How to Deep Freeze Windows 8 Devices

As noted in the previous post, there are a few areas of concern when using Windows (or Mac) computers: namely, these operating systems are designed to allow the user to have a lot of control over everything they do — including things we may not want our students to do (intentionally or, more often, accidentally), like moving shortcuts or icons, deleting/uninstalling software, or installing unapproved software apps.

One major first step to prevent such behaviors is to establish a Technology Acceptable Use Policy (a.k.a. Agreement or Contract) for students and parents to sign. This document outlines the fundamental rules and requirements for using 1:1 devices in the classroom, and outlines possible consequences for non-compliance. By signing the document, students and parents acknowledge that they are aware of the rules and will abide by them.

However, even with the above measures in place, accidents do happen (and sometimes students — especially adolescent ones — can make some poor decisions.)

For these reasons, it is a good practice to install software on the devices that will prevent such problems from occurring. One way is to ensure that students have a non-admin login, which would prevent installation of software and would minimize malware threats. However, it doesn’t prevent moving or deletion of desktop icons and shortcuts, and it can cause problems when admin access is needed — for example, if a website plugin needs to suddenly be updated.

Faronics Deep FreezeThe solution I have used over the past few years to avoid these issues is called Deep Freeze, by Faronics. This software freezes the configuration of a computer so that, upon reboot, any changes that occurred are undone and the system is restored to that designated “frozen” state.  This does not actually prevent changes from occurring on the machine. Students can log in with admin rights, can make changes to the system, can update web plugins, or could even install software on the fly if they need it — however, none of those actions will stick. They will not persist forever; when the computer is restarted, all of the changes made while frozen will be wiped out:

Tips for Using Deep Freeze at School:

  1. You can set “Allow Windows Updates” setting to automatically ensure that, while the rest of the computer is frozen, the Windows OS is not frozen and can be updated as normal via Windows Updates (otherwise, you will have to unfreeze the computers and manually check for updates at scheduled times.)
  2. You can also allow scheduled update time slots and scripts to make sure certain programs can automatically update. This can be useful for software that requires updates, like Flash (and other Adobe software. But especially Flash.)
  3. Students will need to be taught that they cannot rely on saving and accessing their files locally! If you save any work to My Documents, for example, that work will be erased and will disappear with the computer is rebooted!  The solution to this is to store files outside of the local device: you can create student folders on the LAN (local area network for the school), which will allow students to access those files from any computer while at school. An even better solution could be to use “cloud storage” solutions such as Microsoft SkyDrive or Google Drive. This is part of Google Apps for Education, which is popular because it is free for schools and provides 30 GB of storage space for every student. It is the solution we — like many other classrooms — are using.

Click here for technical details and documentation regarding how you set up automatic Windows Updates or updates for other programs, while keeping computers safely frozen.

Setup and Management of Windows 8 Devices

You may have noticed in my previous posts about the needs and requirements of 1:1 paperless devices that I did not mention “management/maintenance” as an important consideration.

The reason for this is because, although it actually is an important factor to consider, we have to keep in mind the following:

  1. The priority for choosing a device is the educational experience; the #1 priority is to improve learning and productivity, and all other factors (including pricetag and IT management) are, in my opinion, secondary to this primary goal. Even though they are still very important, it doesn’t do much good to get a device that is “cheap” or “easy for tech support and maintenance” if the device isn’t very useful in the classroom.
  2. There is not an “unmanageable” device. Every major category of device — Mac, Windows, iOS, Android, Chromebook — is manageable; it may simply be a matter of different methods and (sometimes) additional software or systems that may be necessary.

I am going to start by pointing out some of the IT setup/management/maintenance benefits and limitations of each of the above , and then explain some ways that Windows devices can, in fact, be fairly easy to manage and maintain — no more difficult than iPads, Android tablets, or Macs.

Device Type IT Management & Concerns
Windows 8Windows-8-logo-300x300 Windows is used on nearly 90% of devices out there (source: NetMarketShare), and has been used as an enterprise solution for many years, and thus has a lot of support by IT departments and various software programs to help cloning of devices, standardization of machines, account profiles (Active Directory, etc.), and monitoring tools.On the other hand, this long-standing and widespread use also tends to cause Windows to be more of a target for hackers and malware. Windows has long had a reputation for some issues, including susceptibility to virus, spyware, or other malware. Windows 8 is far more stable and secure than previous versions, but these are still valid concerns.
Mac (OS X)Mac_OS_X_logo Very similar to Windows, the Mac OS has been around for a long time and has gone through many iterations. OS X is not as widely-adopted at the enterprise level — accounting for about 7% of all devices out there — but it has been around long enough that there are various IT tools to help clone and manage these devices, similar to Windows.  OS X also has a reputation for being more secure, so protective measures may not be as high of a priority as Windows (note: no OS is 100% invulnerable! There have been recent reports of trojans on OS X, for example.)
iPads (iOS)iOS logo Generally speaking, iOS is a much “simpler” operating system than full-fledged computers like OS X or Windows. This simplicity eliminates a lot of loopholes and headaches that could occur, allowing the appearance and installation of apps to be more standardized and streamlined. However, this “walled garden” approach can also cause some management headaches — especially when it comes to installing apps on multiple devices. iTunes accounts can be tricky to manage, and installs on multiple devices can be tedious and time consuming, although there are now specialized tools to simplify this process.
Androidandroid-logo-white Although Android devices have now surpassed iOS overall, this is mainly driven by smartphones (not tablets), and generally dealt with at the end-user level since this represents consumer demand more than enterprise-wide adoptions. Since there are so many different versions of both hardware and software versions for Android, it creates “fragmentation” with different capabilities and limitations across devices; this is one of several reasons why there are not as many tools for simplifying the install and management pipeline for IT departments working with Android. On the one hand, Android is much more open and accessible than iOS, allowing for expanded opportunities and capabilities, but also allowing for various headaches (including recent reports of malware!)
ChromebookNew-Chrome-Icon1 Chromebooks run “Chrome OS”, which is a specialized install of Linux operating system, running Chrome web browser as the central software. In essence, this makes Chromebooks different than all of the above devices, because most laptops and tablets use installed apps and programs. For the most part, Chromebooks do not do this – they simply provide a “client” device to access remote apps run on internet websites; a.k.a. “Cloud Computing”This can really simplify things, because the above concerns about managing multiple installs, or preventing malware, are pretty much eliminated. On the other hand, there are other IT concerns to deal with – namely, issues of bandwidth, connectivity, privacy, and ensuring that the cloud apps you want to access can actually be used by students (many have Terms of Service that specify minimum age requirements which rule out use by younger students.)

Having acknowledged the challenges of each popular 1:1 solution, we can see that there are always considerations to keep in mind — and there are always solutions to each problem, some may just take more time or specialized software than others.

In the upcoming posts I will explain how you can streamline use of Windows 8 devices (like the Lenovo Thinkpad Tablet 2) for use in your school, and minimize the work required to install software and reduce anxieties about students accidentally (or intentionally) “messing up” the devices (through actions as innocuous as moving around desktop icons, or as worrisome as virus infections.)  These are the 4 basic types of tools you may want to consider if using Windows (or even Mac) devices:

  1. Cloning / imaging software to simplify software installs onto multiple devices, and ensure standardization (in our case, we are starting by using Acronis True Image; there are several other options)
  2. “Freezing” or “locking” software to easily prevent or roll back any changes made to the computer, essentially “freezing” it in a state that you desire (we are using Faronics Deep Freeze to accomplish this)
  3. Anti-Malware software (optional), such as Sophos or Norton. Due to the improved Windows security and firewall features combined with software such as Deep Freeze, antivirus software may not even be necessary but could be an optional “extra precaution.”
  4. Classroom Device Management / Monitoring software (optional), such as SMART Sync a.k.a. “SynchronEyes.”  There are a few different programs that will allow you as a teacher (or an admin) to be able to see each student’s screen, track their behaviors and activities on the devices, take screenshots or broadcast student or teacher screen to other devices, send and retrieve quizzes, polls, or files from students, set filtering and restrictions for apps or websites that are accessible to students, and more options. This type of software is not necessary for a 1:1 or paperless classroom, but it can certainly be nice to have.