How are Windows Updates handled on Deep Freeze protected computers?
Posted by Adam Zilliax on 11 July 2012 08:11 PM
Deep Freeze Enterprise provides the ability to automate Windows Update by scheduling them to be installed at a specified time. The Administrator can simply incorporate the Windows Update settings into the workstation install file and specify whether the updates should be downloaded from the Microsoft Website or from their own WSUS.
With the release of v7.5, Deep Freeze also provides the ability to cache Windows updates during a Frozen session. In other words, Deep Freeze will download the updates on a Frozen workstation and retain them for installation during a Thawed session. If a Windows Update Workstation Task is scheduled, Deep Freeze will install the updates. Additionally, you can configure the settings to detect the completion of the installation so the machine can automatically reboot Frozen (or shutdown) once complete.
Windows Update functionality
The user can choose to either download the Windows Update from Microsoft Website or from their own WSUS when performing Windows Update.
The user can choose the following download options for Windows Update:
When the computer is scheduled to run the Windows Update Task, it will perform the following:
10. Shutdown the computer if the “Shutdown after Task” is selected in the Windows Update Task or reboot if not selected.
Windows Update Caching
If “Cache Windows updates” is selected under the Windows Update tab, Deep Freeze will create a 2 GB ThawSpace for Windows Update caching when installed or when the workstation is Thawed. At this time, the Windows Update folder (%windir%\SoftwareDistribution) will be mounted as a folder and Thawed. Any contents within the Windows Update folder will be removed.
After the Windows Update installation has successfully completed in the Windows Update state, Deep Freeze will remove the downloaded files (ie – %windir%\SoftwareDistribution) with the exception of the “DataStore” folder (until it reaches 1 GB). It will skip over locked files or files in use.
Windows Update Download Criteria
If the Windows Update files are being obtained from WSUS, then it will download only the approved fixes.
If the Windows Update files are being obtained from the Microsoft Update Website, then it will only download critical and security fixes. Note, this will not download service packs since it is not categorize as a critical nor security fixes.
Deep Freeze Windows Update Log File
The Deep Freeze Windows Update Log File provides a detailed record of Deep Freeze’s management of Windows Update.
When the workstation is Frozen, the Deep Freeze Windows Update log files are located at:
When the workstation is Thawed, the Deep Freeze Windows Update log files are located at:
On 32 bit OS:
Program Files\Faronics\Deep Freeze\Install <x>-<y>\DFWUlogfile.log
On 64 bit OS:
Program Files (x86)\Faronics\Deep Freeze\Install <x>-<y>\DFWUlogfile.log
Where <x> is the system drive and <y> is an incrementing number starting with 0.
Deep Freeze Windows Update settings take precedence over Group Policy Windows Update depending on the workstations state.
Third party Windows Update Automation
Users can take advantage of the Deep Freeze Windows Update caching and install Windows Update using a third party software or their own script file. This can be accomplished by setting the Deep Freeze Windows Update settings without scheduling a Windows Update Task.
Note: If Windows Update Software Distribution folder is Thawed by Deep Freeze, then the folder may run out of disk space if Deep Freeze Windows Update Task is not run after a long period of time. To clear the Windows Update Software Distribution folder, schedule and run a Deep Freeze Windows Update Task or remove the contents within the Windows Update Software Distribution folder manually.
Faronics Core Console and Deep Freeze Windows Update Task Compatibility
Both Windows Update Tasks in Faronics Core Console and Deep Freeze are compatible with each other.
Faronics Core Console sets the Windows Update Global Group Policy when Windows Update Task has started. When the user attempts to perform a Windows Update in Faronics Core Console and the workstation is in a Frozen state, the user will be alerted that the workstation is in Frozen state and the
Windows Update Task will not run. It will also utilize the Windows Update cache files if applicable.
If Windows Update Software Distribution folder is Thawed by Deep Freeze and the user chooses to use Faronics Core Console Windows Update Task, then the folder may run out of disk space if Deep Freeze Windows Update Task is not run after a long period of time. To clear the Windows Update Software Distribution folder, schedule and run a Deep Freeze Windows Update Task or remove the contents within the Windows Update Software Distribution folder manually.
Deep Freeze sets the Windows Update Global Group Policy and enforces them depending on the state of the workstation. When the workstation is Thawed, Thawed and Locked, Batch File, or Thawed Period, and Deep Freeze is managing Windows Update, the Windows Update settings will be applied when Deep Freeze Service starts up.
Note: Avoid launching Faronics Core Console Windows Update Task if the workstation is performing a Deep Freeze Windows Update Task (the Deep Freeze status is “Applying Windows Update”).
Do not install, upgrade or uninstall Deep Freeze while Faronics Core Console is in the middle of performing a Windows Update Task.
It is recommended that both Faronics Core Console and Deep Freeze have the same Windows Update (ie - WSUS) settings to ensure that it is pointing to the correct Windows Update servers to check and download the files.