1

I have a second hand business computer that has deep freeze enterprise, and I do not know the password nor access to the OTP.

I've looked around and have found instructions for the standard version, of which the steps do not work.

So is there a way to remove deep freeze enterprise manually without the password or without installing a fresh Windows? I can make permanent changes to the Windows OS using Kali's file explorer and the registry with chntpw, if that helps.

Ways I've tried

  • chntpw rdel HKLM/Software/Wow3264Node/Faronics
  • Deleted C:/Program Files/Faronics

  • Result: nothing. Deep freeze still in effect

  • chntpw rdel HKLM/System/ControlSet001 (& 002)/DeepFrz (& DFServ)

  • Result: flash of BSOD on Windows startup, restarts and repeats process

Registry restored at this point. What to do?

MrU
  • 259

2 Answers2

3

The quickest way is to do a fresh Windows installation. Blow everything away on the hard drive, including the partition tables.

To do this, boot from the Windows Installation DVD/USB. When it asks you for your language, choose it and click Next. You'll see a link at the bottom to Repair you Computer.

Click on the Command Prompt link.

Type diskpart and press Enter.

Type list disk and press Enter

Look at the listings, and choose the disk that your primary hard drive is (i.e. select disk 0, then press Enter)

Type clean disk and press Enter.

Now, exit diskpart, and exit the Command Prompt. Continue with the installation as per normal.

The reason for this is because DeepFreeze installs device drivers for loading the "hard drive". It splits up the actual hard drive into a few partitions, and essentially makes Windows run from a VM, with a copy of the original "frozen" partition. When you make changes to it, DeepFreeze doesn't care, and just flushes the changes away by running a copy of the original image on the next reboot.

The device drivers are needed so that DeepFreeze knows it's in charge of the system. Without the drivers loading, DeepFreeze has set Windows to BSOD, in order to prevent unauthorized activity on the system in question. To completely get rid of it, you need to wipe the hard drive completely, before DeepFreeze can load, following the above instructions

Canadian Luke
  • 24,640
1

To force Deep Freeze into a Thawed state, you will need to download and replace two drivers in c:\windows\system32\drivers. These null drivers are available only to verified Faronics customers. These drivers will prevent Deep Freeze from entering a Frozen state and allow the software to be uninstalled from the computer using the workstation installer file. Instructions and null drivers are available from Faronics, again, only to verified customers. You will need the installer file to uninstall the program. The cost for a single license for Deep Freeze Standard workstation is approximately $46.99. I am pretty sure the null drivers will work on Deep Freeze Enterprise also, but you can doube-check with Faronics.

In order to apply this procedure, you will be required to boot the local system without using the hard drive where Deep Freeze is installed. This can be done using one of the following methods: 1) Windows Install Media (This must match the type and version of Windows you have installed) 2) BartPE (Or any pre-installed Windows environment) 3) Knoppix (or any other Linux ‘live’ media)

And, of course, your BIOS UEFI must be unsecured to allow you to boot from other device.

Faronics will have the latest manual removal instructions. So be sure to check with them.

David Walker
  • 11