RIS clients rely on PXE to load boot code from the network and establish communications with a RIS server. A PXE-compliant computer has a PXE-enabled BIOS and a NIC that supports remote booting. PXE allows computers to boot using code from a network location, and then to remotely install an operating system—without user input, if desired. It does this using standard protocols and services, such as TCP/IP, DHCP, and Trivial File Transfer Protocol (TFTP).
PXE includes extensions to DHCP that allow PXE systems to locate remote installation servers. When a PXE client machine boots from the network adapter, it first locates a DHCP server and then, using information supplied by the DHCP server, contacts a RIS server. The RIS server loads and automatically runs an operating system installation process, which can be a Windows installation (automated or interactive) or an image deployment (created using RIPrep).
Not all computers support PXE in their system firmware, and Windows Server 2003 includes an alternative for those systems. If you have machines without PXE support, you can create a RIBF disk, which emulates the PXE boot process. See the section entitled "Creating a RIBF Disk" later in this chapter for details.
In addition, even if your computer is PXE-compliant, you might need to change the BIOS settings to tell the computer to boot using PXE. How you do this depends on the computer. Most of the time, when you start the computer, you'll see an option to access the BIOS setup, then from within BIOS setup you'll typically have an option that lets you change the boot order and select boot options.
On an IBM ThinkPad, for instance, restart the computer and press F1 to access the BIOS setup. Then access the Power On options on the Startup menu. Included there is a wide array of boot options, including Network Boot, Removable Devices, Hard Drive, and ATAPI CDROM Drive. The obvious choice seems to be Network Boot, but a Network Boot is typically for thin clients and not a standard system. The actual choice needed is under Hard Drive and is an option for Bootable Add-In Cards, which must be moved up so that the bootable card is checked for before the hard disk drive.
Tip
If you're counting on using RIS for widespread deployment, verify that the systems either have firmware support for the PXE environment or are equipped with a network adapter supported by the RIBF.
The options presented to the person performing the RIS installation are controlled by using Group Policy settings. These settings affect whether automatic setup is supported, a failed setup can be restarted, and custom setup is available.
Tip
Although using these Group Policy settings is optional, they can have significant effects on the operations of RIS-based installations. Because of this, you will usually want to take the time to customize them for your environment.
To configure the RIS settings in a Group Policy Object (GPO), follow these steps:
In the Group Policy Editor, expand User Configuration, Windows Settings, Remote Installation Services.
Right-click Choice Options, and then select Properties (or double-click Choice Options).
Table 6-1 shows the options available for configuration.
Table 6-1. RIS Settings in Group Policy
Setup Option | Default Setting | Description |
|---|---|---|
Automatic Setup | Not configured | Bypasses all CIW setup options other than selection of OS image. Active Directory searches for a target computer UUID matching a UUID in a (prestaged) Active Directory computer account and uses the Active Directory computer name. During installation, if no matching UUID is found, one is constructed from the location in Active Directory and the selected automatic-naming format. |
Custom Setup | Disabled | Enables selection of Active Directory location and computer account name. |
Restart Setup | Disabled | Restarts Setup upon installation failure—starts CIW before image copy phase, then users are presented with a Restart Setup option on their CIW boot display. |
Tools | Disabled | Provides access to tools for troubleshooting and maintenance (diagnostics, system flash BIOS update). These tools are installed in the RemoteInstall share. |
You can configure each of these settings as Enabled, Disabled, or Not Configured. You can also select both Automatic and Custom setup to support a more diverse installation environment.
Inside Out: Using specialized GPOs to customize RIS
You can configure RIS settings in the default domain policy GPO. Yet, where more flexibility is required, you can also create a specialized GPO that is limited to one or more OUs. When you use OU GPOs to customize the RIS environment, you can allow a setting from the default domain policy to apply by setting the individual option to Not Configured in the OU GPO.
Administrators can take advantage of RIS even when dealing with computers that do not have PXE hardware by using the RIBF. This disk provides PXE emulation for computers that do not support PXE but that do have one of a limited set of NICs. Figure 6-2 displays the Remote Boot Disk Generator interface.
To create a remote installation boot disk, run RBFG.exe, which is located in RemoteInstall AdminI386 (or another RemoteInstall path specified when running the RIS Setup Wizard), and then click Create Disk. When prompted, insert a formatted floppy disk, and that's it. Now you can make copies of the disk and hand them out to RIS installers.
The remote installation boot disk provides support for a limited set of network cards on the target machine. Table 6-2 lists the network cards supported by the remote installation boot disk at the time this book was written. Support can change as additional service packs and updates become available—Murphy's Law again. Click Adapter List in the Remote Boot Disk Generator to get a current list of supported adapters.
Table 6-2. Network Adapters Supported by the RIS Boot Disk
Vendor | Network Adapter |
|---|---|
3Com | 3Com 3C900B-Combo, 3Com 3C900B-FL, 3Com 3C900B-TPC, 3Com 3C900BTPO, 3Com 3C9000-Combo, 3Com 3C9000TPO, 3Com 3C905B-Combo, 3Com 3C905B-FX, 3Com 3C905B-TX, 3Com 3C905C-TX, 3Com 3C905-T4, 3Com 3C905-TX, 3Com MiniPCI |
Accton | Accton MPX5030 |
Allied | Telesyn 2500TX |
AMD | AMD PCNet Adapters |
Compaq | Compaq NetFlex 100, Compaq NetFlex 110, Compaq NetFlex 3 |
DEC | DEC DE450, DEC DE500 |
HP | HP DeskDirect 10/100TX |
Intel | Intel Pro 10+, Intel Pro 100+, Intel Pro 100B |
Realtek | Realtek RTL8029, Realtek RTL8139 |
SMC | SMC 1211TX, SMC 8432, SMC 9332, SMC 9432, SMC ENI1209D-TX5 |
Creating computer accounts in Active Directory prior to their use in remote installations (prestaging) can enhance the security of your RIS-based installation. Prestaging computer accounts allows you to control exactly which RIS clients and servers can communicate with each other.
Prestaging involves creating a computer account for the computer before deployment using the GUID/UUID assigned to the computer. A computer's GUID/UUID is supplied by the manufacturer and must be entered in the format {dddddddd-dddd-dddd-dddd-dddddddddddd}, where d is a hexadecimal digit, such as {AEFED345-BC13-22CD-ABCD-11BB11342112}.
To obtain the GUID/UUID, you need physical access to the computer. Look for a label on the side of or within the computer case. You might need to access the computer's BIOS to find the GUID/UUID. A helpful tool for obtaining the GUID/UUID from BIOS is the BIOS Information script, which is available through the Remote Installation Scripts link on the Web Resources page. The current Uniform Resource Locator (URL) of the Web Resource page as of this writing is http://www.microsoft.com/windows/reskits/webresources. If you have the Windows Server 2003 Deployment Kit, use the Get RIS Client BIOS Information script (ACIRIS_14.vbs) on the CD-ROM.
Inside Out: How are GUIDs/UUIDs used with computers that aren't prestaged?
If you elect not to prestage computers, you don't have to worry about GUIDs/UUIDs. During installation, the UUID is automatically obtained or generated as necessary. For PXE-enabled systems, the UUID is obtained from the PXE-enabled NIC and is stored in Active Directory with the computer account during installation. The UUID for a non-PXE client is generated by prefixing 20 zeros to the MAC address of the installed NIC and requires a RIS remote book disk (and a compatible network adapter) to use RIS. When using the remote boot floppy disk, turn on the computer (with the boot floppy disk in the drive). The remote installation process either waits for you to press F12 (default) or automatically starts Setup (if configured).
Prestaging computer accounts increases RIS installation security by letting you control which computers can authenticate during the remote installation process. You limit which clients an RIS server responds to by selecting the Do Not Respond To Unknown Clients option during RIS setup or in the Remote Install tab of the RIS server's computer account Properties page in Active Directory.
To prestage an account in Active Directory, go to the OU where you want the computer account to reside, and create a new computer account. You are prompted for the computer name and to specify which security groups are authorized to add this computer to the domain (as shown in the following screen). Set the computer name and select the security group(s) responsible for the remote installation.
Next, you designate the computer account as a managed computer and specify the GUID/ UUID for the computer (as shown in the following screen). This enables it to interact with RIS, functioning as the preestablished computer account in Active Directory required to complete the RIS installation.
The GUID/UUID assigned to each computer account must be unique. If a duplicate is detected when you are creating computer accounts during prestaging, you are prompted to change the ID, query for duplicates, or accept it as is.
The RIS server that will be used for this computer's installation is specified next—you can choose either to allow any RIS server to be used or to configure a specific RIS server to be used. In the following screen, the Mythical.org RIS server has been selected for this prestaged computer account.
Once you complete the computer account creation, you can view the RIS client properties established for the account in the Remote Install tab, where the GUID/UUID and the designated RIS server are displayed and configurable (as shown in the following screen).
