Removing deep freeze enterprise
The quickest way is to do a fresh Windows installation. Blow everything away on the hard drive, including the partition tables.
To do this, boot from the Windows Installation DVD/USB. When it asks you for your language, choose it and click Next. You'll see a link at the bottom to Repair you Computer.
Click on the Command Prompt link.
Type diskpart
and press Enter.
Type list disk
and press Enter
Look at the listings, and choose the disk that your primary hard drive is (i.e. select disk 0
, then press Enter)
Type clean disk
and press Enter.
Now, exit diskpart, and exit the Command Prompt. Continue with the installation as per normal.
The reason for this is because DeepFreeze installs device drivers for loading the "hard drive". It splits up the actual hard drive into a few partitions, and essentially makes Windows run from a VM, with a copy of the original "frozen" partition. When you make changes to it, DeepFreeze doesn't care, and just flushes the changes away by running a copy of the original image on the next reboot.
The device drivers are needed so that DeepFreeze knows it's in charge of the system. Without the drivers loading, DeepFreeze has set Windows to BSOD, in order to prevent unauthorized activity on the system in question. To completely get rid of it, you need to wipe the hard drive completely, before DeepFreeze can load, following the above instructions
Related videos on Youtube
MrU
Updated on September 18, 2022Comments
-
MrU over 1 year
I have a second hand business computer that has deep freeze enterprise, and I do not know the password nor access to the OTP.
I've looked around and have found instructions for the standard version, of which the steps do not work.
So is there a way to remove deep freeze enterprise manually without the password or without installing a fresh Windows? I can make permanent changes to the Windows OS using Kali's file explorer and the registry with chntpw, if that helps.
Ways I've tried
- chntpw
rdel
HKLM/Software/Wow3264Node/Faronics - Deleted C:/Program Files/Faronics
Result: nothing. Deep freeze still in effect
chntpw
rdel
HKLM/System/ControlSet001 (& 002)/DeepFrz (& DFServ)- Result: flash of BSOD on Windows startup, restarts and repeats process
Registry restored at this point. What to do?
-
Kinnectus over 9 yearsYou'll need the password. The software has been designed and improved over the years to react to penetration attempts.
-
Daniel B over 9 yearsYou can always extract the product key with some tool. If you are authorized.
-
MrU over 9 years@DanielB I can be authorized, making myself an administrator - So how would the product key?
-
Daniel B over 9 yearsAuthorized as in licensee. The product key helps you reinstall Windows. This software is designed to resist unauthorized removal. Much like malware. And guess what’s the recommended course of action for malware? That’s right, reinstall everything.
-
MrU over 9 yearsreading everything... It looks like there is no way instead of a reinstall. Wow. Faronics is a tough program. probably toughest I've ever seen.
- chntpw
-
MrU over 9 yearsread the question. WITHOUT reinstalling a fresh windows.
-
Canadian Luke over 9 yearsYou may with to do it without reinstalling Windows, but unless you get the password, the newer versions are extremely resistant to other forms of attack. The way DeepFreeze works, only a fresh install would work if you don't know the password, or break the software on the actual host drive
-
MrU over 9 yearsbreaking the software on the actual host drive? do you mean the computer's Hard drive or the Windows Partiton? If so, how?
-
Ramhound over 9 years@MrU - He means the system partition. By break he means attempt to make the software not load, since its extremely resistant, your unlikely going have success in doing that.
-
MrU over 9 yearsOh damn... Oh well, I guess I will have to do a fresh install.