Windows 2000 Remote Installation Service (RIS)
RIS can be used to deploy Windows 2000 operating systems to client systems from the server. It can install the operating system with applications. It provides the following additional capabilities:
- Other technical personnel that are not administrators may install Windows 2000 Professional.
- It provides an extra way to fix failed networked computers.
- Specific hardware images do not need to be provided since Windows 2000 supports plug and play devices.
A Windows 2000 computer can have remote installation files for Windows 2000 Professional computers then send those files out to the appropriate computers and provide a unique security identifier for the new computer. The "Add/Remove Programs" applet in the control panel is used to install RIS. It is installed as a "Component" and is called "Remote Installation Services".
Requirements/steps for using RIS:
- The RIS server must have at least two volumes. The second volume contains the RIS installation information which is separate from the Windows 2000 Server installation volume.
- The RIS volume must be NTFS.
- The network must use DNS, DHCP, and Active Directory to use this service.
- The RIS server must be authorized in Active Directory using the DHCP administrative tool. It is easier if the RIS server is the DHCP server and is already authorized.
- The RIS server must have the same service pack of the Windows 2000 professional image that you intend to create. If it does not, there will be a failure in creating the image. This means that if the server is running SP2 and you want to create a Windows 2000 professional image with SP3, it will fail to create the image. (Note: there is information on Microsoft's site indicating that you can update the image to SP3, but I could not get that to work.)
RIS Server Setup
- On the server install the Remote Installation Service by opening the Control Panel, select "Add/Remove Programs", click on the "Add/Remove Windows Components" button on the lower left, then select the Remote Installation Service box. After the install, reboot the server.
- The RIS server must be setup using the command line utility called "risetup". Open a command line window by selecting "Start", "Programs", "Accesssories", and "Command Prompt", then type "risetup". This can also be accessed from the Control Panel by opening the "Add/Remove Programs" applet and selecting "Add/Remove Windows Components". A box allowing Remote Installation Services configuration will appear. The configuration wizard will allow selection of the Remote installation folder (must not be on the system partition, must be NTFS partition, and must be shared which will be automatically created and shared). It will also request the path to the Windows 2000 Professional installation files which may be your Windows 2000 Professional installation CD.
Authorizing the RIS Server for DHCP Services
If the RIS server is not performing DCHP assignments, it must be authorized to do so. This can be done from an authorized DCHP server using the DCHP tool in Administrative Tools.
- Select the main DHCP box, then select the menu item "Action", and select "Manage Authorice Servers".
- Click the "Add" button and enter the computer name or IP address of the RIS server.
The list below is how I recommend the client be created for best results.
- Install the client operating system on a 2.1 gig NTFS partition. This should be the minimum size required for your OS unless you have additional or special software.
- Install all appropriate drivers (video, audio, etc.) for your main type of computer hardware depending on the make and model of your computers that you plan to do most client installations on.
- Install SP2 if yous CD did not have it, then install SP3.
- Install the latest version of Internet Explorer (current as of this writing is IE6.1).
- Install or remove any additional components of Windows that you may want or not want your client computers to have.
- Install security updates from the Microsoft windows update website at Microsoft's Windows Update.
- Setup automatic updates on your system according to your IT department update policy. A choice of automatic updates at a specific time, downloading the updates and notifing the user when they are ready to be installed, or Notification before downloading updates is given. I recommend installing the updates at a secific time according to your IT department security policy. This is because most users won't understand or care about updates and unless you have a lot of staff or some third party software to do this job for you, your network will not be secure.
- Install any additional programs which are used widely throughout your organization such as Office 2000, and antivirus software. Install the latest updates to these programs.
- Set your system settings the way you would like them as a standard through your organization such as file view settings by selecting "Tools" and "folder Options" from "My computer". For security reasons, I recommend that file extensions for known file types are not hidden (It is the Windows default to hide them). This setting can hide a file of the type "myvirus.txt.exe" making it appear harmless as "myvirus.txt".
- Shrink your partition to a minimum size on the client computer before making the image. Use Partition Magic if you have it available, otherwise you should have created a 2.1 G partition as outlined in the first step.
CD Image Creation
To create a CD, you can use the sysprep utility with third party software to create the CD image, or use the RIPrep utility. With RIPrep, the target computer hardware does not need to match the master computer hardware.
- Log on to the previously created client computer as a domain administrator.
- Copy the Setup Manager and sysprep utility to a client accessible computer drive. On the Windows 2000 Server or Professional installation CD, unzip the contents of the \SUPPORT\TOOLS\DEPLOY.CAB file and copy them to your computer into a directory that you create such as "c:\deploy".
- Use the Setup Manager (setupmgr.exe) to create a sysprep install answer file. Create a sysprep folder during this process.
- Copy the sysprep.exe file to the sysprep folder.
- From the sysprep folder, run the sysprep.exe utility. When starting sysprep, run it from the command line, typing "sysprep - pnp" which will allow it to detect any plug and play devices on the computer the image will be deployed to. If all hardware is the same, the pnp option is not necessary.
- After sysprep runs, the computer shuts down.
- Use third party software to duplicate the hard drive of the system you ran the sysprep utility on. Than can be Norton Ghost.
- Reboot the computer from which the master hard drive image was made. Login as a domain administrator. The Mini-Setup utility will run and remove the sysprep folder.
- Log on to the previously created client computer as a domain administrator.
- Select the "Start" button, and select "Run", then type "\\RIS_server\Remote_inst_dir\Admin\i386\riprep.exe".
- In the Remote Installation preparation wizard select the RIS server the image will be placed on, and create a name for the folder the image will be stored in. Enter description information and click next.
- If any services must be stopped, then open the services tool in Administrative Tools and stop those services, then click next in the Remote Installation preparation wizard. Click Next.
- RIPrep will shut down the client computer the copy is made from when it is done. When the client computer, which the CD image was made from, is started again, a Mini-Setup Wizard must be run to return the computer to an operational condition.
If the security settings for the remote installation server will only allow a response to known clients, the RIS client must be prestaged using Active Directory Users and Computers. Right click the OU in the domain you want to create the computer in. Select "New", and "Computer". Enter a name for the new computer, and click "Next". In the next dialog box, select the "This is a managed computer" check box and enter the computer's Globally Unique Identifier (GUID). The GUID should be available in the computer system BIOS or on the case. A computer that does not have a GUID cannot be prestaged and can only be remotely installed if the remote installation server will respond to unknown clients. After the computer is created, right click the new computer object, and select "Porperties". Select the "Security" tab, and add users, or groups that are to be allowed to perform a network installation on this computer.
Creating Answer files from a client install
The answer files are created using the Setup Manager. On the Windows 2000 Server or Professional installation CD, unzip the contents of the \SUPPORT\TOOLS\DEPLOY.CAB file and copy them to your computer into a directory that you create such as "c:\deploy".
- Double click on setupmgr.exe.
- Select "Create an answer file that duplicates this computer's configuration". The other two choices are "Create a new answer file", and "Modify an existing answer file".
- On the next screen the installation product is selected. Choices are:
Select "Windows 2000 Unattended Installation". Click "Next".
- Windows 2000 Unattended Installation
- Sysprep Install
- Remote Installation Services
- Select the platform the answer file will install to. Choices are Windows 2000 Professional, and Windows 2000 Server. Select Windows 2000 Professional to be able to perform client installations.
- Select the user interaction level. Choices are:
Select "Fully Automated", and click "Next".
- Provide Defaults - The user can review the answers supplied in the answer file when the installation is done.
- Fully automated - All the answers are automatically provided by the answer and the user does not see them.
- Hide pages - Only setup screens that are not answered are supplied to the user.
- Read only - Setup screens are shown to the user, but they can not make any changes.
- GUI attended - Text answers are automated, but GUI screens are not.
- Accept the license agreement and click "Next".
- Supply the Name and organization and then click "Next".
- Enter the names of destination computers that Windows 2000 will be installed on, then click "Next".
- Supply the administrator password to be used for local administrator rights and click "Next". You could click the checkbox that says "When the computer starts, automatically logon as administrator", but I would not usually do this unless an administrator will be there at the conclusion of the install.
- Select the screen size, refresh frequency, and colors the client computer is to use, and click "Next".
- Select either Typical or Custom network settings, and click "Next".
- Select the domain or workgroup the computer will be a member of. Check the "Create a computer account in the domain checkbox, and add an administrator name and password that has the authority to create the account, then click "Next".
- Select Time zone, and click "Next".
- The Wizard allows you to edit the settings at this point. These include Telephony settings, regional settings, additional language support, browser and shell settings, the system folder for the Operating system which is normally c:\WINNT, printers to be installed, And commands to run once.
- Normally you will probably want to create a distribution folder for device drivers or other customizations.
- Additional mass storage drivers. Click "Next" here.
- This screen allows you to specify a different HAL other than the default hardware abstraction layer (HAL). Normally, click "Next" here.
- Additional commands to run.
- OEM Branding - You can choose a Gif logo file and a background bitmap to be displayed during Windows Setup.
- This screen allows you to locations to copy additional files or folders to.
- This screen allows you to choose the location to place the answer file which is c:\win2000dist\unattend.txt by default..
- Specify the location of the Windows setup files, and click "Next".
- At this point the setup files are copied. You can copy them from the Windows 2000 Professional installation CD or choose another location.
Associating RIS Answer file to the Image
This is required for unattended network installation.
RIS answer files are in \\RIS_server\REMINST\Setup\language\Images\image_name\i386\templates and have .sif extensions. These files are called "setup information files".
Answer files are associated (or created) with the CD image from Active Directory Users and Computers by right clicking on the RIS server and selecting "properties". Select the "Remote install" tab and click on the "Advanced Settings" button. In the next dialog box, select the "Images" tab and click on the "Add" button. At this point you can either "Associate a new answer file to an existing image", or "Add a new installation image".
Creating a RIS client boot disk
- On the server, open the \RIS_server\REMINST\admin\i386\ folder. Double click the program "rbfg.exe" to run it.
- Put a blank floppy in the A drive of the Server, and click "Create Disk".
- Assign appropriate users the authority to "Create Computer Objects" in Active Directory using the administrative tool "Active Directory Users and Computers".
- Configure RIS options using the administrative tool "Active Directory Users and Computers", right click the RIS server and select properties. Server properties tabs:
- Operating System
- Member Of
- Managed By
- Remote Install - Options:
- Respond to client computers requesting service. - This or the next option is chosen. This is of one of the main configuration choices with RIS.
- Do not respond to unknown clients - For setting up installation for prestaged computers only.
- Verify Server - Used to correct problems on the RIS server.
- Show Clients - Lists clients that have used RIS for an install.
- Advanced Settings - Displays a dialog box with these tabs:
- New Clients - Set how computer names are generated, whether from user names and where the client account will be.
- Images - Shows the Windows 2000 professional images available to be used for an install
- Object - Shows the fully qualified domain name of the Remote installation service.
- Security - Can set up for use exclusively by computers that are prestaged for RIS.
- Configure the client with one of:
- Boot the client using a network card on the client with a preboot execution environment (PXE) .99c or later ROM.
- Create a RIS client boot disk using the program in RIS_install_volume:\RemoteInstall\Admin\i386\rbfg.exe. This program is called the Windows 2000 Remote Boot Disk Generator.
The user account that is doing the install must be able to logon as a batch job user. The user must be able to create computer accounts in Active Directory in the domain to be joined, or the computer account must have been previously created by an administrator.
If the "UNDI initialize failed" error occurs, it means that no network card was detected by the setup program at installation while attempting RIS.
RIS Additional Services
Additional services installed on servers when RIS is installed on servers:
- BINL - Boot Information Negociation Layer is used to be sure the installation using RIS is being done on the correct computer.
- SIS - Single Instance Store is used to reduce storage space for installation images on the server by using links to files that are the same in various images.
- TFTPD - Trivial File Transfer Protocol Daemon is used to send files to the client when they are requested. There is no logon with TFTP services.
RIS Security and Prestaging RIS Clients
An Active Directory computer object is created and the users of the new computer are assigned appropriate Active Directory permissions. Group Policy can also be used for security to restrict RIS installation options and choices. The "Active Directory Users and Computers" tool is used to set this policy.
To set up prestaging so specific clients wil get the correct RIS images do the following:
- Get the GUID from the computer which is in the computer system BIOS or on a label on the computer case. This is a 32 character number.
- Create a client account on the server and provide the computer GUID during client account creation.
- CD image - A CD image is made and an RIS answer file is associated with the image.
- Remote Installation Preparation (RIPrep) wizard images - A copy of a master computer hard drive, which is prepared for installation. Mass storage controllers and disk sizes don't need to be the same on both the master and duplicate computer. The RIPREP utility is in \\RIS_server\Reminst\Admin\i386\riprep.exe. Some services cannot be run while this utility is run. The wizard will notify you of any unallowed services that are running.
- Windows 2000 Professional images
The RIPrep tool is used to make RIS images containing both an operating system and applications.