freeze’s management of Windows Update.

When the workstation is Frozen, the Deep Freeze Windows Update log files are located at:

%windir%\SoftwareDistribution\DFWUlogfile.log

When the workstation is Thawed, the Deep Freeze Windows Update log files are located at:

On 32 bit OS:

Program Files\Faronics\Deep Freeze\Install <x>-<y>\DFWUlogfile.log

On 64 bit OS:

Program Files (x86)\Faronics\Deep Freeze\Install <x>-<y>\DFWUlogfile.log

Where <x> is the system drive and <y> is an incrementing number starting with 0.

Group Policy

Deep Freeze Windows Update settings take precedence over Group Policy Windows Update depending on the workstations state.

  • When the workstation is Frozen, Deep Freeze Windows Update settings will be enforced every 15 minutes.
  • When the workstation is Thawed, Thawed and Locked, running Batch File Task, and in a Thawed Period, Deep Freeze Windows Update settings will be applied only at Deep Freeze service start up.  This will allow the user to change the Windows Update settings manually.
  • When the workstation is running the Windows Update Task, the Windows Update settings will be applied when Windows Update Task starts.

Third party Windows Update Automation

Users can take advantage of the Deep Freeze Windows Update caching and install Windows Update using a third party software or their own script file.  This can be accomplished by setting the Deep Freeze Windows Update settings without scheduling a Windows Update Task.

Note: If Windows Update Software Distribution folder is Thawed by Deep Freeze, then the folder may run out of disk space if Deep Freeze Windows Update Task is not run after a long period of time.   To clear the Windows Update Software Distribution folder, schedule and run a Deep Freeze Windows Update Task or remove the contents within the Windows Update Software Distribution folder manually.

Faronics Core Console and Deep Freeze Windows Update Task Compatibility

Both Windows Update Tasks in Faronics Core Console and Deep Freeze are compatible with each other.

Faronics Core Console sets the Windows Update Global Group Policy when Windows Update Task has started.  When the user attempts to perform a Windows Update in Faronics Core Console and the workstation is in a Frozen state, the user will be alerted that the workstation is in Frozen state and the

Windows Update Task will not run.  It will also utilize the Windows Update cache files if applicable.

If Windows Update Software Distribution folder is Thawed by Deep Freeze and the user chooses to use Faronics Core Console Windows Update Task, then the folder may run out of disk space if Deep Freeze Windows Update Task is not run after a long period of time.   To clear the Windows Update Software Distribution folder, schedule and run a Deep Freeze Windows Update Task or remove the contents within the Windows Update Software Distribution folder manually.

Deep Freeze sets the Windows Update Global Group Policy and enforces them depending on the state of the workstation.  When the workstation is Thawed, Thawed and Locked, Batch File, or Thawed Period, and Deep Freeze is managing Windows Update, the Windows Update settings will be applied when Deep Freeze Service starts up.

Note: Avoid launching Faronics Core Console Windows Update Task if the workstation is performing a Deep Freeze Windows Update Task (the Deep Freeze status is “Applying Windows Update”).

Do not install, upgrade or uninstall Deep Freeze while Faronics Core Console is in the middle of performing a Windows Update Task.

It is recommended that both Faronics Core Console and Deep Freeze have the same Windows Update (ie - WSUS) settings to ensure that it is pointing to the correct Windows Update servers to check and download the files.

(88 vote(s))
Helpful
Not helpful

Comments (0)