Blogs

Dell KACE and Deep Freeze: Using Scripting to Freeze and Thaw Systems

Introduction

 

Customers who use Deep Freeze need a way to unfreeze their systems in order to do patching and system maintenance and then refreeze the system to allow for normal day to day operation. This guide covers creating scripts for enabling and disabling Deep Freeze for both Windows and Mac systems via the KACE Systems Management Appliance.

After completing this document, you should be able to:

·         Understand the process for creating scripts for freezing and unfreezing Windows computers

·         Understand the process for creating scripts for freezing and unfreezing Macintosh computers


 

Deep Freeze for Windows

 

Thawing Your System

 

Before changes can be made to a computer secured by Deep Freeze, it must be put into a writeable state. This process is known as “Thawing” and can be accomplished with a simple KScript.

·         In the Scripting module, click “Choose Action”, then click “New

QwLTD4.png

 

·         Name your script “Deep Freeze – Boot Thawed” and select Online Kscript from the Type dropdown. You can also input a description of what the script does.

·         Under the Deploy section, uncheck the Select Specific Operating Systems box and then click “Microsoft Windows”. You can also choose what systems to deploy the script to from this section.

·         In the Tasks section, find the Verify option and click “Add”.

·         Choose “Verify a directory exists” and input “%PROGRAMFILES(X86)%” in the text box (without quotes) and click “Save Changes”

·         Go to the On Success section and click “Add”, then select “Launch a program” from the dropdown and enter the following information into the fields:

o   Directory: $(KACE_SYS_DIR)\syswow64

o   File: DFC.exe

o   Check the “Wait for completion” box

o   Parameters: dellkace /BOOTTHAWED

o   Click “Save Changes”

·         Go to the Remediation section and click “Add”, then select “Launch a program” from the dropdown and enter the following information into the fields:

o   Directory: $(KACE_SYS_DIR)\system32

o   File: DFC.exe

o   Check the “Wait for completion” box

o   Parameters: dellkace /BOOTTHAWED

o   Click “Save Changes”

 

Note:

The dellkace entry in the Parameters field logs the user who submitted the thaw command as dellkace. You can replace that entry with the DNS hostname of your appliance if you wish.

 

·         Scroll to the bottom of the page and click “Save”

Twr96N.png

You may run this script on demand by choosing the “Run Now” option, or schedule it to run on whatever schedule you prefer.

 

 


 

Freezing Your System

 

Once changes have been made to the system, it will need to be placed back in a “Frozen” state. Use the following steps to create a script to freeze the target PC.

 

·         In the Scripting module, click “Choose Action”, then click “New

·         Name your script “Deep Freeze – Boot Frozen” and select Online Kscript from the Type dropdown. You can also input a description of what the script does.

·         Under the Deploy section, uncheck the Select Specific Operating Systems box and then click “Microsoft Windows”. You can also choose what systems to deploy the script to from this section.

·         In the Tasks section, find the Verify option and click “Add”.

·         Choose “Verify a directory exists” and input “%PROGRAMFILES(X86)%” in the text box (without quotes) and click “Save Changes”

·         Go to the On Success section and click “Add”, then select “Launch a program” from the dropdown and enter the following information into the fields:

o   Directory: $(KACE_SYS_DIR)\syswow64

o   File: DFC.exe

o   Check the “Wait for completion” box

o   Parameters: dellkace /BOOTFROZEN

o   Click “Save Changes”

·         Go to the Remediation section and click “Add”, then select “Launch a program” from the dropdown and enter the following information into the fields:

o   Directory: $(KACE_SYS_DIR)\system32

o   File: DFC.exe

o   Check the “Wait for completion” box

o   Parameters: dellkace /BOOTFROZEN

o   Click “Save Changes”

·         Scroll to the bottom of the page and click “Save”

vZ7Jdv.png

You may run this script on demand by choosing the “Run Now” option, or schedule it to run on whatever schedule you prefer.

Deep Freeze for Macintosh

 

Thawing Your System

 

·         In the Scripting module, click “Choose Action”, then click “New

·         Name your script “Deep Freeze – Boot Thawed” and select Online Shell Script from the Type dropdown. You can also input a description of what the script does.

·         Under the Deploy section, uncheck the Select Specific Operating Systems box and then click “Mac OS X”. You can also choose what systems to deploy the script to from this section.

·         In the Script section, input the following commands:

#! /bin/sh

 

# Thaw Deep Freeze Mac Client

 

echo - Deep Freeze Mac Thaw Executing

 

DFXPSWD=dellkace /Library/Application\ Support/Faronics/Deep\ Freeze/deepfreeze -u dellkace -p bootThawed

 

echo - Rebooting system

shutdown -r now

 

·         In the Script File Name box, name the script DPM_Thawed.sh

·         Scroll to the bottom of the page and click “Save”

 

krzv92.png

You may run this script on demand by choosing the “Run Now” option, or schedule it to run on whatever schedule you prefer.

Freezing Your System

 

·         In the Scripting module, click “Choose Action”, then click “New

·         Name your script “Deep Freeze – Boot Frozen” and select Online Shell Script from the Type dropdown. You can also input a description of what the script does.

·         Under the Deploy section, uncheck the Select Specific Operating Systems box and then click “Mac OS X”. You can also choose what systems to deploy the script to from this section.

·         In the Script section, input the following commands:

#! /bin/sh

 

# Thaw Deep Freeze Mac Client

 

echo - Deep Freeze Mac Freeze Executing

 

DFXPSWD=dellkace /Library/Application\ Support/Faronics/Deep\ Freeze/deepfreeze -u dellkace -p bootFrozen

 

echo - Rebooting system

 

shutdown -r now

 

·         In the Script File Name box, name the script DPM_Frozen.sh

·         Scroll to the bottom of the page and click “Save”

zk39Nt.png

You may run this script on demand by choosing the “Run Now” option, or schedule it to run on whatever schedule you prefer.

Conclusion

 

By following the steps in this guide, you should be able to create the scripts necessary for freezing and thawing your computers. This will allow you to manage your systems, update security patches and deploy software to the computers without sacrificing the security provided by the Deep Freeze application. 
View comments (1)

KACE Patch Report for Installed Patches past week and Missing Patches for Label

I needed a way to track patches that was more precise than the standard kace shotgun approach. Below are two separate reports.


1. Detect missing patches for a label. (This is a slightly edited version of the default)

SELECT PP.IDENTIFIER,
PP.TITLE,
GROUP_CONCAT(IF((MS.STATUS = 'NOTPATCHED'), M.NAME, NULL)) AS SERVERS_WITHOUT_PATCH,
COUNT(*) AS TOTAL,
SUM(IF((MS.STATUS = 'PATCHED'), 1, 0)) AS PATCHED,
SUM(IF((MS.STATUS = 'NOTPATCHED'), 1, 0)) AS NOTPATCHED,
SUM(IF((MS.DEPLOY_ATTEMPT_COUNT >= MS.MAX_DEPLOY_ATTEMPT 
          and MS.STATUS != 'PATCHED'
        or MS.STATUS = 'FAIL' 
        or (MS.DEPLOY_STATUS = 'FAIL' and MS.STATUS != 'PATCHED')), 1, 0)) AS ERROR
FROM PATCHLINK_MACHINE_STATUS MS
JOIN MACHINE M ON M.ID=MS.MACHINE_ID
JOIN KBSYS.PATCHLINK_PATCH PP ON PP.UID = MS.PATCHUID
JOIN MACHINE_LABEL_JT ML on ML.MACHINE_ID = M.ID
WHERE ML.LABEL_ID = (select ID from LABEL where NAME = 'LABEL NAME')
-- AND PP.IMPACTID = 'Critical'                       UNCOMMENT THIS LINE TO SHOW CRITICAL PATCHES
-- AND PP.IMPACTID = 'Recommended'          UNCOMMENT THIS LINE TO SHOW RECOMMENDED PATCHES
-- AND PP.IMPACTID = 'Software'                    UNCOMMENT THIS LINE TO SHOW SOFTWARE PATCHES
GROUP BY PP.UID
HAVING NOTPATCHED > 0
ORDER BY PP.TITLE


2. Show patches that were installed on a machine based on a schedule name in the last X days/weeks/months and the status of the installation.


select M.NAME as COMPUTER_NAME, PP.TITLE as PATCH_NAME, PP.IMPACTID as PATCH_IMPACT, MS.DEPLOY_STATUS as PATCH_STATUS, MS.DEPLOY_STATUS_DT as INSTALL_DATE from MACHINE M
left join PATCHLINK_MACHINE_STATUS MS on MS.MACHINE_ID = M.ID
left join KBSYS.PATCHLINK_PATCH PP on PP.UID = MS.PATCHUID
left join PATCHLINK_SCHEDULE PS on PS.ID = MS.SCHEDULE_ID
where MS.DEPLOY_STATUS_DT > subdate(now(), interval 1 day)   CHANGE TO TIME INTERVAL. CAN USE # + (second, minute, hour, week, month, year)
and PS.DESCRIPTION = 'Server Patch Job'    CHANGE TO THE NAME OF YOUR PATCH SCHEDULE NAME OR UNCOMMENT FOR ALL SCHEDULES
ORDER BY M.NAME, PP.TITLE

When creating the SQL Report...
Break on Columns: COMPUTER_NAME
Be the first to comment

Alert Queue when ticket is moved between queues.

My users are still getting use to KACE and often submit tickets to the wrong queue. When this happens owners from a team will move tickets to the appropriate queue. Unfortunately there is no email sent to the owners of the queue where the ticket was moved to alerting them of this fact. To fix this I have created a ticket rule that will email the owners in the new queue (by using the secondary email address of the queue) whenever a ticket is moved to their queue. 

Select SQL:

select distinct(HD_TICKET.ID), U.EMAIL as EMAIL from HD_TICKET
left join HD_TICKET_CHANGE TC on TC.HD_TICKET_ID = HD_TICKET.ID
left join HD_TICKET_CHANGE_FIELD CF on CF.HD_TICKET_CHANGE_ID = TC.ID
left join USER U on U.ID = HD_TICKET.SUBMITTER_ID
where CF.AFTER_VALUE = 'Opened'
and CF.FIELD_CHANGED = 'STATUS_NAME'
and TC.TIMESTAMP > subdate(NOW(), INTERVAL 10 SECOND)
and HD_TICKET.HD_QUEUE_ID = 1

Email each recipient in query results:
Subject: (TICK: $id) was moved
Column containing email addresses: EMAIL
Subject: 
The Ticket with ID: $id was moved to the Trouble Ticket team. Please review and address.

http://KBOXAddress/adminui/ticket.php?ID=$id

Be the first to comment

TechEd Eurpoe 2014 - See you in Barcelona!!

TechEd Europe 2014 is starting next week!! (10/28 - 10/31 @ Fira, Barcelona : @TechEd_Europe). Those of you who missed the "Big one" in Austin will be enjoying this..
see you in Barcelona!
http://europe.msteched.com/#fbid=FP78D4Sya7y

Be the first to comment

Dell World User Forum – Three Seasoned Veterans Tell You Why It’s Worth It

Still deciding whether to spring for Dell World User Forum 2014? It’s coming up November 4-7 in Austin, and we’re doing everything we can to make it easy for you to attend. I want to point out a few highlights of what you can expect, especially as a KACE customer, then I’ll let a few DWUF veterans tell you about their ROI.


BOGO and a free pass to Dell World

User Forum is a lot more than panels and exhibits. User Forum brings you together with the Dell experts – engineers, architects, product managers – who build and support the products you work with day in and day out. It’s your chance to come in with a five-pound bag of questions and get them answered face to face, whether in a lab, at the Geek Bar or in a hallway.

User Forum features hands-on labs in which you can finally sit down for that hour you’ve been promising yourself and dive deep into Dell products like KACE appliances. As soon as you get back to the office – and sometimes even before then – you’ll start to see a return on your investment in productivity.

And speaking of investment, we have two financial incentives for you:

  • Your User Forum pass includes a pass to the Dell World main track event as well. Catch keynotes and presentations by Peter Diamandis of the X PRIZE Foundation, Erik Brynjolfsson of MIT and Michael Dell of – well, you know which company he works for.
  • We’re running a BOGO – a Buy-One-Get-One offer so you can share a pass with a colleague at no additional charge.

If you or your organization is a current Dell customer, User Forum is the place for you.

Sessions

Here are some of the most popular KACE sessions and labs to look for:

  • K1000 Advanced Topics. Our engineers will help you understand what's under the covers of your K1000. You’ll take away a deeper understanding of how best to use this systems management platform in your environment.
  • Software Packaging/Scripting. We’ll talk about packaging, with real-world examples of tough deployments.
  • Software Distribution. We’ll go beyond the basics to some unconventional wisdom around deploying software, including large installers, complex installers and repackaging.
  • Patching: Getting Started, and Going Beyond Basics. Learn how to patch your environment with the K1000, then design a sustainable patching system with integrated automation and reporting.
  • Troubleshooting the K1000. Understanding how to debug is a skill all admins should hone regularly.

We’ll cover these topics and more in breakout sessions, self-paced labs and hands-on labs led by instructors.

3 veterans weigh in on Dell World User Forum

But you don’t have to take my word for it. I asked a few real-world system administrators why they think User Forum is worth it. Here are some of their answers:

  • Ron Falkoff, System Analyst, Mary Institute and Saint Louis Country Day School (Missouri)

“User Forum was productive for us because it accelerated our use of the KACE appliances. This is when we can raise specific issues we are having with others during birds-of-a-feather, or just with our peers in other industries having the same experiences.

“On the way home one year, I implemented Smart Labels from San Francisco Airport, they populated by the time I got to O’Hare, and I began using them when I got to the St. Louis Airport. Another year, I fixed patching remotely on my appliance while talking to an expert at the Geek Bar.

“I would tell people to not miss the product feedback, and to go to one session outside their comfort zone.”

  • Stacy Crotser, Computer Lab Administrator, Sam M. Walton College of Business, University of Arkansas

“I got some great stuff out of the instructor-led labs. Getting to watch a presentation, then jumping right in to try it myself was fantastic! I learned lots of techniques and implemented them when I got home. I have referred time and again to the USB key with all the instructor-led presentations and training sessions. That USB key was the single best thing I have EVER gotten from a conference, and I got value out of it all year long.

“If you are a KACE administrator, then the User Forum is a MUST! There was more information jam-packed into the conference than you could pick up otherwise in a whole year.”

  • Deedra Pearce, Director of Information Systems, Green Clinic Surgical Hospital (Louisiana)

“Before I attended User Forum, I didn't interact much with our KBOXes; I did what I needed to do, then got right out, so I didn't realize all the capabilities they had. At User Forum it was so nice to see all the software integration, especially with all our other appliances. As soon as we returned, we got involved in the 6.0 update and couldn't wait to use the new user-friendly dashboard we’d learned about.

“As IT director I learned so much at User Forum. I’ve been able to help make our CIO’s daily job so much easier in the past year as I've learned more about the system. User Forum has helped me develop a relationship with Dell, and especially with the KACE team.”

Your turn

So there you have them – three seasoned veterans telling you why Dell World User Forum 2014 is worth it. As KACE training lead, I keep in regular contact with peers at lots of companies using KACE. The networking and user base at User Forum grow steadily year upon year.

  • Have a look at the User Forum agenda and start picking out the labs and sessions you want to attend.
  • Double your internal expertise by grabbing your BOGO now. Register for User Forum and get a pass to all Dell World sessions.
View comments (2)
Showing 1 - 5 of 2608 results