An unattended installation performs the same setup procedures as interactive installation, but doesn't necessarily prompt for information. That is, it starts with a flat directory of uninstalled Windows files and goes through the installation and configuration process using the information provided to select and configure Windows components and only prompts if you've omitted information or have configured Setup to do so. Here, where possible, the information is provided automatically by an answer file, not one data point at a time by someone sitting at a keyboard.
This is in contrast to the other traditional method of performing an automated installation, Sysprep, which uses an image of an installed operating system as its starting point for client installations.
When performing unattended installations, you must make a few basic decisions, such as how the installation files will be accessed, what sort of client interaction is desirable, and so on. Once that is done, the actual process of performing an unattended installation is simple— just invoke one of the Setup programs (Winnt or Winnt32) with a few parameters and go grab an espresso.
The distribution folder used for unattended installations has a predefined structure for both the base operating system files and the optional folders and files that might be needed to customize the installation. The distribution folder is a single hierarchy starting with the I386 (or IA64) folder and including both mandatory and optional subfolders.
The subfolder structure used in the distribution folder is described in Table 5-1. Based on that structure, there are various ways you can customize these distribution folders.
Table 5-1. Customizing Distribution Folders for Automated Installations
Folder | Purpose |
|---|---|
I386 | The root distribution folder is normally created at the root of the logical drive on the server hosting the distribution folder. This folder is created by copying the entire I386 subdirectory from the Windows Server 2003 CD. |
I386$OEM$ | This folder contains additional folders, tools, and files, which must use MS-DOS 8.3 names. The optional Cmdlines.txt file, which contains a set of commands to be executed at the end of GUImode setup, can also be in the $OEM$ folder. For an OEM folder to exist anywhere other than under I386, the OemFilesPath entry in the answer file must specify the alternate path. |
Optional Folders | |
I386$OEM$Textmode | This folder is used for supplying updated HALs and device drivers for mass storage devices. The files stored in this folder must be specified in the [OEMBootFiles] section of the answer file. |
I386$OEM$$$ | This folder equates to the %SystemRoot%, specifying the root installation directory for Windows Server 2003. Files and subfolders of I386$OEM$$$ are copied to the corresponding locations in the installation directory on the target computer. The structure of these subfolders must correspond to the standard folder structure for Windows Server 2003. |
I386$OEM$$$Help | The OEM help files contained in this folder are copied to the %SystemRoot%Help folder during installation. |
I386$OEM$$$System32 | Any OEM files located in this folder are copied to the %SystemRoot%System32 folder during installation. |
I386$OEM$$1 | This folder points to the %SystemDrive%—the logical drive that Windows Server 2003 is installed in. |
I386$OEM$$1Pnpdrvers | Plug and Play device drivers that must be installed are stored in this folder. |
I386$OEM$$1Sysprep | This optional folder is used to store Sysprep executable and configuration files used in imagebased installations. |
I386$OEM$Drive_letter | The contents and structure of this folder are copied to the corresponding logical drive on the target system during the Text mode part of the installation. |
The distribution folder can include preinstalled service packs so that you can install the operating system with an updated service pack rather than having to install the operating system and then apply service packs.
Typically, a service pack is provided as a single download—a large executable file that you run to extract and then install the updates to the operating system files. To update the distribution folder, you must first download the service pack and then complete the following procedure to apply it to the distribution folder:
Create a directory on the server's hard disk, and then copy the entire contents of the I386 folder from the product CD to it. For the purposes of this example, let's call it C:I386—and it is best that you call this folder I386.
Don't start the executable directly by running its associated .exe without options. Instead, extract the service pack to the hard disk drive by using the command ServicePackName –x, such as wk3sp1_en_x86.exe –x.
When prompted for the extraction folder, type the path to a temporary folder for the service pack. For the purposes of this example, let's call it C:W2003SP.
Once the service pack extraction is finished, look in the temporary folder for the I386Update folder. For example, if the temporary folder is C:W2003SP, the folder you are looking for is C:W2003SPI386Update. This folder has a program called Update.exe that you must run.
Run Update.exe with the –S parameter. Specify the folder in which the I386 directory is located as the value for the –S parameter. For example, if the location is C:I386, run Update.exe using the command line update –s:c:I386. Note you are specifying the complete path to the I386 folder. This technique is referred to as slipstreaming the service pack. 6 Now use C:I386 as your distribution folder for deploying the Windows operating system with the integrated service pack.
Inside Out: Service pack update "gotchas"
You shouldn't update your existing Windows installation share. First, you want to ensure the update is completed successfully before using it, and you might have several service packs that you must apply sequentially before the update is complete. Second, if there are users currently performing installations, you could corrupt their installations or otherwise cause their installations to fail.
When you use slipstreaming to install several service packs at once, you must rename any existing Svcpack.log file before installing the next service pack update. This file is created automatically with each service pack installation and is located on the %SystemDrive% root folder.
As a final note, you can't apply service packs to Windows 2000 RIS CD-ROM-based images. There is, of course, a workaround, which is discussed in Microsoft Knowledge Base article 258868.
Hot fixes and security updates to the operating system are made available in between service packs. Although these changes do eventually make their way into service packs, you'll often find that critical fixes must be deployed either to resolve problems you're experiencing or to close security gaps. You can find hot fixes and security updates in two places: the Microsoft security Web site and Microsoft Windows Update site. The Microsoft Web site contains links to these two sites, and they are currently located at http://www.microsoft.com/security/; and http://windowsupdate.microsoft.com, respectively, which addresses are entirely subject to change—Murphy's Law, right?
Most hot fixes and security updates follow a specific naming syntax. For example, the hot fix q348932_W2K3_SP1_ENU.exe tells you this fix is in relation to Microsoft Knowledge Base article 348932 and that it is a post Service Pack 1 fix for the English-language version of Windows Server 2003.
If you've installed hot fixes and security updates before, you know that basically all you must do is run them as a program. Unfortunately, you usually are prompted to reboot the computer after installing each, so you often have to work around this by forcing the Windows operating system to install quietly (without warnings and prompts) and not to reboot with the –Q and –Z options (which are available in most hot fixes and updates).
Note
Windows Server 2003 supports hot-fix chaining, whereby you can install multiple hot fixes with a single restart. This means you do not need to run QChain.exe and you do not need to reboot after installing each hot fix. This feature is in fact supported with Windows 2000 Service Pack 3 or later, Windows XP, and Windows Server 2003. As an alternative to –Q and –Z, you could use the –Q and –M options to install multiple hot fixes quietly at the same time.
Although you can integrate hot fixes and security updates into the distribution folder in much the same way as previously discussed for service packs, it is not recommended. Instead, you should have Setup automatically install any necessary hot fixes and security updates during the installation of the operating system. Here's how you do this:
Download the hot fixes and security updates you want to use, and then copy them to the $OEM$ directory.
Once all the hot fixes and security updates are in the $OEM$ directory, create a file called Cmdlines.txt, and save it to the $OEM$ directory. This file contains a list of commands you want to use during the installation, which in this case are the hot fixes and security updates.
The first line of the Cmdlines.txt file must be [Commands] on a line by itself. Then you list each of the hot fixes and security updates you want to run each on a line by itself, making sure to enclose each line in double quotation marks. The result is a file with contents similar to the following:
[Commands] "q3486932_w2k3_sp1_enu -q -z" "q124576_w2k3_sp1_enu -q -z"
Caution
Install only hot fixes and security updates that are released after the service pack you are deploying. For example, if you've integrated Service Pack 1 into the distribution folder, you must install only hot fixes and security updates that are labeled as sp1, meaning they are post Service Pack 1. If you install hot fixes or security updates that are included in a service pack integrated with the distribution folder, you might cause the installation to fail.
Make sure the script generated by Setup Manager has OemPreinstall=Yes in the [Unattended] section. This tells Setup that you are preinstalling using a distribution share and will be specifying commands that should be run.
Tip
Unlock advanced installation features and options
OemPreinstall=Yes unlocks a bunch of advanced installation features and options. Not only can you run hot fixes and security updates, you can run other commands, install device drivers, specify directories and files to copy to the new computer, and specify custom HAL settings.
Just as you can include hot fixes and security updates in the installation, you can also include updated drivers for Plug and Play devices. You might wonder why you would do this. Even though Windows Server 2003 includes thousands of drivers, computer hardware changes over time and the drivers included with the Windows operating system might not be the ones you need.
You can include updated drivers in automated installations by completing the following steps:
Create a subdirectory of the $OEM$ directory called $1 (the full path is I386$OEM$$1). Then create another subdirectory for the drivers. The subdirectory name must be no more than eight characters. This subdirectory will be copied to the target computer and will remain on the target computer after Setup completes.
Inside the Drivers subdirectory, create individual subdirectories for each of the various types of device drivers you are going to install, such as this:
$OEM$$1DriversVideo for new video drivers
$OEM$$1DriversSound for new Sound drivers
$OEM$$1DriversNetwork for new network adapter drivers
Copy the drivers and their .inf files into the appropriate subfolders.
Update the answer files to add references to the driver folder and its subfolders using the OemPnPDriversPath parameter. Separate each subfolder reference with a semicolon, but do not include $OEM$$1 in the path; for instance:
OemPnPDriversPath="DriversVideo; DriversSound; DriversNetwork" Or if you used only one directory called Drivers, you could use this:
OemPnPDriversPath="Drivers"
If OemPreinstall is set to No, change this so that it is set to Yes.
If you are installing new drivers for RIS-based operating system images, restart the Boot Information Negotiation Layer service (BINLSVC) on the RIS server after copying the files into the distribution folder. After you log on locally or remotely to the RIS server, you can do this from a command prompt by typing
Net stop "binlsvc"
Net start "binlsvc"
Note
You should install only signed device drivers. If you don't, Setup won't actually install the devices with Sysprep and RIS installations until an administrator logs on to the computer. You can tell Setup to bypass this policy by adding DriverSigning=Ignore to the [Unattended] section of the answer file. Keep in mind that unsigned device drivers could cause serious problems on the system.
Earlier we mentioned setting OemPreinstall=Yes and creating a Cmdlines.txt file, which must be created and saved in the $OEM$ directory. Well, allowing you to install updates and hot fixes is not the only use for this file. You can, in fact, use the Cmdlines.txt file to handle any command that you want Setup to run. Generally, you'll want these commands to run before any hot fixes and security updates are applied. This is just a precaution in case you are running a program or installing something that might affect the drivers and system files.
Remember this example from earlier in the chapter:
[Commands] "q3486932_w2k3_sp1_enu -q -z" "q124576_w2k3_sp1_enu -q -z"
Here, we are running two hot fixes. Now let's add a command to run a Microsoft Software Installation (MSI) package, like this:
[Commands] "msiexec /i \corpserver01appsApplication.msi" "q3486932_w2k3_sp1_enu -q -z" "q124576_w2k3_sp1_enu -q -z"
You can also create directories and copy over files during the installation. For example, if every computer has a C:Data and a C:Scripts directory, you could have Setup create these during installation. To create directories and copy over files during installation, follow these steps:
In the $OEM$ directory, create a directory with a one-letter name that corresponds to the drive letter of the same name on the target computer. For example, if you want to work with the C and D drives, you would create subdirectories $OEM$C and $OEM$D.
Create the necessary directories under these directories and copy any necessary files into these directories. For example, you could create $OEM$CData and $OEM$CScripts directories and then copy data and scripts into the appropriate directories.
If you want to copy files into %SystemRoot% folders, place the files in the $OEM$$$ directory. These files are then copied over during installation. One type of file that you might want to place in the $OEM$$$ is a branding file that provides information on the computer model and manufacturer. You can also add support information, which can be any standard information that your organization wants to provide to users in the General tab of the System Properties dialog box.
The branding file is saved as Oeminfo.ini, and it contains two required sections: General and Support Information (and two optional sections: ICW and OEMSpecific). It is used like this:
[General]
Manufacturer=
Model=
SupportURL=
[Support Information]
Line1=
Line2=
...
LineN=
Such as:
[General]
Manufacturer= City Power and Light
Model= CP&L Primary Desktop
SupportURL= http://Intranet
[Support Information]
Line1=For IT support call:
Line2=(206) 555-1212
Line3=For early morning or after hours support call:
Line4=(212) 555-6789Because Winnt doesn't support the use of LFNs, the distribution folder is restricted to short (MS-DOS 8.3) folder and file names if you use the 16-bit Setup program. Yet, applications sometimes require program files to be correctly named with LFNs to work. Thus, in certain installations, you'll need the ability to rename specific files or folders contained in the distribution folder once they are copied to the target computer.
The $$Rename.txt file can be used to rename the MS-DOS 8.3 file names after installation. Every file and folder using a short name that is to be renamed after installation must be specified in the $$Rename.txt file. To rename the files and folders, put a copy of the $$Rename.txt file in the folder containing the actual files and folders, and Setup will find the file and perform the renaming automatically at the end of the installation process.
The $$Rename.txt file is structured as a series of entries describing the path and both the short and long names of the file or folder to be renamed. Each folder with entries to be renamed has its own section, named with the path (starting at the root of the hard disk) in brackets "[path]" followed by the individual files to be renamed.
The path is treated as a section name and is entered on its own line in square brackets. It points to the folder that has the files or subfolders to be renamed.
File/folder names follow. Each pair is specified on a line in the format "short name = long name." The short name is specified without quotation marks. If the long name has spaces in it, the long name must have quotation marks around it.
An example of a brief $$Rename.txt file is shown here:
[] InsGuide.doc = "Installation Guide.doc" StaffHB.doc = "Employee Handbook.doc" Frelled.chm = "IT--Escalation team.chm"
To support Dynamic Update in unattended installations, the answer file must be explicitly configured to allow the Dynamic Update operations (which are disabled by default). This is controlled by two entries in the answer file:
A DUDisable entry in the [Unattended] section of the answer file is set to disable Dynamic Update by default. Modifying the entry to read DUDisable="No" instructs Setup to allow dynamic updates during installation. Using /Dudisable in Unattend.bat supersedes this setting in the answer file.
In addition to enabling Dynamic Update, you must tell Setup the location of the network share containing the Dynamic Update files. This is accomplished by entering the path to the network share in the DUShare entry in the [Unattended] section of the answer file, as shown here:
DUShare = path to network share containing files
An advantage to creating a distribution folder is that you can customize it and modify it as new security patches and service packs are added and as supported hardware or applications change. In some cases, however, using CD media for unattended installations is necessary. This could occur because of a lack of adequate network connectivity, for instance, or extreme network congestion.
However, using CD media for installation requires that CDs and DVDs containing a copy of your distribution folder be re-created any time you update or change the contents or structure of your distribution folder. Every time you apply a service pack, hot fix, or even a security patch to the operating system or any included custom files—and consider how often you do that—new CD media must be made.
Thus, the amount of work involved in the creation and distribution of the CDs containing the (updated) distribution folder must be assessed, and the process of managing the implementation of these CDs in the enterprise network environment must be defined.
Tip
Plan to secure CD media
Consider the security of distribution folder CDs carefully. Because you cannot use file system permissions to secure the contents of the CDs or DVDs containing your distribution folder, and especially because such media might well contain a Windows product key, you must plan for the physical security of each of the CDs.
In some cases, you might want to install Windows Server 2003 directly from the CD media provided by Microsoft. Perhaps you don't have a network distribution share that the target machine can access, or perhaps the machine has no network connectivity at all.
Several contingencies are involved in using the CD media for unattended installation, such as the following:
The target computer must be able to boot from the CD-ROM drive, and the option to boot from the CD-ROM drive must be selected in the BIOS.
The target computer must have a floppy disk drive.
A correctly configured answer file must be on the floppy disk in the drive (the answer file must contain a [Data] section with the entries correctly referencing an unattended installation using the Windows Server 2003 CD.
Note
For installations from CD-ROM/DVD media that are initiated by booting from a floppy disk, the floppy disk drive must contain the correct CD-ROM/DVD device drivers for the CD-ROM/DVD hardware installed in the target computer.
Before starting an automated installation process using the Windows Server 2003 CD, you must create the Winnt.sif file (an Unattend.txt file renamed as Winnt.sif) to provide answers to the Windows Setup process. The Winnt.sif file must be on a floppy disk, which must be in the floppy disk drive when Windows Setup begins. When the Windows operating system boots from CD, it checks the floppy disk drive for a Winnt.sif file and, if one is found, uses it to perform an unattended installation.
Advantages to using the Windows Server 2003 CD for unattended installation include the capabilities to install without network connectivity, repartition the hard disk, force a BIOS startup, and bypass the Mini-Setup program. Some of these actions are controlled by the use of entries in the Unattend.txt file, such as the following:
Partition the hard disk You can instruct Setup to delete all existing partitions and create a new (NTFS-formatted) partition by using the Repartition=Yes entry in the [Unattended] section.
BIOS startup To instruct the target computer to use the BIOS (instead of the device miniport driver) for startup, use the UseBIOSToBoot=1 entry in the [Data] section.
Mini-Setup bypass To avoid running the Mini-Setup program when the system boots the first time after an unattended installation, use the UnattendSwitch=Yes entry in the [Unattended] section.
Inside Out: Limitations of the Windows Server 2003 CD
If you choose to use the Windows Server 2003 CD for unattended installations, you should be aware of some significant limitations. These restrictions include the following:
Not allowing upgrades from any Windows platform
No support for Dynamic Update functionality
No support for uniqueness database files
No capability for deploying applications as part of the Windows installation
When using the Windows Server 2003 CD for unattended installations, you should be aware of certain key answer file settings.
There are four settings in the [Data] section that directly pertain to an automated installation from CD:
AutoPartition Set to 1 to disable the /Tempdrive command-line parameter.
MsDosInitiated Set to 0 to specify an unattended installation from a Windows Server 2003 CD.
UnattendedInstall Must be set to Yes for an unattended installation from a Windows Server 2003 CD.
UseBIOSToBoot Usually left at the default setting of 0; this must be set to 1 to use the BIOS for system startup.
The [Unattended] section contains two settings that relate to a CD-based automated installation:
Repartition Set to No by default; if set to Yes, this will instruct Setup to delete all existing partitions (on the first hard disk) and to create a new NTFS partition.
UnattendSwitch This parameter is used only by Winnt.exe and is set to No by default. If it is set to Yes, it instructs Setup to skip running the Mini-Setup program upon first reboot after the unattended installation completes.
Once you have an Unattend.txt file, you can use it to install Windows Server 2003 by running Winnt.exe or Winnt32.exe at the command line with the appropriate parameters, such as
Winnt /u:Unattend.txt /s:\FileServerDistributionSharei386Or
Winnt32 /unattend:Unattend.txt /s:\FileServerDistributionSharei386Tip
If installing from product media, name the Unattend.txt file Winnt.sif, put it on a floppy disk, and put that disk in the computer. When you boot from the CD, the answer file will be automatically recognized and used during setup.
In addition to the /Unattend command-line option that causes Setup to use the Unattend.txt file to automate installation, many other command-line parameters can be used to affect the installation. This includes whether to use Dynamic Update during installation (and many other options). For further information on these command-line options, see the sections entitled "Winnt Command-Line Parameters" and "Winnt32 Command-Line Parameters".
You can start an unattended installation in a number of different ways, depending on the installation programs and methods you are using, as follows:
Batch file If you used Setup Manager to create your Unattend.txt file and you will be using the Windows Setup program to perform the installation, you can use the Unattend.bat file, also created by Setup Manager, to start the installation process.
Manually You can also manually enter the same command sequence from the command line, with any additional parameters that might be necessary for the specific installation you're performing (for instance, a different location for the temporary files).
The unattended installation text file in Windows Server 2003 builds on the Windows 2000 version while maintaining the familiar .inf format. Several new sections, as well as many new settings, provide finer control over the installation and configuration of Windows Server 2003 server and Windows XP operating systems.
The new sections added to the Unattend.txt file since Windows 2000 include the following:
[Homenet] This section contains settings for home networking, including network adapters and Internet Connection Sharing and firewalls.
[PCHealth] This section contains settings for remote assistance and detailed errorreporting management.
[SetupParams] Used to run additional commands after Setup is completed (by the UserExecute entry).
[Shell] Sets themes to set the style of the user interface.
[SystemRestore] Sets calendar and session frequencies of backup and purging.
[Uninstall] Controls uninstall options for Windows XP installations.
The number of new entries are too numerous to list here—for a complete listing of new entries, refer to the "Changes in Answer Files" section of the "Microsoft Windows Corporate Deployment Tools User's Guide."
An Unattend.txt file can contain literally hundreds and hundreds of entries, not very many of which are required. The following example of an extended Unattend.txt file demonstrates how you can add sections to the file. Although a fully configured installation with lots of customization is much longer, you probably get the idea that there's a lot you can do to optimize the configuration.
;SetupMgrTag
[Data]
AutoPartition=1
MsDosInitiated="0"
UnattendedInstall="Yes"
[Unattended]
UnattendMode=FullUnattended
OemSkipEula=Yes
OemPreinstall=Yes
TargetPath=Windows
[GuiUnattended]
AdminPassword=e52cac67419a9a224a3b108f3fa6cb6d8846f7eaee8fb117ad06bdd830b
EncryptedAdminPassword=Yes
OEMSkipRegional=1
TimeZone=4
OemSkipWelcome=1
[UserData]
ProductKey=DFDFD-FSAFW-EFREF-AFASF-AFAAA
FullName="wrstanek"
OrgName="City Power and Light"
ComputerName0=corpserver01
ComputerName1=corpserver02
ComputerName2=corpserver03
ComputerName3=corpserver04
ComputerName4=corpserver05
[Display]
BitsPerPel=32
XResolution=1024
YResolution=768
[LicenseFilePrintData]
AutoMode=PerSeat
[RegionalSettings]
LanguageGroup=1
[SetupMgr]
DistFolder=Z:windist
DistShare=windist
[FavoritesEx]
Title1="Google Home Page.url"
URL1="http://www.google.com"
Title2="MSN Home Page.url"
URL2="http://www.msn.com"
[Branding]
BrandIEUsingUnattended=Yes
[URL]
Home_Page= http://www.cpandl.com
Help_Page= http://www.cpandl.com/help
Search_Page= http://search.cpandl.com
[Proxy]
Proxy_Enable=0
Use_Same_Proxy=1
[GuiRunOnce]
Command0=DeleteUnnecessaryFiles.bat
[Identification]
JoinDomain=DOMAIN
DomainAdmin=ADomainAdmin
DomainAdminPassword=PasswordExposed
[Networking]
InstallDefaultComponents=No
[NetAdapters]
Adapter1=params.Adapter1
[params.Adapter1]
INFID=*
[NetClients]
MS_MSClient=params.MS_MSClient
[NetServices]
MS_SERVER=params.MS_SERVER
[NetProtocols]
MS_TCPIP=params.MS_TCPIP
MS_NetMon=params.MS_NetMon
[params.MS_TCPIP]
DNS=Yes
UseDomainNameDevolution=No
EnableLMHosts=Yes
AdapterSections=params.MS_TCPIP.Adapter1
[params.MS_TCPIP.Adapter1]
SpecificTo=Adapter1
DHCP=Yes
WINS=No
NetBIOSOptions=0Of all these fancy extras, there are actually only a few that we haven't talked about yet. Primarily, these are the installation options you use to preconfigure networking and Internet Explorer. With networking, the sections include [Networking], [NetAdapters], [NetClients], [NetServices], and [NetProtocols], as well as individual parameter sections for the TCP/IP adapters used. In most situations, you set these parameters using Setup Manager. Occasionally, you want to tweak the parameters in the answer file, but because they are so advanced, it is often easier to create a new answer file and then copy in from the old file the additional sections that you custom created.
An exception to this is with the Internet Explorer preconfiguration options. It is really easy to preconfigure Internet Explorer in an answer file:
The [Branding] section tells Setup that you are customizing Internet Explorer, and it must be set as this:
[Branding] BrandIEUsingUnattended=YesThe [FavoritesEx] section is used to set favorites shortcuts. Each shortcut is entered as a title/URL pair, such as these:
Title1="Google Home Page.url" URL1="http://www.google.com" Title2="MSN Home Page.url" URL2="http://www.msn.com"
The [URL] section sets the default Uniform Resource Locators (URLs) used by Internet Explorer for the home, help, and search pages, such as this:
[URL] Home_Page=http://www.cpandl.com Help_Page=http://www.cpandl.com/help Search_Page=http://search.cpandl.comThe [Proxy] section configures Internet Explorer's proxy settings, such as the following:
[Proxy] Proxy_Enable=0 Use_Same_Proxy=1