RIS is a cool new feature of Windows 2000 Server that allows administrators to install Windows 2000 Professional on client computers without ever touching the computer. You can also use RIS with the IntelliMirror technologies (User Settings Management, User Data Management, and Software Installation and Maintenance) to install Windows 2000 Professional remotely and then automatically add a user's personalized work environment—complete with the user's computer settings, software applications, and data.
It's not hard to see the advantages RIS offers to an administrator who is short of both time and money. The sections that follow describe how RIS works, help you determine whether your network meets the requirements for RIS, and explain how to install, configure, and use RIS to set up client systems.
NOTE
If the system doesn't support Preboot Execution Environment (PXE) network booting, you may have to insert an RIS boot disk in the system, but otherwise you don't have to touch it unless you want to.
RIS is a combination of technologies that provides the nifty ability to easily boot a system and install an operating system from a remote server—all without needing any data on the system beforehand.
The first technology that facilitates the ability to install an operating system remotely is the Preboot execution Environment (PXE). PXE allows a user of a computer with a PXE-compliant network interface card (NIC) to boot directly from the network by pressing F12 at bootup.
When the client boots to the network using a PXE-compliant NIC (or a network boot disk and a NIC that is supported by the disk), it requests an IP address from a Dynamic Host Configuration Protocol (DHCP) server, which also supplies the IP address of the nearest RIS server.
When a prestaged client contacts the RIS server, the RIS server queries the Active Directory for the unique GUID for the client and then transmits the name of any operating system images the client is permitted to install automatically. If the client isn't prestaged, it must log on to Active Directory and use the Client Installation Wizard to select an operating system image. (RIS uses Group Policy to determine which images the user has access to, and it displays only those images.)
RIS servers need to meet the minimum system requirements for Windows 2000 Server and in addition must have a separate 2-GB hard disk or partition for the operating system images. (You can get by with less if you deploy only a couple of images.) As was mentioned in Chapter 5, however, you shouldn't be using a system that meets only the minimum system requirements, especially when it comes to RAM. Don't deploy a server with less than 128 MB of RAM, and if you're going to combine services such as Active Directory, DHCP, DNS, and RIS, get 256 MB of RAM or more; the extra cost is small and the performance gain is large. In addition, RIS must be installed on an NTFS 5 formatted partition that is separate from the system partition. RIS doesn't support Dfs links or Encrypting File System (EFS) files.
TIP
Operating system images stored on an RIS server can be synchronized with operating system images on other RIS servers via the use of Dfs. However, RIS cannot follow Dfs links, so all needed data and images must be stored locally.
RIS clients also need to meet or preferably exceed the minimum system requirements for Windows 2000 Professional, and in addition should have a 10 Mbps or preferably 100 Mbps NIC that supports PXE remote boot or is explicitly supported by the remote boot disk. (See the section "Creating a Remote Boot Disk" later in this chapter for more information.)
Before you can use RIS on the network, you need to install it, of course. Once you've chosen the server you want to use as an RIS server, use the following procedure to install the service and run the initial setup wizard:
Figure 24-15. The Add/Remove Programs window.
Figure 24-16. Specifying a friendly description and help text for an operating system image.
The Remote Installation Services Setup Wizard does an adequate job of setting up the server with all of the default settings, but sooner or later you're going to need to tweak these settings. The next several sections tell you how.
TIP
You can administer most functions of an RIS server from a Windows 2000 Professional system by installing the Windows 2000 Administration Tools (Adminpak.msi) from the i386 folder of the Windows 2000 Server CD-ROM. This tool also allows you to administer most other server services from a Windows 2000 Professional machine.
If all client computers that use RIS to install an operating system are to contain the same settings, all RIS servers need to be configured in exactly the same way. Windows 2000 doesn't support replication of operating system images or RIS configuration settings between RIS servers. You can, however, use the replication capabilities of SMS for image replication between RIS servers.
To enable the RIS server to respond to client requests or to disable the RIS server from serving client requests, follow these steps:
Figure 24-17. The Remote Install tab of an RIS server's Properties window.
REAL WORLD Reasons for Ignoring Unknown Clients
Selecting the Do Not Respond To Unknown Client Computers check box adds one extra step (creating a computer account for a client) to the process of deploying Windows 2000 Professional, but it does so for a couple of good reasons. The first reason for the added step is security. If this check box isn't selected, anyone who can reach the server can receive an operating system installation, provided that the user has adequate permissions.The second reason is compatibility with existing remote-boot applications. If you don't select this check box and you are using another company's remote boot/installation program on the network, clients may not be able to reach the other program. When you clear this check box, you ensure that only prestaged clients with registered computer accounts will use RIS. See the section "Prestaging a Client" later in this chapter for more details.
The most reliable way to determine whether an RIS server is working is to attempt an operating system installation from it. However, this is predictably inconvenient, and it's often handy to be able to check on basic functionality directly from whatever computer you're using to manage the server. Microsoft has provided the Check Server Wizard for just this purpose. To use it, follow these steps:
NOTE
The Check Server Wizard checks only that the RIS server is properly set up. It doesn't check the integrity of any operating system images on the server or the ability of clients to properly reach the server across the network. If you experience any problems, check the server's event log and check the functionality of the DHCP, DNS, and Active Directory services.
You may want to view a list of clients that have used the server to install Windows 2000 Professional or that are prestaged to install Windows 2000 from the server. To do so, follow these steps:
You might want to change how RIS configures clients, especially if your company has its own computer naming convention. By default, the computer name is created by appending a number to the user name used to log on to Active Directory during the client installation. This can be changed to another scheme if desired.
The Active Directory location in which the new client computer account is created can also be changed. The default location is in the Computers container in the same domain as the RIS server, but you can change this to the same container as the user's user account (probably the Users container) or to any other location in Active Directory. Note that if an end user will be setting up the computer, the user's account needs to have sufficient permissions to create a new computer account in the specified location, unless the system is prestaged, as described in the section "Prestaging a Client" later in this chapter. To change the way in which RIS configures new clients, use the following procedure:
Figure 24-18. Selecting a predefined computer naming format.
TIP
You can combine several fields when defining a computer naming format. For example, the string %1First%10Last%# would yield computer names using the first letter of a user's first name and then 10 characters from the user's last name, followed by a number, such as JGEREND11.
Figure 24-19. Defining a customized computer naming format.
To create the computer accounts in the same place in Active Directory as the user's user account (probably the Users container), select the Same Location As That Of The User Setting Up The Client Computer option.
To manually specify a location in Active Directory for the computer accounts, select The Following Directory Service Location, and then click Browse and locate the appropriate container (possibly an RIS Clients container). Click OK when you're done.
Despite the fact that RIS is able to deploy only Windows 2000 Professional (support for Windows 2000 Server may be added at some point), it is often useful to maintain several different images on the RIS server. You may want to add a completely new image derived from an existing system—applications and all—or you may want to apply an answer file to an existing image to modify how the operating system is set up. (See the section "Using Remote Installation Preparation" later in this chapter for information about creating images of computers, complete with installed applications and other settings.) To manage the images, use the following procedure:
Figure 24-20. The Images tab of the RIS Properties window.
NOTE
Back up the answer files before removing them from RIS. To remove an image, not just the associated answer file, open Microsoft Windows Explorer and actually delete the physical folder containing the image.
Figure 24-21. The Select An Installation Image screen of the Add Wizard.
NOTE
RIS doesn't support unattended installs on computers containing ISA or non-Plug and Play devices.
RIS allows independent software vendors (ISVs) and original equipment manufacturers (OEMs) to add tools that are available to users and administrators for use prior to the installation of the operating system. Since client systems may have blank hard disks before Windows 2000 is installed via RIS, the maintenance and troubleshooting tools provided by some ISVs and OEMs can be extremely useful. These tools can also provide administrators with a handy way to update such things as the client's system BIOS.
RIS doesn't ship with any tools installed, and there is no built-in mechanism for adding tools; instead, you must use the external setup program supplied with the tools to install them. You can then use the Tools tab of the Remote Installation Services dialog box (the previous section described how to display this dialog box) to view the properties for the tools or remove the tools' associated template files (files with the extension .SIF), making the tools unavailable to clients.
The other way to create an operating system image for deployment with RIS is to use the Remote Installation Preparation (RIPrep) Wizard. RIPrep allows you to create a Windows 2000 Professional installation (complete with applications and settings), image it, and then deploy it using RIS.
Although this technique is very similar to using the System Preparation (SysPrep) tool included with the Windows 2000 Resource Kit in combination with a third-party disk-imaging program, using RIPrep has a couple of advantages. First, the hardware on the client systems can be completely different from that on the reference system, since RIS uses Windows 2000's Plug and Play functionality to perform a complete device scan. SysPrep performs only a partial device scan and still requires systems to have identical mass storage controllers. (See Chapter 5 for more information.)
Second, there is no need to copy the system image to the client's hard disk, since all information is pulled from the RIS server after performing a network boot. In addition, the installation process can be automated to such a degree as to obviate the need for trained supervision of the installation—even most untrained users will have no trouble starting a RIS installation.
CAUTION
The operating system and all applications and files must be installed in a single boot partition on the C: drive of the reference computer in order for RIPrep to function properly.
To create an operating system image using RIPrep, follow these steps:
Figure 24-22. Specifying a friendly description and help text for an installation image.
REAL WORLD Remote Installation Cautions
Make sure that the BIOS on both the reference system and the RIS clients has up-to-date Advanced Configuration Power Interface (ACPI) support with a date of January 1, 1999, or later. RIPrep doesn't support mixing ACPI and non-ACPI systems, and we don't recommend it. Certain desktop shortcuts may not work properly on RIS clients made from RIPrep images. For example, Microsoft Outlook 2000's desktop shortcut will not work after a RIPrep RIS installation. To fix this, disable 8.3 name creation on the reference computer before running RIPrep. For information on how to do this, consult the Microsoft Knowledge Base. You cannot include encrypted files in a RIPrep image.