|1| Chapter 15, Deploying Windows 2000 Using
RIS
|2| Chapter 15, Lesson 1
RIS Overview
|3| 1. Remote
OS Installation Overview
A. Uses some of the existing services that
may already be deployed and adds some services that may not be familiar
B. Requires Active Directory, an updated DHCP
server, and a compliant version of DNS
|4| 2. Remote
Install Server Components
|5| A. Boot Information Negotiation Layer (BINL)
service
1. Added during the RIS installation process
and provides overall management of the RIS environment
2. Responsible for answering client computer
network service requests, querying Active Directory on behalf of the client
computer, and ensuring that the correct policy and configuration settings are
applied to the client computer during the OS installation
3. Ensures that the client is passed the
correct files
4. Makes sure that the correct RIS server
services a prestaged client
5. Creates the client computer account
object within Active Directory if the client computer has not been prestaged
|6| B. Trivial File Transfer Protocol Daemon
(TFTPD) service
1. Server-side TFTP service
2. Responsible for hosting specific file
download requests made by the client computer
3. Used to download the Client Installation
Wizard (CIW) and all client dialog boxes contained within the CIW for a given
session
|7| C. Single Instance Store (SIS) service
1. Responsible for reducing disk space
requirements on the volumes used for storing RIS installation images
2. When RIS is installed as an optional
component, the administrator is prompted for a drive and directory where to
install RIS.
3. Attaches itself to the RIS volume and
looks for any duplicate files that are placed on that volume
4. Creates a link to any duplicates found,
thus reducing the disk space required
3. Remote Install Client Components
|8| A. Types of remote boot-enabled client
computers
1. Computers with Pre-Boot eXecution
Environment (PXE) DHCP-based remote boot ROMS
2. Computers with network cards supported by
the RIS boot disk
|9| B. PXE remote boot technology
1. Overview
a. Remote OS Installation uses the PXE remote
boot technology to initiate the installation of an OS from a remote source to a
client hard disk.
b. The remote source, a server that supports
RIS, provides the network equivalent of a CD-based installation of Windows 2000
Professional or a preconfigured Remote Installation Preparation (RIPrep)
desktop image.
c. Windows 2000 Professional is currently
the only installation option supported by RIS.
d. Once images have been posted on the RIS
server(s), end users equipped with PXE-based remote boot–enabled client
computers can request to install those images from any available RIS server on
the network.
e.
Users can
install the OS without administrator assistance, which saves the administrator
both the time and expense normally associated with OS installations.
|10| 2. CD-based installation
a. Similar to setting up a workstation
directly from the Windows 2000 Professional CD-ROM
b. Differs from CD-ROM setup insofar as the source
files reside across the network on available RIS servers
|11| 3. RIPrep image format
a. Allows a network administrator to clone a
standard corporate desktop configuration
b. After installing and configuring Windows
2000 Professional, its services, and any standard applications on the computer,
the administrator runs a wizard that prepares the installation image and
replicates it to an available RIS server for installation on other clients.
C. How the PXE remote boot technology works
|12| 1. Overview
a. PXE is a new form of remote boot
technology.
b. PXE provides companies with the ability to
use their existing TCP/IP network infrastructure with DHCP to discover RIS
servers on the network.
c. Net PC/PC98–compliant systems can take
advantage of the remote boot technology included in the Windows 2000 OS.
(1) Net PC/PC98 refers to the annual guide for
hardware developers coauthored by Microsoft with Intel, including contributions
from Compaq and other industry hardware manufactures.
(5)
PC98 is intended
to provide standards for hardware development that advance the PC platform and
enable Microsoft to include advanced features, like RIS, in the Windows
platform.
|13| 2. Boot process
a. When a PXE-enabled client computer is
turned on, the PXE-based ROM requests an IP address from a DHCP server using
the normal DHCP discovery process.
b. As part of the initial DHCP discover
request, the client computer identifies itself as being PXE-enabled, which
indicates to the RIS servers on the network that it is available for service.
c. Any available RIS server on the network
can respond by providing the client with its IP address and the name of a boot
file the client should request if that client wants service from that server.
d. When the client computer responds to the
server, the DHCP service sends a message that grants service.
e. The client must also request service from
the BINL service, which then passes the bootstrap file to the client and
ensures that the correct RIS server services prestaged clients.
f. After the network bootstrap program is
sent to the client by the BINL service, the client-side experience will be
different depending on the remote installation server vendor responding to the
client request for service.
|14| D. The RIS boot disk
1. Provided by Windows 2000 for computers
that do not contain a PXE-based remote boot ROM so that a remote boot disk can
be created for use with RIS
2. Used with a variety of PCI-based NICs
3. Eliminates the need to retrofit existing
client computers with new NICs to take advantage of the Remote OS Installation
feature
4. Simulates the PXE remote boot sequence
and supports frequently used NICs
|15| 4. How
the Remote OS Installation Process Works
|16| A. Overview
1. The process is the same for both the PXE
remote boot ROM and the RIS boot disk boot processes.
2. The process of contacting an RIS server
and selecting an OS image is accomplished in a few steps.
3. The process is simple from an end user
perspective.
4. An administrator can guide the user
through a successful OS installation by predetermining the installation options
available to the end user.
5. An administrator can also restrict the OS
image(s) available to a user, thus ensuring that the correct OS installation
type is offered to the user for a successful installation.
|17| B. The remote OS installation process
1. Network service request
a. An RIS client connected to the network
starts and, during the power up, initiates a network service request.
b. As part of the network service request, a DHPC
discover packet is sent to the network requesting an IP address from the
closest DHCP server and an IP address of an available RIS server.
(1) As part of the request, the client sends
its GUID.
(2) The GUID is present in client computers
that are PC98- or NET PC–compliant and is found in the BIOS of the computer.
c. The DHCP server responds to the request
by providing an IP address to the client.
d. Any available RIS server can respond with
its IP address and the name of the boot file the client should request if the
client selects that RIS server for service; the user is prompted to press the
F12 key to initiate service from that RIS server.
2. BINL service
a. The RIS server using the BINL service must
check in Active Directory for the existence of a prestaged client computer
account that matches this client computer.
b. BINL checks for the existence of a client
computer by querying Active Directory for a client computer that matches the
GUID sent in step 1.
3. Client Installation Wizard (CIW)
a. After the RIS server checks for the
existence of a client computer account, the CIW is downloaded to the client
computer.
b. CIW prompts the user to log on to the
network.
4. User logon
a. After the user logs on, the RIS server
checks Active Directory for a corresponding user account, verifying the
password.
b. RIS then checks the RIS-specific group
policy settings to find out which installation options are available to the
user.
c. RIS also checks to see which OS images
the specific user should be offered.
|18| d. The CIW makes those options available to
the client.
5. User options
a. If the user is only allowed a single
installation option and OS choice, the user is not prompted to select anything.
b. If the user has more than one installation
option and OS image available for installation, the list of images is displayed
for selection.
c. The CIW warns the user that the
installation will reformat the user’s hard disk and delete previously stored
information, and then prompts the user to start Remote OS Installation.
6. OS installation begins
a. After the user confirms the installation
settings on the summary screen, the OS installation begins.
b. If a client computer account was not
present in Active Directory, the BINL service creates the client computer
account, thus automatically providing a name for the computer.
e.
The OS is
installed locally as an unattended installation, which means that the end user
is not offered any installation choices during the OS installation phase.
Note Because the CIW is running in a
preboot execution environment, there is no support for extended characters in
either the text displayed or the input fields. Careful consideration should be
taken before creating user or domain names that contain extended characters because
they will be not be usable with RIS.
5. RIS Server and Client Requirements
|19| A. Server hardware requirements
1. Pentium or Pentium II 166 MHz; 200 MHz or
faster processor recommended
2. 64 MB of RAM; 96 to 128 MB if additional
services such as Active Directory, DHCP, and DNS are installed
3. 2 GB minimum hard disk or partition
dedicated to the RIS directory tree; RIS requires a significant amount of disk
space
5.
10 or 100 mbps
NIC; 100 mbps preferred
Note A separate partition from the system’s boot partition is required to
install RIS. RIS cannot be installed on the same drive as the system volume.
The volume you choose to install RIS onto must be formatted with the NTFS.
|20| B. Server software requirements
1. DNS
2. DHCP
3. Active Directory
|21| C. Client hardware requirements
1. Pentium 166 MHz or faster processor Net
PC client computer
2. 32 MB RAM minimum; 64 MB recommended
3. 800 MB hard disk drive
4. Supported PCI Plug and Play NIC
5. Optional: PXE-based remote boot ROM
version .99c or later
6. NICs Supported by RIS Boot Disk
A. 3Com NICs:
1. 3C900 Combo and TP0
2. 3C900B Combo, FL, TPC, and TP0
3. 3C905 T4 and TX
4. 3C905B Combo, TX, and FX
5. 3C905C TX
B. AMD NICs:
1. AMD PCNet
2. AMD Fast PCNet
C. Compaq NICs:
1. Netflex 100 NetIntelligent II
2. Netflex 110 NetIntelligent III
3. Netflex 3
D. Digital Equipment Corp. (DEC) NICs:
1. DE 450
2. DE 500
E. Hewlett-Packard NICs:
1. HP Deskdirect 10/100 TX
F. Intel Corporation NICs:
1. Intel Pro 10+
2. Intel Pro 100+
3. Intel Pro 100B, including the E100 series
G. SMC NICs:
1. SMC 8432
2. SMC 9332
5.
SMC 9432
Note The RIS boot disk generator only supports PCI-based NICs. ISA, EISA, and
token ring cards are not supported.
|22| Chapter 15, Lesson 2
Implementing RIS
|23| 1. Overview
A. Set up RIS
B. Configure RIS
C. Create an RIPrep image
D. Create an RIS boot disk (optional)
E. Verify the RIS configuration
2. Setting Up RIS
A. To add a RIS component
1. Access the Windows Components Wizard in
one of the following ways:
a. During Windows 2000 Server installation
b. Click Start, point to Settings, point to
Control Panel, open Add/Remove Programs, and then click Add/Remove Windows
Components
|24| 2. In the Windows Components Wizard dialog
box, select the Remote Installation Services check box, and then click Next
3. Insert the Windows 2000 Server CD-ROM
when prompted
4. On the Completing The Windows Components
Wizard page, click Finish
5. In the System Settings Change message
box, click Yes to restart the server before installing RIS
B. To install RIS
1. Click Start, point to Programs, point to
Administrative Tools, and then click Configure Your Server
2. In the Configure Your Server dialog box,
click Finish Setup
3. In the Add/Remove Programs dialog box, in
the Configure Remote Installation Services box, click Configure to start the
Remote Installation Services Setup Wizard
4. In the Welcome To The Remote Installation
Services Setup Wizard dialog box, click Next
5. Continue through the prompts provided by
the Remote Installation Services Setup Wizard, including:
a. A location on the server where the RIS
folder will be created
b. Whether the RIS server should begin
servicing client computers immediately after completing setup
c. The location of the Windows 2000
Professional CD-ROM or a location on the network that contains the installation
files
d. A location on the server where image
installation files will be copied
e. A friendly description and associated help
text that describes the OS image to users of the CIW
3. Configuring RIS
|25| A. Tasks to configure RIS
1. Authorize RIS servers
2. Set RIS server properties
3. Set RIS client installation options
4. Set RIPrep image permissions
|26| B. Authorizing RIS servers
1. Overview
a. Specifying the RIS servers that are
allowed to run on the network can prevent unauthorized RIS servers, ensuring
that only RIS servers authorized by administrators can service clients.
b. Unauthorized RIS servers will be
automatically shut down.
c. An RIS server must be authorized before
it can service client computers.
2. To authorize RIS servers
a. Click Start, point to Programs, point to
Administrative Tools, and then click DHCP
b. In the DHCP console tree, click the DHCP
node
c. On the Action menu, click Manage
Authorized Servers
d. In the Manage Authorized Servers dialog
box, click Authorize
e. In the Authorize DHCP Server dialog box,
type the name or IP address of the RIS server to be authorized, and then click
OK
f. In the DHCP message box, click Yes
g. In the Manage Authorized Servers dialog
box, select the computer, and then click OK
h. The authorized RIS server is now listed
under the DHCP node.
C. To set RIS server properties
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users And Computers
2. In the console tree, click the folder
that contains the computer configuration to verify, such as Computers or
Domains Controllers
3. In the details pane, right-click the
applicable RIS server and then click Properties
4. In the Properties dialog box for the
server, click the Remote Install tab
|27| 5. In the Remote Install tab on the
Properties dialog box, set the options. See the next section, “Options on the
Remote Install tab of the Properties dialog box.”
6. In the Remote Install tab, click Advanced
Settings
|28| 7. In the Remote Installation Services
Properties dialog box for the server, in the New Clients tab, set the options.
See the upcoming section “Options on the New Clients tab of the Remote Installation
Services dialog box.”
|29| 8. In the Remote Installation Services
Properties dialog box for the server, in the Images tab, view the images
installed on the RIS server. Click Add and follow the directions in the wizard
to install additional images on the RIS server.
|30| 9. In the Remote Installation Services
Properties dialog box for the server, in the Tools tab, view the maintenance
and troubleshooting tools installed on the RIS server
10. In the Remote Installation Services
Properties dialog box, click OK
5.
In the
Properties dialog box for the server, click OK
Note Administrators wishing to remotely manage their servers from Windows
2000 Professional workstations can access the administrative tools by
installing the Windows 2000 Administration Tools package located on the Windows
2000 Server CD-ROM. When using the Administration Tools on a system other than
the RIS server, the administrator cannot add additional OS images or verify the
integrity of the RIS server. All other configuration options are available.
D. Options on the Remote Install tab of the
Properties dialog box
1. Respond To Client Computers Requesting
Service: The RIS server responds to all clients requesting service
2. Do Not Respond To Unknown Client
Computers: The RIS server does not respond to unknown client computers; only
available if the Responding To Client Computers Requesting Service check box is
checked
E. Options on the New Clients tab of the
Remote Installation Services dialog box
1. Generate Client Computer Names Using
a. When the client computer name is
automatically generated, this option determines how the name is formatted.
b. Provides flexibility in naming new client
computers during OS installation without the need for end user or administrator
involvement
2. Customize
a. Accesses the Computer Account Generation
dialog box on which a custom naming format can be created for the client
computer
3. Client Account Location
a. The directory service location for the
client computer account:
(1) Default Directory Service Location:
Specifies that the computer account object for the client computer be created
in the Active Directory location where all computer accounts are created by
default during the domain join operation
(2) Same Location As That Of The User Setting
Up The Client Computer: Specifies that the client computer account object be
created within the same Active Directory container as the user setting up the
machine
(3) Use The Following Directory Service
Location: Allows the administrator to set a specific Active Directory container
in which all client computer account objects installing from this server are
created; assumed that most administrators will select this option and specify a
specific container for all remote installation client computer account objects
to be created in
F. Setting RIS client installation options
|31| 1. Overview
a. Enables an administrator to control the
options presented to different groups of users during the CIW
b. Four client installation options can
appear on the CIW: Automatic Setup, Custom Setup, Restart A Previous Setup
Attempt, and Maintenance And Troubleshooting.
2. Automatic Setup
a. Client installation option that all users
of the Remote OS Installation feature have access to by default
b. Enables administrators to restrict the OS
installation options so the OS installation starts automatically when users log
on
c. Does not prompt users during the OS
install, which avoids calls to help desk professionals for assistance and saves
the organization additional expenses in support costs
d. Enables administrators to restrict
installation options yet still allow users to choose the OS for installation
e. Provides a friendly description and
associated help text that describes the OS options so that an end user can
choose the most appropriate OS
f. Enables administrators to predefine the
automatic machine naming format and the location within Active Directory where
client computer accounts will be created
3. Custom Setup
a. Very similar to the Automatic Setup option,
yet enables the administrator to set up a computer for another person within
the organization
b. Can be used to fully preinstall a client
computer or to prestage the client computer by creating a corresponding
computer account within the Active Directory service
c. Enables administrators to override the
automatic computer naming and location where the computer account is created
within Active Directory
(1) By default, the RIS server will generate a
computer name based on a format defined by the Remote OS Installation
administrator.
d. Enables administrators to define where
client computer account objects (CAOs) will be created in the Active Directory
service during the installation
(1) By default, the automatic computer naming
policy is set to create computer names based on the person who logs on to the
CIW.
|32| 4. Restart A Previous Setup Attempt
a. Provided in the event that the
installation of the OS fails for any reason
b. Enables administrators to customize the
CIW to ask a series of questions about the specific OS being installed
(1) When restarting a failed OS setup attempt,
the end user is not asked these questions again.
(2) Instead, Setup restarts the file copy
operation and completes the OS installation.
|33| 5. Maintenance And Troubleshooting
a. Provides access to third-party hardware
and software vendor tools
(1) The tools range from system BIOS flash
updates and memory virus scanners to a wide range of computer diagnostic tools
that check for hardware-related problems.
(2) The tools are available before installing
and starting the OS on the client computer.
b. If the option to display the Maintenance
And Troubleshooting menu is enabled, user access to individual tool images is
controlled in the same way as OS options, by setting specific end user
permissions on the individual answer file (.sif) for that tool.
G. To set client installation options
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users And Computers
2. In the console tree, right-click the
applicable OU, such as Computers or Domain Controllers, click Properties, and
then click the Group Policy tab
3. In the Properties dialog box for the
group policy, click the GPO and then click Edit to start group policy
4. In the Group Policy console tree, click
User Configuration, open Windows Settings and then click Remote Installation
Services
|34| 5. Double-click the Choice Options object.
In the Choice Options Properties dialog box, the following installation options
affect how the CIW appears to users:
a. Automatic Setup
b. Custom Setup
c. Restart Setup
d. Tools
6. Click one of the following group policy
options for each installation option:
a. Allow: Use to offer the installation
option to users to which this policy applies
b. Don’t Care: Use to accept the policy
settings of the parent container; default setting
c. Deny: Use to deny the users that are
affected by this policy access to the installation option
7. In the Choice Options Properties dialog
box, click OK
8. Close the Group Policy snap-in, and then,
in the Properties dialog box for the group policy, click OK
|35| H. Changes to RIS policy
1. Take effect only when the policy is
propagated to the computer
2. One of the following is done to initiate
policy propagation:
a. Type secedit
/refreshpolicy user_policy at the command prompt and then press Enter.
b. Restart the computer.
c. Wait for automatic policy propagation,
which occurs at regular, configurable intervals; by default, propagation occurs
every eight hours.
|36| I. Setting RIPrep image permissions
1. Overview
a. Enables administrators to guide users
through the selection of the unattended OS installation appropriate for their
role within the company
b. When an OS image is added to an RIS server,
the image will be available to all users serviced by that RIS server.
2. To set RIPrep image permissions
a. Click Start, point to Programs, point to
Accessories, and then click Windows Explorer
b. In the
\RemoteInstall\Setup\applicable_language\Images\applicable_
image_name\i386\templates folder, right-click the appropriate .sif file and
then click Properties
c. In the Properties dialog box for the
file, click the Security tab
f.
Set the
appropriate permissions to allow users access to images and click OK
Note To reduce the work involved in maintaining the security applied to
images, where possible, set the security on the Templates folder of the image
rather than the individual .sif files. Grant or restrict access to groups
rather than individual users.
4. Creating an RIPrep Image
|37| A. Overview
1. Many organizations use disk imaging or
cloning software to build and maintain standard desktops.
2. Disk imaging software enables
administrators to configure a client computer exactly how they want it and then
make a copy of that image for installation on client computers on the network.
3. Remote OS Installation supports the
creation and installation of standard desktop images using RIPrep images.
4. Before an RIPrep image can be created,
the following tasks must be completed:
a. Create the source computer
b. Configure the workstation
|38| B. Creating the source computer
1. The Remote OS Installation feature is
used to remotely install the base Windows 2000 Professional OS.
2. Once the OS is installed, applications or
application suites, including in-house line of business (LOB) applications, are
installed.
3. The workstation is configured to adhere
to company policies.
|39| C. Configuring the workstation
1. Understanding the relationship of user profiles,
the changes made to an RIPrep source computer, and the desired result for users
who log on to computers installed using the RIPrep image is important when
creating RIPrep images.
2. Applications that carry the “Certified
for Windows” logo properly separate user- and computer-specific configuration
settings and data, and can therefore be installed computer-wide so that they
are available to all users of the system.
3. Certified applications are also available
to all users of systems later installed with the resulting RIPrep image.
4. Non-Windows 2000–compliant applications
may perform and/or rely on per-user configurations that are specific to the
profile of the user actually installing the application prior to running
RIPrep, rather than to all users of the system.
|40| 5. Applications that remain specific to that
user may result in the application or configuration setting not being available
or not functioning properly for users of computers installed with the RIPrep
image.
6. Some nonapplication configuration
changes, such as the wallpaper specified for the user desktop, are by default
applied only to the current user’s profile and will not be applied to users of
systems installed with the RIPrep image.
7. Any applications or configuration settings
desired for use must be thoroughly tested.
8. Some configuration settings can be copied
directly from the profile where they were applied.
D. To create an RIPrep image
1. On the client workstation, click Start,
click Run, type the UNC path of the RIPrep utility in the Open box, and click
OK
2. In the Welcome To The Remote Installation
Preparation Wizard dialog box, click Next
3. Continue through the prompts provided by
the Remote Installation Preparation Wizard, including the following:
a. Server Name: Name of the server to which
this installation image will be copied; by default, this is the server that is
running the Remote Installation Preparation Wizard
b. Folder Name: Name of the folder on the RIS
server to which this installation image will be copied
c. Friendly Description And Help Text:
Friendly description and associated help text that describes the OS image to
users of the CIW
4. Stop all programs or services on the
source computer before proceeding; close any running applications and then
click Next
5. Review the settings summary and then
click Next
6. Review the information from Completing
The Remote Installation Preparation Wizard and then click Next to replicate the
source computer installation image onto the RIS server
Note If the source computer contains a 1 GB disk drive and the destination
computer contains a 2 GB disk drive, by default, RIS will format the
destination computer’s drive as a 2 GB partition in the same file system format
as the source computer used to create the image.
7. After the initial image questions have
been answered, the wizard configures the workstation to a generic state,
removing anything unique to the client installation, such as the computer’s
unique SID, computer name, and any registry settings unique to that system.
8. Once the preparation phase is complete,
the image is automatically replicated to the RIS server provided.
9. The image is then added to the list of
available OS installation choices displayed within the CIW.
10. Any remote boot-enabled or compatible
client computers that use the PXE-based remote boot technology can install the
image.
11. The source computer shuts down when the
image replication process is complete.
12. The abbreviated Setup program automatically
runs when you restart the source computer.
13. Complete the setup process to use this
client computer to create another installation image
|41| E. RIPrep
requirements
1. The destination computer is not required
to contain hardware identical to that of the source computer that was used to
create the image.
a. RIPrep uses the PnP support in the
computer running Windows 2000 Professional to detect differences between the
source and the destination computers’ hardware during image installation.
b. HAL drivers must be the same between the
source computer and all destination computers that later install the image.
c. Workstations do not generally require the
unique HAL drivers that servers require.
2. The destination computer’s disk capacity
must be equal to or larger than that of the source computer.
3. All copies of Microsoft software made or
installed using RIS must be properly licensed.
4. All copies of other software made or
installed using RIS must be properly licensed, and the licensee is obligated to
ensure that the software is licensed before making any such copies.
|42| F. RIPrep limitations
1. RIPrep currently supports replicating a
single disk–single partition (C partition only) Windows 2000 Professional
installation to an available RIS server.
2. The OS and all applications that make up
the standard installation must reside on the C partition prior to running the
Remote Installation Preparation Wizard.
3. The Remote Installation Preparation
Wizard currently allows source image replication only to available RIS servers;
source replication to alternate drives or media types is not supported.
4. Replication of encrypted files is not
supported.
5. Changes made in the source computer’s
registry before running the Remote Installation Preparation Wizard are not maintained
in the installation image.
6. Modifications to replicated installation
images are not supported.
|43| G. Installation image sources
1. The Remote Installation Preparation
Wizard is used to create an installation image of a client computer that was
originally installed using a retail version of Windows 2000 Professional.
2. RIPREP.SIF, the RIS unattended setup
answer file, must be modified to include the product identification number
(PID).
e.
The PID is a
unique identification number specific to each copy of Windows 2000 Professional
used to identify the OS installation and track the number of copies installed
throughout an organization.
Note If the PID is not entered in the RIPREP.SIF file, the installation
process will stop and prompt the user for the PID information during the
installation of that RIPrep image.
|44| H. To include the PID in the RIPREP.SIF file
1. Open the RIPREP.SIF file located at
\RemoteInstall\Setup\applicable_
language\Images\applicable_image_name\I386\Templates\RIPREP.SIF
2. Type ProductID
= “xxxxx-xxx-xxxxxxx-xxxxx” into the [UserData] section of the RIPREP.SIF
file, including the dashes and quotation marks, where x is the PID of the
retail version of Windows 2000 Professional
5.
The PID for each
client installation is randomly generated using the PID entered in the
RIPREP.SIF file.
Note When the source computer OS is installed from the Select or OEM version
of the Windows 2000 Professional CD-ROM, the PID does not need to be modified
in RIPREP.SIF.
|45| 5. Create
an RIS Boot Disk
A. Overview
1. A boot disk must be created to support
existing client computers that do not have a PXE-based remote boot–enabled ROM
but that do have a supported network adapter.
2. The RIS boot disk works like the PXE boot
process: Turn on the computer, boot from the RIS boot disk, press F12 to
initiate a network service boot, and the CIW is downloaded and starts.
3. The rest of the RIS process is identical
regardless of whether the client was booted using a PXE boot ROM or the RIS
remote boot disk.
B. To create an RIS boot disk
1. Click Start, click Run, type the UNC path
of the RBFG utility in the Open box, and then click OK
2. Insert a formatted disk into the disk
drive
|46| 3. In the Windows 2000 Remote Boot Disk
Generator dialog box, click the appropriate destination drive option and then
click Create Disk
6.
Click Close when
the disk is ready and then remove the disk from the drive
Note Use the boot disk only with computers that contain supported PCI-based
network adapters. To view the list of supported network adapters, click Adapter
List in the Windows 2000 Remote Boot Disk Generator dialog box.
|47| 6. Verifying
an RIS Configuration
A. Overview
1. RIS provides the ability to check the
integrity of the RIS-enabled server.
2. The RIS configuration can be verified if
the server is suspected of failing, if inconsistent behavior is present, or if
an RIS volume needs to be restored from backup.
3. The Check Server Wizard checks whether
all of the settings, services, and configuration options are correctly set and
functioning.
B. To verify an RIS configuration
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users and Computers
2. In the console tree, click the folder
that contains the computer configuration to be verified, such as Computers or
Domain Controllers
3. In the details pane, right-click the
applicable RIS server and then click Properties
4. In the Properties dialog box for the
server, in the Remote Install tab, click Verify Server to start the Check
Server Wizard
5. On the Welcome To The Check Server Wizard
page, click Next
6. Read the summary on the Remote
Installation Services Verification Complete page and then click Finish
Note If the server configuration is being verified because an RIS volume
needs to be restored from backup, the server configuration must be verified
before the volume can be restored.
|48| Chapter 15, Lesson 3
Administering RIS
1. Managing RIS Client Installation Images
A. To add a new client OS installation image
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users And Computers
2. In the console tree, right-click the
applicable RIS server and then click Properties
3. In the Properties dialog box for the
server, click the Remote Install tab and then click Advanced Settings
4. In the Remote Installation Services
Properties dialog box, click the Images tab
5. Click Add to start the Add Wizard
6. On the New Answer File Or Installation
Image page, click Add A New Installation Image and then click Next to start the
Add Installation Image Wizard
7. On the Welcome To The Add Installation
Image Wizard page, click Next
8. On the Installation Source Files Location
page, type the location of the Windows 2000 Professional installation image,
and then click Next. The location can either be a CD-ROM or a network share.
9. On the Windows Installation Image Folder
Name page, type a name for the Windows installation image and then click Next
10. On the Friendly Description And Help Text
page, enter the friendly description and help text for the installation image
and then click Next
11. If a previous set of CIW screens exists,
the Previous Client Installation Screens Found page appears. Select the CIW
screen to use for this image and then click Next
12. On the Review Settings page, review the
installation summary and then click Finish
13. The Remote Installation Setup Wizard
completes the addition of the new client installation image.
B. To associate unattended setup answer files
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users And Computers
2. In the console tree, right-click the
applicable RIS server and then click Properties
3. In the Properties dialog box for the
server, click the Remote Install tab and then click Advanced Settings
4. In the Remote Installation Services
Properties dialog box, click the Images tab
5. Click Add to start the Add Wizard
6. On the New Answer File Or Installation
Image page, click Associate A New Answer File To An Existing Image and then
click Next
7. On the Unattended Setup Answer File
Source page, click the source that contains the unattended setup file to copy:
a. Windows Image Sample Files
b. Another Remote Installation Server
c. An Alternate Location
8. Click Next
9. On the Select An Installation Image page,
select the installation image the answer file will be associated with and then
click Next
10. On the Select A Sample Answer File page,
select a sample unattended setup answer file and then click Next
11. On the Friendly Description And Help Text
page, enter the friendly description and help text for the installation image
and then click Next
12. On the Review Settings page, review the
settings summary and then click Finish
|49| 2. Managing
RIS Client Computers
|50| A. Prestaging RIS client computers
1. The process of creating a valid client
CAO within Active Directory
2. After the RIS client computers are
prestaged, the RIS servers can be configured to respond only to prestaged
client computers.
a. Ensures that only those client computers
that have been prestaged as authorized users are allowed to install an OS from
the RIS server
3. Prestaging can save time and money by
reducing or eliminating the need to fully preinstall the computer.
4. Prestaging enables administrators to
define a specific computer name and optionally specify the RIS server to
service the computer.
a. This information is used to identify and
route the client computers during the network service boot request.
5. The appropriate access permissions must
be set for users of the prestaged client computer.
Note When prestaging a client computer into a domain with multiple domain
controllers, the replication delay of the client CAO information can cause a
client computer to be serviced by another RIS server.
B. To prestage a client computer
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users And Computers
2. In the console tree, right-click the
applicable OU that will contain the new client computer, click New, and then
click Computer
|51| 3. In the New Object-Computer dialog box,
type the client computer name, authorize domain join permissions for the user
or security group containing the user who will receive the physical computer
this computer account represents, and then click Next
|52| 4. In the Managed dialog box, click This Is
A Managed Computer, type the client computer GUID into the text entry field,
and then click Next
|53| 5. In the Host Server dialog box, click one
of the following options to determine which server will support this client
computer:
a. Any Available Remote Installation Server:
Indicates any RIS server can service this client computer
b. The Following Remote Installation Server:
Allows a specific server to be designated
6. Use the options in the Host Server dialog
box to manually set clients across the available RIS servers within the
organization and to segment the network traffic, if you know the physical
location of the specific RIS server and where this computer will be delivered
7. Click Next
8. Review the settings on the New
Object-Computer dialog box and then click Finish
|54| C. Finding RIS client computers
1. Active Directory can be searched for RIS
client computer accounts by using their computer name or GUID.
2. The Show Clients feature searches for all
client computers that are prestaged for this RIS server.
3. The search process can include the entire
Active Directory structure or can be limited to a specific domain.
4. The search process returns a list of the
client computers and displays them by their computer name and GUID.
D. Locating the GUID for client computers
|55| 1. Overview
a. The manufacturer supplies the computer’s
GUID.
b. The GUID must be in the form {dddddddd-dddd-dddd-dddd-dddddddddddd},
where d is a hexadecimal text digit.
c. Valid entries for the client GUID are
restricted to the following: 0 1 2 3 4 5 6 7 8 9 a b c d e f – A B C D E F.
d. Dashes are optional and spaces are
ignored; brackets {} must be included.
|56| 2. The computer’s GUID appears in the
following areas:
a. The label on the side of the computer case
b. The label within the computer case
c. The BIOS of the client computer
E. To find RIS client computers
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users And Computers
2. In the console tree, right-click the
applicable RIS server and then click Properties
3. In the Properties dialog box for the server,
click the Remote Install tab
4. In the Remote Install dialog box, click
Show Clients
|57| 5. In the Find Remote Installation Clients
dialog box, in the GUID box, enter the client computer’s GUID and then click
Find Now
Note Limit the client computer search to a specific RIS server by entering
the server name in the RI server box.
6. The RIS client computers appear in the
name and GUID columns in the lower portion of the Find Remote Installation
Clients dialog box.
7. Close the Find Remote Installation
Clients dialog box
8. Close the Properties dialog box for the
server
|58| 3. Managing
RIS Security
A. Setting permissions for creating computer
accounts
1. Users need to have permissions and rights
assigned to them.
2. Which users will be creating new client
computer accounts must be determined, and the users’ rights and privileges must
be modified accordingly.
B. To set permissions for creating prestaged
computer accounts
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users And Computers
2. On the View menu, enable Users, Groups
And Computers As Containers and Advanced Features
3. In the console tree, right-click the
applicable client computer account and then click Properties
4. In the Properties dialog box, click the
Security tab and then click Add
5. In the Select Users, Computers, Or Groups
dialog box, select the user or group from the list, click Add, and then click
OK
6. In the Properties dialog box, click the
user or group added
7. In the Permissions box, click the Read,
Write, Change Password, and Reset Password permissions and then click OK
8. If a group is allowed to have these
permissions, remember to add users to that group.
9. For client computer accounts that are
prestaged in another Active Directory folder location, expand the Active
Directory Users and Computer console and select the appropriate client computer
account.
C. To set permissions for creating
user-created computer accounts
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users And Computers
2. In the console tree, right-click the
applicable domain and then click Delegate Control to start the Delegation Of
Control Wizard
3. On the Welcome To The Delegation Of Control
wizard page, click Next
4. On the Users Or Groups page, click Add
5. In the Select Users, Computers, Or Groups
dialog box, click the user account or security group containing the users for
which permissions are being set, click Add, and then click OK
6. On the Users Or Groups page, click Next
7. On the Tasks To Delegate page, click
Delegate The Following Common Tasks, click Join A Computer To The Domain, and
then click Next
8. Review the delegation of control summary
information and then click Finish
D. Setting permissions for joining computer
accounts to a domain
1. To join new computer accounts to the
domain, users need to have permissions and rights assigned to them.
2. Which users will be joining new client
computer accounts to a domain must be determined and the users’ rights and
privileges must be modified accordingly.
E. To set permissions for joining computer
accounts created in the Computers container to the domain
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users And Computers
2. In the console tree, right-click the
applicable domain and then click Delegate Control to start the Delegation Of
Control Wizard
3. On the Welcome To The Delegation Of
Control Wizard page, click Next
4. On the Users Or Groups page, click Add
5. In the Select Users, Computers, Or Groups
dialog box, click the user account or security group containing the users that
will be joining client computers to the domain, click Add, and then click OK
6. On the Users Or Groups page, click Next
7. On the Tasks To Delegate page, click
Delegate The Following Common Tasks, click Join A Computer To The Domain, and
then click Next
8. Review the delegation of control summary
information and then click Finish
F. To set permissions for joining computer
accounts created in OUs to the domain
1. Click Start, point to Programs, point to
Administrative Tools, and then click Active Directory Users And Computers
2. In the console tree, right-click the
applicable OU and then click Properties
3. In the Properties dialog box for the OU,
in the Group Policy tab, click the GPO in the Group Policy Object Links box and
then click Edit
4. In the Group Policy snap-in, open
Computer Configuration, click Windows Settings, click Security Settings, click
Local Policies, and then click User Rights Assignment
5. Double-click Add Workstations To Domain
6. In the Security Policy Setting dialog
box, click Add
7. In the Add User Or Group dialog box, type
or use the Browse button to enter the names of the user accounts or security
groups containing the users who will be adding client computers to the domain
in the User And Group Names box and then click OK
8. In the Security Policy Setting dialog
box, click OK
9. Close the Group Policy snap-in
10. In the Properties dialog box for the OU,
click OK
|59| G. To initiate policy propagation, do one of
the following:
1. Type secedit
/refreshpolicy machine_policy at the command prompt and then press Enter
2. Restart the computer
3. Wait for automatic policy propagation,
which occurs at regular, configurable intervals; by default, policy propagation
occurs every eight hours
|60| Chapter 15, Lesson 4
RIS Frequently Asked Questions and Troubleshooting
5.
Frequently
Asked RIS Questions
A. Question 1: How do I determine whether I
have the correct PXE ROM version?
1. When the NET PC or client computer
containing a remote boot ROM starts, the version of the PXE ROM appears on the
screen.
2. RIS supports .99c or greater PXE ROMs.
3. You may be required to obtain a newer
version of the PXE-based ROM code from your OEM if you have problems with the
existing ROM version installed on a client computer.
B. Question 2: How do I determine whether the
client computer has received an IP address and contacted the RIS server?
1. When the client computer boots, you will
see the PXE boot ROM begin to load and initialize.
2. The following remote boot ROM load
sequence occurs with most PC98 and NET PCs, PXE ROM–based computers, and the
computers using the RIS boot disk:
a. Step 1: The client computer displays the
message “DHCP.”
(1) Indicates that the client is requesting an
IP address from the DHCP server
(2) Can also mean that the client has obtained
an IP address from DHCP and is awaiting a response from the RIS server
(3) To verify that the client is receiving an
IP address, check the IP leases that have been granted on your DHCP server.
b. Troubleshooting: If the client does not
receive the message, an IP address might not have been received or the BINL
server might not be responding, in which case the following should be
considered:
(1) Is the DHCP server available and has the
service started? DHCP and RIS servers must be authorized in Active Directory
for their services to start. Make sure the service has started and that other
clients that are not remote boot–enabled are receiving IP addresses on this
segment.
(2) Does the DHCP server have a defined IP
address scope and has it been activated?
(3) Is there a router between the client and
the DHCP server that is not allowing DHCP packets through?
(4) Are there any error messages in the event
log under the system log for DHCP?
(5) Can other client computers—that is, those
that are not remote boot–enabled clients—receive an IP address on this network
segment?
c. Step 2: When the client receives an IP
address from the DHCP server, the message may change to “BINL.”
(1) Indicates that the client successfully
leased an IP address and is now waiting to contact the RIS server
(2) The client will eventually time out and
post the error message “No Bootfile received from DHCP, BINL, or Bootp.”
d. Troubleshooting: If the client does not
receive the BINL message, this indicates the client is not receiving a response
from the RIS server, in which case the following should be considered:
(1) Is the RIS server available and has the RIS
started? RIS servers must be authorized to start on the network. Use the DHCP
console to authorize both DHCP and RIS servers within Active Directory.
(2) Are other remote boot–enabled clients
receiving the CIW? If so, this client computer either is not supported or is
having remote boot ROM-related problems. Check the version of the PXE ROM on
the client computer. Also, check Active Directory to see whether the
administrator has prestaged this client computer to an RIS server that is
offline or unavailable to the client computer.
(3) Is a router between the client and the RIS
server not allowing the DHCP-based requests or responses through? The RIS
server communicates by way of the DHCP packet type during the initial service
request and response sequence. The router may need to be configured to forward
the DHCP packets.
(4) Are there any error messages in the event
log under the system or application logs specific to RIS (BINLSVC), DNS, or Active
Directory?
e. Step 3: The client then changes to TFTP or
prompts the user to press F12.
(1) Indicates that the client has contacted the
RIS server and is waiting to receive the first image file – CIW
(2) The INL and TFTP message may not be visible
on some machines because this sequence can occur very rapidly.
f. Troubleshooting: If the client machine
does not get a response from the RIS server, the client will time out and send
an error message saying that it did not receive a file from DHCP, BINL, or
TFTP. In this case, the RIS server did not answer the client computer, and the
following needs to be done:
(1) Stop and restart the BINLSVC service by
clicking Start and pointing to Run.
(2) In the Run dialog box, type Net Stop BINLSVC Net Start BINLSVC in
the text field and then click OK.
(3) Unless you have prestaged the client
computer in Active Directory prior to starting the client computer, check the
RIS server properties to make sure the Respond To Client Computers Requesting
Service check box is selected and that the Do Not Respond To Unknown Client
Computers check box is cleared.
(4) Check the event log in Event Viewer to make
sure no errors relating to DHCP, DNS, RIS (BINLSVC), or Active Directory exist.
g. Step 4: At this point, the client should
have downloaded and displayed the CIW Welcome screen.
C. Question 3: Is the preboot portion of the
PXE-based remote boot ROM secure?
1. No, the entire boot ROM sequence and OS
installation or replication process is not secure with regard to packet type
encryption, client/server spoofing, or wire sniffer–based mechanisms.
2. Use caution when using RIS on the
corporate network.
3. Make sure that only authorized RIS
servers are permitted on the network and that the number of administrators
allowed to install and configure RIS servers is controlled.
D. Question 4: Does RIS preserve the file
attributes and security settings defined on the source computer when using the
RIPrep image feature?
1. Yes, the file attributes and security
settings that are defined on the source computer are preserved on the
destination computer that installs that image.
2. However, the RIPrep feature does not
support the encrypted file system if enabled and used on the source client
computer.
E. Question 5: How do I replicate all of the
OS installation images currently located on one RIS server to other RIS servers
on the network for consistency across all client installations?
1. Currently, the RIS feature does not
provide a mechanism for replication of OS images from one RIS server to
another, but there are several mechanisms that can be use to solve this
problem.
2. Use the strong replication features of
the Systems Management Server product, which provides for scheduled
replication, compression, and slow-link features.
3. Other vendor solutions for OS image
replication can be used.
4. Make sure the replication mechanism you
choose supports maintaining the file attributes and security settings of the
source images.
F. Question 6: Can I have an RIS server and
another vendor’s remote boot server on the network at the same time? If so,
what are the implications?
1. Yes, you can have multiple vendors’
remote boot/installation (RB/RI) servers on one physical network.
2. However, the remote boot PXE ROM code
currently does not know the difference between vendors’ RB/RI servers.
3. When a remote boot–enabled client
computer starts and requests the IP address of an RB/RI server, all of the
available servers will respond to that client; thus, the client has no way to
ensure it is serviced by a specific RB/RI server.
Note RIS enables administrators to prestage client computers into Active
Directory and determine which RIS server will service a client computer. By
configuring the RIS server to answer only known client computers, the correct
RIS server will service the client.
4. Not all of the other RB/RI vendors have
implemented the ability to ignore service requests.
5. Specific vendors’ servers might need to
be isolated on the network so that these vendors’ RB/RI servers do not answer
clients.
G. Question 7: Can I add more network
adapters to the RIS boot disk?
1. No. The RBFG.EXE utility cannot be
modified with regard to the number of supported network adapters for this
release of RIS.
2. Microsoft will be adding network card
adapters over time and will make the updated RBFG.EXE utility available.
H. Question 8: Can I use the Active Directory
object attributes to create a naming format for use with the RIS automatic
computer-naming feature?
1. No, the existing attributes currently
supported with the automatic computer naming feature use Active Directory.
2. Not all of the Active Directory object
attributes are currently supported.
2. Troubleshooting RIS
|61| A. Symptom: Command settings are not being
processed during the unattended installation.
1. Cause: When using the “OemPreinstall =
yes” setting in an .sif file, the correct directory information is required
2. Solution: Change the directory
information to \RemoteInstall\Setup \applicable_language\Images\applicable_image_name\$oem$
|62| B. Symptom: Language choice options are not
displayed during the CIW session.
1. Cause:
a. By default, RIS uses the WELCOME.OSC file
to manage the client installation image choices.
b. For multiple language installation image
options, the default WELCOME.OSC file needs to be replaced with the
MULTILND.OSC file.
2. Solution:
a. The CIW uses the WELCOME.OSC file located
in the \RemoteInstall\OSChooser folder to manage client installation image
choices.
b. After the WELCOME.OSC file is removed and
the MULTILNG.OSC file is renamed WELCOME.OSC, the CIW will also offer a menu of
multiple language choices to the user.
c. The WELCOME.OSC file can be edited to
create custom language options.
|63| C. Symptom: The client computer is prestaged
to an RIS server but is being serviced by a different server.
1. Cause: When a client computer is
prestaged into a domain with multiple domain controllers, the replication delay
of the CAO information can cause a client computer to be serviced by another
RIS server
2. Solution: Wait for the computer account
information to be propagated during the next scheduled replication session or
modify the replication frequency between the domain controllers
|64| D. Symptom: Following restoration of a backup
of an RIS volume, RIS no longer functions properly.
1. Cause: Backup restored the volume without
an SIS directory
2. Solution: Verify the configuration of the
RIS volume and then restore the volume again