The process of preparing for remote installation using RIS has several aspects:
Preparing the OS image, a process that differs depending on whether you are using RISetup or RIPrep images
Creating and associating the answer file with an image
Customizing CIW (if needed)
There are two different forms of operating system images supported by RIS for remote installation:
Distribution files (as copied off the Windows Server 2003 CD or other distribution folder), which are formed into an OS image using RISetup
A file system image made by using RIPrep, which is based on an installed operating system established as a master (template) installation
Each image created, whether by RISetup or RIPrep, has a corresponding Templates subfolder on the RIS server, and this folder contains a standard answer file called Ristndrd.sif. The Templates folder also houses additional answer files that are associated with the image.
RIS images are stored on an NTFS partition, and the Everyone group has Full access by default (in Windows Server 2003, the Everyone group means all Authenticated Users). You might want to restrict access to some (or all) of these images, after all, many users might need to install Windows XP, yet fewer will need to install Windows Server 2003. You can control access using security settings available by following these steps:
Double-click the RIS server's computer account in Active Directory Users And Computers.
In the Remote Install tab, click Advanced Settings to display the Remote Installation Services Properties page.
In the Images tab, select the image you want to manage, and then click Properties.
Click Permissions on the Image Properties page.
Finally, in the actual Properties page for the image, click the Security tab to view and manage current security settings.
Alternately, you can limit the scope of users that can access RIS images (thus limiting the installation options that appear in the CIW installation display) by removing the Everyone group from a specific Templates folder and then providing access to only those security groups that must install that specific RIS image.
Either way, you ensure that users see only images for which they have access and restrict them from trying to install images they shouldn't be using. For example, if Developers should see only Developer images and not IT images, you could handle this by changing the NTFS permission on the appropriate images. Once you set restrictive permissions, RIS shows users only images for which they have access.
Using RISetup creates an operating system image by pulling the files from the original Windows Server 2003 CD or from a customized distribution folder containing these files, such as one that has the service pack integrated.
You can further customize the installation by adding files (applications, drivers, etc.) to the distribution share and adding necessary configuration information to the answer file. Just as with an unattended installation performed by Windows Setup (Winnt or Winnt32), associating an answer file with an image enables automation and control of the installation process. This means everything discussed in the previous chapter applies to RIS, with some limitations, of course.
To configure a RISetup OS image, follow these steps:
To start the Remote Installation Services Setup Wizard, run Remote Installation Services Setup on the Administrative Tools menu or type risetup at a command prompt on the RIS server.
You are prompted to select one of the following options:
Add A New OS Image To This Remote Installation Server—This option enables the addition of multiple operating systems (or OS configurations) to be made available as installation options from the RIS server.
Check This Remote Installation Server For Errors—This option allows you to verify the operations of the RIS server, although it does not verify the integrity of the operating system images you might have previously stored.
Select the first option, click Next, and then specify the location of the installation source files (distribution CD or network location) on the Installation Source Files Location page.
Click Next, and then specify the name of the folder to which the Windows files will be copied on the RIS server. This is the name for the image in the Windows Installation Image Folder Name dialog box, which by default is WINDOWS. If you are going to have multiple images on a server, you could use names that help you identify the type of image, such as WINSVR-STD, WINSVVR-ENT, and WINXP-PRO.
Click Next. The Friendly Description And Help Text page lets you customize the description and help information displayed on the client computer during the installation process.
Click Next. If there's an existing OS image (in addition to the default image created when you set up the RIS server), you are asked what you want to do with the existing client installation screens. In most cases, you simply want to leave them alone (and you do this by selecting the Use The Old Client Installation Screens option).
Note
The client installation screens are saved as .osc files, and they control what users see when they first connect to the RIS server. These files use the OSC Markup Language (OSCML) and are very similar to standard Hypertext Markup Language (HTML) files. In fact, if you know anything about HTML, you could easily customize these files so that they better suit your needs. Each .osc file is a screen that the users see when connecting to the RIS server, including the Welcome, Logon, Main Menu, Operating System Choice, Client Installation, and Warning screens.
Click Next, and then click Finish. The wizard then copies the files and update the RIS server accordingly.
The other means of creating an operating system image for RIS is by using the Remote Installation Preparation Wizard to create an image of a preconfigured computer. This image is then stored on the RIS server and is used to install on the remote computers.
The file system image created by RIPrep is essentially the image of an installed and configured system with certain computer-specific information (such as security identifiers, or SIDs) removed. The deleted information is replaced with data specific to the target computer during deployment of the operating system image.
The process of creating a RIPrep image is similar to that of installing any new Windows computer—you install and configure the operating system, applications, and so on. In the case of an installation for RIPrep, the computer you configure is designated as the master computer because it is the master configuration for subsequent deployments. After the master computer is customized to meet the requirements for the computers the image will be installed upon, an image of that installation is created.
RIPrep uses answer files in a similar way to the other automated installation methods: the information in the answer files is used to control Setup and configure the computer. The RIPrep image process creates an answer file named Riprep.sif in the Image folder by default.
A RIPrep image stores the current configuration of a system and includes some desktop and application settings, as shown in Table 6-3.
Table 6-3. Settings Stored in a RIPrep Image
Category | Specific Settings |
|---|---|
Local policy | Group Policy Administrative Template |
Control Panel | Accessibility, performance, power, sound scheme, startup, and recovery |
Internet Explorer | Connection, home page, privacy, security |
Optional | Services for Netware, Network Monitoring, Remote Storage |
Services | Logon accounts, recovery, startup |
Desktop | Folder options, fonts, shortcuts, display configuration |
Office | Application configuration (Microsoft Office Word, Microsoft Office Excel) for editing, saving, spelling, and viewing settings |
Creating RIPrep OS images from (Select or Enterprise) volume license media is recommended, because it obviates issues with license keys and Windows product activation.
Inside Out: Retail CD not recommended for RIPrep
When a RIPrep image is created from a master installation using a non–volume license medium (such as the retail Windows Server 2003 CD), the Windows product activation (WPA) timer is reset with each RIPrep image. This causes each subsequent installation to require the target computers to complete the product activation process. Installing more than three RIPrep images created from a master installation using non–volume license media will result in the WPA grace period not being reset for subsequent RIPrep images. These WPA contingencies are specific to RIPrep and do not affect RISetup-based operating system images.
Before you create a RIPrep-based OS image, you should know about a few constraints. First, there must be a RISetup image for the same operating system (including language and version), for example, that the master computer being used for the RIPrep image is running. The operating system version numbers of the RISetup image and the master installation that RIPrep is imaging must have the same first two numbers (i.e., 5.1).
Because Mini-Setup implements Plug and Play detection upon loading, the target computers need not have identical hardware (they simply must share the same HAL as the master installation computer).
The Plug and Play hardware detection in Mini-Setup (on the target computer) checks the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionDevicePath registry key for the default location of device drivers. The default path for devices is the %Windir%System32Drivers folder.
The RIPrep.sif answer file can specify alternate locations for device drivers (as well as .inf files, catalogs, and so on) needed to support the device hardware in the target computers. You can do this by adding a device search path in the [Unattended] section using the OemPnPDriversPath parameter. The environment variable %SystemDrive% is automatically attached to the beginning of the folder path specified in the OemPnPDriversPath parameter; thus, the location of the folder containing the drivers must be on the system root partition.
The HAL that the master computer uses must be compatible with the HAL that each target computer uses. A common HAL version, for example, is the Advanced Configuration and Power Interface (ACPI) HAL—if your target computers use the ACPI HAL, the master computer that you are creating the image from must also use the ACPI HAL.
Inside Out: Matching HAL versions in RIS images
You can perform an image-based RIS installation with an image created from a master computer if the HALs used by the target and master computers correspond in the following ways:
Target and master system HALs are identical.
Target and master systems use the Advanced Programmable Interrupt Controller (APIC) HAL (assuming both systems use either a single-processor or multiprocessor APIC HAL).
Target and master systems use a non-ACPI HAL (assuming both systems use either a single-processor or multiprocessor non-ACPI HAL).
Note
Windows Server 2003 RIS filters the images based on HAL compatibility before presenting them to the user, so there is no possibility of installing the wrong type of HAL.
There are several approaches to discovering the version of the HAL a computer is using. Some network management tools (such as Microsoft Systems Management Server) allow you to run a software inventory, which can tell you which HAL versions various computers are using. Alternately, for systems running a Windows server operating system, you can determine the HAL that is in use by viewing the properties of the Hal.dll file in the %SystemRoot%System32 folder. In the Version tab, view the original file name—for example, in the case of an ACPI HAL, the file name is a Halacpi.dll.
You start the process of creating a file system image by installing the operating system on to the computer that will contain the master configuration for this image. Because you are creating an image to be used on multiple (many) target computers, begin by selecting computer system hardware that is representative of the hardware that the target systems will have. As noted previously, the HAL of the master computer must match the HAL of the target computer systems.
Install the operating system onto the master installation computer, and configure the services, applications, and desktop environment to reflect the baseline operating environment that you want the target computers to have. You should thoroughly test this OS configuration, as well as all applications, for proper functionality prior to creating the image for RIS. Again, make sure all the services and applications that will be part of the image are on the system drive.
Inside Out: User profile in master installations
The user profile used in installation and configuration of applications can affect availability or functionality of applications that store settings on a per-user basis. For instance, applications that require Administrator rights to run or configure might not allow the users of the future installations to access needed functionality. Assess the applications used in your master installation for configuration and user profile issues.
When you have configured the operating system on the master computer to meet your requirements, you use the Remote Installation Preparation Wizard (RIPrep.exe) to create the file system image of the master installation. The wizard converts the standing installation on the master computer to a file system image that is stored on the RIS server, making it accessible to remote installation client systems.
RIPrep modifies the SIDs and access control lists (ACLs) to ensure that each RIS installation using that image is unique. During RIPrep image preparation, the SIDs and ACLs are removed prior to image creation. Each computer that image is installed to will run MiniSetup upon first boot to reassign SIDs, set ACLs, and so on.
Note
Because the file system images created by RIPrep contain applications and tools, they are larger than the operating system images created by using RISetup, yet they install more quickly because they lack SIDs and ACLs initially.
The RIPrep.exe file is located in the %SystemRoot%System32Reminst folder (and is also copied to \ServerNameReminstAdminI386). There are two command-line parameters that can be used with RIPrep.exe:
RIPREP /quiet disables the display of confirmation dialog boxes.
RIPREP /pnp forces detection of Plug and Play devices during installation.
Caution
Running RIPrep changes the SIDs and ACLs of an installation, so don't run RIPrep on a system unless you intend to use it as a distribution image.
Troubleshooting: Recovering from inadvertently running RIPrep or Sysprep
If one of the programs designed to prepare a computer to serve as a master computer for image-style installations is accidentally run, you must take several steps to repair the system. The details of how to recover from this are explained in Microsoft Knowledge Base article 814588. This article explains how to restore SIDs, modify the registry, and run the Recovery Console to return the computer to a functional state.
To create an image from a master installation, run RIPrep at the following location: \ServerNameReminstAdminI386.
The following are the steps of the RIPrep image creation process:
The Welcome page describes what RIPrep will do (converting the master installation to a file system image) and reminds you that the hardware of the target computer need not be identical to the hardware used in the image (but must share the HAL dynamiclink library).
You are then prompted for the server name hosting the RIS services (the existing RIS server name is provided by default).
The wizard then prompts you for the folder name of where the image will be stored on the RIS server (if it doesn't already exist, it will be created).
You are then prompted to provide the friendly description and help text (no default values are supplied).
The list of services that must be stopped before creating the installation image is displayed. Click Next, and the RIPrep Wizard will stop all of the services in the list.
Tip
Shut down services
If all required services or programs are not stopped, the Programs Or Services Are Running dialog box is displayed, listing the processes that are still operational and directing you to use the Computer Management console (in the Services and ApplicationsServices nodes) to shut down the remaining services.
The values selected for the remote installation server, folder name, friendly description, and help text are displayed, giving you a chance to review the settings before clicking Next to confirm the selections.
The Completing The Remote Installation Preparation Wizard page is displayed. Once you continue, the RIPrep Wizard creates the installation image and copies it to the RIS server, then shuts down the master installation computer. During this process, the wizard performs the following steps:
Verifies the Windows version
Analyzes partitions
Copies partition information
Copies files to the server
Copies and updates registry information
Shuts down the computer
Upon reboot, the master installation computer runs the Mini-Setup program (like the future target computers that receive this installation image). This reassigns security-related information that was stripped off by RIPrep and enables normal operations. You will be prompted to do the following:
Accept the license agreement
Reenter the product key (only for a retail or Open License CD)
Choose the keyboard and localization
Enter the user name and organization
Select a time zone—be sure to choose the correct one
Determine whether typical or custom network settings should be used
Join a workgroup or a domain
Mini-Setup goes a bit faster than normal Setup because it doesn't need to check Plug and Play hardware components, but it still takes a bit of time. As Figure 6-3 shows, the master image is stored in a separate directory from the other images you've created—and if you gave the image a clear name, such as MasterIMG, it is very easy to distinguish from any other images.
Inside Out: Use RISetup to create a master installation template
Using a RIS installation is recommended for creating the master installation. Because you have to create the master installation image once, and you want to be able to easily update it (say, upon the release of a service pack or critical security patch), if you create an automated RISetup installation, you can update it and regenerate the master installation quickly.
RIPrep is very useful in that it can create complete system images, but as with unattended installations, you can also use flat or CD-ROM images that include integrated service packs. All you must do is place an I386 or Intel Architecture 64 (IA-64) folder for whichever operating system you want to install on the RIS server, and then RIS clients can use that flat image. As discussed in Chapter 5, you can integrate service packs into this distribution folder and configure optional answer files to apply hot fixes, security updates, drivers, and programs to run (as you can with any RIS image).
First, you might be wondering why you would want to do this. Well, primarily because it allows you to centralize. You can store all your installation files and scripts on one server, and if you already have images with integrated service packs and scripts, why not put them on the RIS server to make the entire process easier to manage? Are you wondering how this would work? Here's what you do:
First, copy the I386 folder from the operating system CD-ROM to the RIS server. For example, in Windows XP Professional, you might copy the I386 folder from the CDROM to the C:WINXPPRO folder on the RIS server.
Next, extract the service pack into a temporary folder on the RIS server, such as C:WinXPSP1.
Run the update tool in the service pack's I386Update folder. Following the example, you would change to the C:WinXPSP1I386Update directory, and then type update –s:C:WINXPPROI386.
Then you must tell the RIS server about the image you want to use. Start Active Directory Users and Computers by clicking Start, pointing to Programs or All Programs, clicking Administrative Tools, and selecting Active Directory Users And Computers.
Double-click the folder that contains the computer account. Typically, this is the Computers OU. Then double-click the Computer account name to display the properties page for the computer.
In the Remote Install tab (see the screen on the following page), click Advanced Settings to display the Remote Installation Services Properties page.
The Images tab contains a list of current images that are on the RIS server (see the following screen). Click Add so that you can tell RIS about the image you want to use.
You can now choose to associate a new answer file with an existing image or add a new installation image. Choose Add A New Installation Image (as shown in the screen on the following page), and click Next. This starts the Remote Installation Services Setup Wizard.
Specify where the image is located (as shown in the following screen). In the example, this would be C:WINXPPRO folder.
Click Next, and then enter the name of the folder to which the files will be copied within RIS (as shown in the screen on the following page). In the example, I called it WINXPSP1, which means that the I386 files will be stored on the remote installation folder using this name, and the path to the actual image would be RemoteInstall SetupEnglishImagesWINXPSP1.
Click Next, and then enter the friendly name and help text for this image. Click Next again, and you'll be asked what you want to do with the previous client installation screens. The client installation screens are the .osc files that control what the user sees when first connecting to the RIS server. In most cases, you can leave these files as they are, so select Use The Old Client Installation Screens (as in the screen shown here).
Click Next, and then click Finish to complete the image creation process. You'll then see the image on the list of available images, and clients will be able to use it.
RIS answer files are highly similar to Unattend.txt files, with just a few additional or changed entries. During the RIS image creation processes, default answer files are created for each OS image:
RISetup creates a default answer file called Ristndrd.sif.
RIPrep creates its own answer file named Riprep.sif by default.
The easiest way to create an optional answer file (Remboot.sif by default) for RIS is by using the Setup Manager Wizard (Setupmgr.exe in Deploy.cab located in the SupportTools folder on your product CD).
note
For more information about using Setup Manager to create answer files, see Chapter 5.
The internal structure of the *.sif files is much like the Unattend.txt answer files, using many of the same sections and entries to configure remote installation, but with different default entries and values. By default, a RIS answer file for either RISetup or RIPrep installations contains the [SetupData], [RemoteInstall], [OSChooser], and [SetupMgr] additional sections, and the [Data] section has additional entries such as OriSrc=\%SERVERNAME% RemInst\%INSTALLPATH%.
The following text shows the content of a Ristndrd.sif file created by RISetup.
[Data] floppyless = "1" msdosinitiated = "1" OriSrc = "\%SERVERNAME%RemInst\%INSTALLPATH%\%MACHINETYPE%" OriTyp = "4" LocalSourceOnCD = 1 DisableAdminAccountOnDomainJoin = 1 [SetupData] OsLoadOptions = "/noguiboot /fastdetect" SetupSourceDevice = "DeviceLanmanRedirector\%SERVERNAME%RemInst\%INSTALLPATH%" [Unattended] OemPreinstall = no FileSystem = LeaveAlone ExtendOEMPartition = 0 TargetPath = WINDOWS OemSkipEula = yes InstallFilesPath = "\%SERVERNAME%RemInst\%INSTALLPATH%\%MACHINETYPE%" LegacyNIC = 1 [UserData] FullName = "%USERFIRSTNAME% %USERLASTNAME%" OrgName = "%ORGNAME%" ComputerName = %MACHINENAME% [GuiUnattended] OemSkipWelcome = 1 OemSkipRegional = 1 TimeZone = %TIMEZONE% AdminPassword = "*" [LicenseFilePrintData] AutoMode = PerSeat [Display] BitsPerPel = 16 XResolution = 800 YResolution = 600 VRefresh = 60 [Networking] [NetServices] MS_Server=params.MS_PSched [Identification] JoinDomain = %MACHINEDOMAIN% DoOldStyleDomainJoin = Yes [RemoteInstall] Repartition = Yes UseWholeDisk = Yes [OSChooser] Description ="Windows Server 2003, Standard" Help ="Automatically installs Windows Server 2003, Standard without prompting the user for input." LaunchFile = "%INSTALLPATH%\%MACHINETYPE% emplatesstartrom.com" ImageType =Flat Version="5.2 (0)"
The RIPrep installation information is written to a Riprep.sif file in the Templates subfolder. The following text is a sample Riprep.sif file:
[Data] floppyless = "1" msdosinitiated = "1" OriSrc = "\%SERVERNAME%RemInst\%INSTALLPATH%\%MACHINETYPE%" OriTyp = "4" LocalSourceOnCD = 1 DisableAdminAccountOnDomainJoin = 1 [SetupData] OsLoadOptions = "/noguiboot /fastdetect" SetupSourceDevice ="DeviceLanmanRedirector\%SERVERNAME%RemInst\%INSTALLPATH%" SysPrepDevice="DeviceLanmanRedirector\%SERVERNAME%RemInst\%SYSPREPPATH%" SysPrepDriversDevice="DeviceLanmanRedirector\%SERVERNAME%RemInst %SYSPREPDRIVERS%" [Unattended] OemPreinstall = no FileSystem = LeaveAlone ExtendOEMPartition = 0 TargetPath = WINDOWS OemSkipEula = yes InstallFilesPath = "\%SERVERNAME%RemInst\%INSTALLPATH%\%MACHINETYPE%" LegacyNIC = 1 [UserData] FullName = "%USERFIRSTNAME% %USERLASTNAME%" OrgName = "%ORGNAME%" ComputerName ="%MACHINENAME%" [GuiUnattended] OemSkipWelcome = 1 OemSkipRegional = 1 TimeZone = %TIMEZONE% AdminPassword = "*" [LicenseFilePrintData] AutoMode = PerSeat [Display] BitsPerPel = 16 XResolution = 800 YResolution = 600 VRefresh = 60 [Networking] [NetServices] MS_Server=params.MS_PSched [Identification] JoinDomain = %MACHINEDOMAIN% DoOldStyleDomainJoin = Yes [RemoteInstall] Repartition = Yes UseWholeDisk = Yes [OSChooser] Description ="W2K3 Server MASTER INSTALLATION" Help ="This is configured for our base server deployment" LaunchFile ="%INSTALLPATH%\%MACHINETYPE% emplatesstartrom.com" ImageType =SYSPREP Version="5.2 (3790)" SysPrepSystemRoot="Mirror1UserDataW2K3" HalName=hal.dll ProductType=1
The following text displays the sections and entries used in the Remboot.sif file that are different or additional to those also used in common with the Unattend.txt file.
[Data]
MsDosInitiated="1"
floppyless="1"
OriSrc="\%SERVERNAME%RemInst\%INSTALLPATH%"
OriTyp="4"
LocalSourceOnCD=1
[SetupData]
OsLoadOptions="/noguiboot /fastdetect"
SetupSourceDevice="DeviceLanmanRedirector\%SERVERNAME%RemInst\%INSTALLPATH%"
[Unattended]
OemPreinstall=No
FileSystem=LeaveAlone
NtUpgrade=No
OverwriteOemFilesOnUpgrade=No
[Identification]
JoinDomain=%MACHINEDOMAIN%
DoOldStyleDomainJoin=Yes
[Networking]
ProcessPageSections=Yes
[RemoteInstall]
Repartition=Yes
[OSChooser]
Description="Windows Professional Standard Installation"
Help="This will install Windows Professional in a standard configuration."
LaunchFile="%INSTALLPATH%\%MACHINETYPE% emplatesstartrom.com"
ImageType=FlatTo automate a RIS installation, you must associate an answer file with the specific operating system image.
To associate a remote boot .sif file with a RIS installation image, follow these steps:
Locate the server running RIS in Active Directory Users and Computers.
Double-click the computer account entry, then click Advanced Settings in the Remote Install tab
In the Images tab of the Advanced Settings dialog box, click Add.
Select Associate A New Answer File To An Existing Image, then click Next.
Specify the source of the new answer file (Windows Image Sample Files, Another Remote Installation Server, or An Alternate Location), and then click Next.
Select Installation Image To Associate The Answer File With, then click Next.
Select the answer file to use, and click Next. If the file name already exists, you have the option to set a new name for the answer file.
Provide any changes to the Friendly Description And Help Text option, click Next, and then click Finish.
The answer file you selected is then copied to the Templates directory of the designated installation image and will be used for any subsequent remote installations using that image.
The Client Installation Wizard (CIW) is the first user interface (UI) displayed on the target computer during RIS-based installation. The CIW, also called OSChooser, is a text-based tool that guides the user through the initial steps of the installation process. Administrators can configure the CIW to provide a customized list of available operating systems.
When a client connects to the RIS server, the service sends a startup boot file to the target computer (by default, Startrom.com stored in the RemoteInstallOsChooserI386 folder). This startup boot file prompts you to press the F12 key. The RIS server then downloads the CIW by TFTP to the target computer. There is another startup boot file (called Startrom.n12, which can be renamed to Startrom.com if you want to use it) that does not require the F12 key to be pressed, allowing a fully automated installation.
The default CIW page displays are HTML-based *.osc files, which are put on the RIS server when you run RISetup.exe the first time. Example files are also included to show you how to modify the CIW information, displays, user logon, and setup options.
Following are tips for designing CIW pages:
One of the pages must contain the <meta server action=dnreset> HTML tag.
At a minimum, the CIW must contain the Welcome, Logon, and Summary pages.
Because the user has no input with a fully automated installation, the CIW used with one should contain a minimum of setup-related data. This usually means fewer pages are needed for that CIW.