How to disable deep freeze without a password
How to Uninstall Deep Freeze for Windows 2000/XP/Vista without the
password.
Note: Without a complete uninstallation you may not be able to
reinstall Deep Freeze on your system.
What we are going to do is edit the registry and delete the startup
references to Deep Freeze. This will prevent the Deep Freeze driver from
starting up the next time you boot.
(c:\windows\system32\drivers\deepfrz.sys)
1. First we need a way to edit the registry. The way to do this
depends on your situation. If your computer is thawed you can simply use
Regedit. If your computer is frozen or if it doesn't boot you'll need
to find another way. Here are some alternatives:
If you have a multiboot computer with another copy of Windows 2K/XP
you can boot from there. Or, you can physically mount the disk on
another computer that uses Windows 2K/XP.
You will probably use a tool that lets you boot and edit the
registry. A good example of this is PE Builder that lets you build a
Windows PE CD and boot Windows from there. Or use Bart's,
http://www.nu2.nu/pebuilder/ or Winternals ERD Commander. There are
several, including some USB memory sticks capable of booting like a CD.
The goal here is to boot separately from your hard drive and access it
while it is "asleep".
2. If your computer is thawed run Regedit. If it's not thawed follow
one of the alternatives described above, and run Regedit (or Regedt32
on Windows 2K).
3. On the Find dialog box type UpperFilters and check only the
Values checkbox. Then click Find Next.
4. The program will find a value with the name UpperFilters. Open
this value and if there's a line with the name of the Deep Freeze driver
(DeepFrz or DepFrzLo) delete it including the return, leaving the rest
of the lines intact. Also, if you are using ThawSpace and you want to
get rid of it delete that line too (ThwSpace), if you want to keep the
ThawSpace leave it there. Press F3 to find the next match and repeat the
operation until you have fixed all the UpperFilters values inside the
HKLM\MySystem key.
5. Navigate to HKLM\MySystem\Select and check the value with the
name Default. It has the number of the control set key that the system
will use when booted. If it is 1 the control set is ControlSet001, if it
is 2 the control set is ControlSet002, and so on. We'll assume the
control set is ControlSet001 but you should use the one specified by the
value Default.
6. Now go to HKLM\MySystem\ControlSet001\Services and delete the
keys with the name of the Deep Freeze drivers (DeepFrz or DepFrzLo and
DepFrzHi). Also, if you decided to get rid of the ThawSpace delete the
key with the name of the ThawSpace driver (ThwSpace).
7. That's it. Now reboot and Deep Freeze will not load.
QUESTION: What if the BIOS settings prevent me from booting from CD
or USB? Answer: Deep Freeze prevents you from decrypting the BIOS
password, but it does not prevent removing it, if you have the right
tool! Most of the BIOS hacking programs will not work to remove the BIOS
password on a Deep Freeze protected computer, but CmosPwd by Christophe
Grenier does.
You'll need to know how to use a command line and install the
driver. Yes, it uses a driver to remove the BIOS password. But it works,
even on Deep Freeze protected computers. Use CmosPwd to remove the BIOS
password and reset the default BIOS settings. Then you'll be able to
boot from CD or USB and edit your computer's registry and remove the
DeepFrz, DepFrzLo, and DepFrzHi references which start Deep Freeze.
Now here is a little known secret: Faronics (the makers of Deep
Freeze) uses a special driver to remove broken or malicious Deep Freeze
installations. They do not have any backdoor passwords, so they use a
special driver to remove a Deep Freeze installation where the password
is not known or that someone is having trouble with. Will they send it
to you, or even admit to you that they have it? I don't know. But, even
if you do have it, you will still have to boot separately from the hard
drive and replace the existing Deep Freeze driver with the special one
and reboot. And after that, you need to use a Deep Freeze installation
file to fully uninstall Deep Freeze (it will be thawed when you boot up
with the special driver). If you want to re-install Deep Freeze, you'll
have to first delete the special driver too.
Only a few people have this driver. It is the only solution Faronics
has for those who need to remove Deep Freeze without the password. And,
like I said, you will have to be able to boot from CD or USB and access
the NTFS hard drive. If the boot-up order is locked (hard drive first
and only) in BIOS settings, use CmosPwd to reset BIOS and boot order.
Then you can boot from CD or USB.
Booting from CD or USB and removing the registry references works
also, but then you should uninstall Deep Freeze with an installation
file once you are able to boot thawed.
If you are dealing with a trial version of Deep Freeze, just forward
the BIOS date past 60 days and then restart.
If anyone is wondering if Deep Freeze has ever been hacked, the
answer is "yes" it has, several times over the years. Most of the time
these were weaknesses that Faronics was able to quickly fix or prevent.
However, there was one hacker that really, REALLY gave them headaches.
His name was Emiiano Scavuzzo from Argentina. He was really good at low
level programming and used OllyDbg to come up with about five versions
of his "Deep Unfreezer" which gave Faronics their greatest challenge to
date. Deep Unfreezer now only works on older versions of Deep Freeze.
Faronics is doing very, very well right now (as of 2008). They sold
Apple Computer their Mac version of Deep Freeze, which, if you know how
to look for it in the Applications folder on a Mac, is used in all the
Apple Stores on both their desktops and their laptops. So, if you're
ever in a Mac store playing around with PhotoBooth or whatever, and the
computer settings are all messed up, just restart the Mac and thank Deep
Freeze.
×