This section discusses the tasks necessary to implement RIS, including setting up and configuring RIS, creating an RIPrep image, creating an RIS boot disk, and verifying an RIS configuration.
After this lesson, you will be able to
Estimated lesson time: 30 minutes
To implement RIS you must complete the following tasks:
RIS requires a two-stage setup process: adding the RIS component and installing RIS.
Refer to the "RIS Server and Client Requirements" section in Lesson 6, "Implementing RIS," before attempting to set up RIS.
The first stage of RIS setup is adding RIS as an optional component. This stage copies the files required for installation to the hard disk drive on the server. You can add the RIS component during Windows 2000 Server installation or after the server installation by using Add/Remove Programs.
Follow these steps to add the RIS component:
Figure 20.24 Windows Components Wizard dialog box
The second stage of RIS setup occurs when RIS is installed. This stage installs RIS on the server.
Follow these steps to install RIS:
After the Remote Installation Services Setup wizard completes, depending on the settings chosen, the RIS server either begins servicing client computers or pauses while you set RIS configuration options. The next section describes the configuration options available to an RIS administrator.
By default, an RIS server is not configured to begin servicing client computers immediately after the installation of RIS is completed. To configure RIS you must complete the following tasks:
By specifying the RIS servers allowed to run on your network, you can prevent unauthorized (often referred to as rogue) RIS servers, ensuring that only RIS servers authorized by administrators can service clients. If an attempt is made to start an unauthorized RIS server on the network, it will be automatically shut down and thus unable to service client computers. An RIS server must be authorized before it can service client computers.
Follow these steps to authorize RIS servers:
The authorized RIS server is now listed under the DHCP node.
By setting properties on individual RIS servers, you control how the server supplies RIS to clients requesting service.
Follow these steps to set RIS server properties:
Figure 20.25 Remote Install tab
Table 20.11 Options on the Remote Install Tab of the Properties Dialog Box
|Respond To Client Computers Requesting Service||The RIS server responds to all clients requesting service.|
|Do Not Respond To Unknown Client Computers||The RIS server does not respond to unknown client computers. This option is available only if the Respond To Client Computers Requesting Service check box is checked.|
Figure 20.26 New Clients tab on the Remote Installation Services Properties dialog box
Table 20.12 Options on the New Clients Tab of the Remote Installation Services Dialog Box
|Generate Client Computer Names Using||When the client computer name is automatically generated, this option determines how the name is formatted. It provides flexibility in naming new client computers during OS installation without the need for end user or administrator involvement.|
|Customize||This option accesses the Computer Account Generation dialog box on which you can create a custom naming format for the client computer.|
|Client Account Location||This option specifies one of three directory service locations of the client computer account. Default Directory Service Location specifies that the computer account object for the client computer be created in the Active Directory location where all computer accounts are created by default during the domain join operation. Same Location As That Of The User Setting Up The Client Computer specifies that the client computer account object be created within the same Active Directory container as the user setting up the machine. Use The Following Directory Service Location allows the administrator to set a specific Active Directory container where all client computer account objects installing from this server are created. It is assumed that most administrators will select this option and specify a specific container for all remote installation client computer account objects to be created in.|
Figure 20.27 Images tab on the Remote Installation Services Properties dialog box
Administrators wishing to remotely manage their servers from computers running Windows 2000 Professional can access the administrative tools by installing the Windows 2000 Administration Tools package located on the Windows 2000 Server CD-ROM.
Figure 20.28 Tools tab on the Remote Installation Services Properties dialog box
When using Windows 2000 Administration Tools on a system other than the RIS server, the administrator cannot add additional OS images or verify the integrity of the RIS server. All other configuration options are available.
By setting the RIS client installation options, you can control the options presented to different groups of users during the Client Installation wizard. There are four client installation options (see Figure 20.23) that can appear on the Client Installation wizard:
The Automatic Setup option is the client installation option that all users of the Remote OS Installation feature have access to by default. The Automatic Setup option allows you to restrict the OS installation options so that that the user simply logs on and the OS installation starts automatically. The user is not prompted during the OS install, which avoids calls to help desk professionals for assistance and saves the organization additional expenses in support costs.
While restricting installation options, you can still allow users to choose the OS for installation. Remote OS Installation allows you to provide a friendly description and associated help text that describes the OS options so that an end user can choose the most appropriate OS.
By preselecting the Remote OS Installation configuration options, you predefine the automatic machine naming format and the location within Active Directory where client computer accounts will be created.
The Custom Setup option is very similar to the Automatic Setup option, but it also allows you to set up a computer for another person within the organization. This option can be used to fully preinstall a client computer or to prestage the client computer by creating a corresponding computer account within the Active Directory service.
The Custom Setup option lets you override the automatic computer naming and location where the computer account is created within Active Directory. By default, the RIS server will generate a computer name based on a format defined by the Remote OS Installation administrator. You can also define where client computer account objects (CAOs) will be created in the Active Directory service during the installation. By default, the automatic computer naming policy is set to create computer names based on the person who logs on to the Client Installation wizard.
The Restart A Previous Setup Attempt option is provided in the event that the installation of the OS fails for any reason. The Client Installation wizard can be customized to ask a series of questions about the specific OS being installed. When restarting a failed OS setup attempt, the end user is not asked these questions again. Rather, Setup already has this information and simply restarts the file copy operation and completes the OS installation.
The Maintenance And Troubleshooting option provides access to third-party hardware and software vendor tools. These tools range from system BIOS flash updates and memory virus scanners to a wide range of computer diagnostic tools that check for hardware-related problems. These tools are available before installing and starting the OS on the client computer.
If the option to display the Maintenance And Troubleshooting menu is enabled, user access to individual tool images is controlled in the same way as OS options, by setting specific end user permissions on the individual answer file (.sif) for that tool. For example, you can allow end users access to only one computer diagnostic tool while providing help desk professionals with access to the entire suite of diagnostic tools. When the user calls a help desk professional for assistance, the professional can guide him or her through the diagnostic tool to get the information necessary to diagnose the problem. If the help desk staff must visit the end user for further investigation, they simply log on to the Client Installation wizard and, based on their credentials, they can access the tools they need to resolve the problem.
Follow these steps to set client installation options:
In the Choice Options Properties dialog box (see Figure 20.29), the following installation options affect how the Client Installation wizard appears to users:
Figure 20.29 Choice Options Properties dialog box
Because the changes that you make to RIS policy take effect only when the policy is propagated (applied) to your computer, do one of the following to initiate policy propagation:
- Type secedit /refreshpolicy user_policy at the command prompt, and then press Enter.
- Restart your computer.
- Wait for automatic policy propagation, which occurs at regular, configur-able intervals. By default, policy propagation occurs every 8 hours.
By specifying which users or groups of users should have access to the RIPrep OS images available on the RIS server, you can guide users through the selection of the unattended OS installation appropriate for their role within the company. By default, when an OS image is added to an RIS server, the image is available to all users serviced by that RIS server.
Follow these steps to set RIPrep image permissions:
To reduce the work involved in maintaining the security applied to images, where possible, set the security on the Templates folder of the image rather than the individual .sif files. Grant or restrict access to groups rather than individual users.
To build and maintain standard desktops, many organizations use disk imaging or cloning software that allows you to configure a client computer exactly as you want it, and then make a copy of that image for installation on client computers on the network. Remote OS Installation supports creation and installation of standard desktop images using RIPrep images.
Before you can create an RIPrep image, you must complete the following tasks:
To create the source computer, use the Remote OS Installation feature to remotely install the base Windows 2000 Professional OS. Once the OS is installed, you can install applications or application suites, including in-house line of business (LOB) applications. Then configure the workstation to adhere to company policies. For example, you may choose to define specific screen colors, set the background bitmap to a company-based logo, remove any games installed by the base OS, and set Internet Explorer proxy settings.
When creating RIPrep images, it is important to understand the relationship of user profiles, the changes made to an RIPrep source computer, and the desired result for users that log on to computers that are installed using the RIPrep image. Applications that carry the "Certified for Windows" logo properly separate user-specific and computer-specific configuration settings and data, and can therefore be installed computer-wide so that they are available to all users of the system. Such applications would also then be available to all users of systems later installed with the resulting RIPrep image. Non-Windows 2000-compliant applications may perform and/or rely on per-user configurations that are specific to the profile of the user actually installing the application prior to running RIPrep (typically a local administrator), rather than to all users of the system. Such configurations remain specific to that user, which may result in the application or configuration setting not being available or not functioning properly for users of computers installed with the RIPrep image. In addition, some nonapplication configuration changes, such as the wallpaper specified for the user desktop, are by default applied only to the current user's profile and will not be applied to users of systems installed with the RIPrep image.
You must thoroughly test any applications or configuration settings desired for use in an RIPrep image to ensure they will work properly with your organization's implementation of user profiles. To test, make the change as one user (typically a local administrator of the computer), log off, and log on as a user account that is representative of your organization. If the changes you made are applied to the second user, the changes will also apply to users that log on to systems installed with an RIPrep image that contains the same change. To complete the test, create an RIPrep image, restore it to a different computer, and log on as a different representative user. Verify that the changes are applied and fully functional.
Some configuration settings can be copied directly from the profile they were applied to (the local administrator in the preceding example) the All Users profile, such as the desktop wallpaper, some Start menu options, and shortcuts. However, all such changes must be tested carefully to verify that their functionality is not broken by the manual adjustments.
When the workstation is configured exactly to specifications, you are ready to create an RIPrep image.
Follow these steps to create an RIPrep image:
If the source computer contains a 1 GB disk drive and the destination computer contains a 2 GB disk drive, by default RIS formats the destination computer's drive as a 2 GB partition in the same file system format as the source computer used to create the image.
After the initial image questions have been answered, the wizard configures the workstation to a generic state, removing anything unique to the client installation such as the computer's unique security identifier (SID), computer name, and any registry settings unique to that system. Once the preparation phase is complete, the image is automatically replicated to the RIS server provided. After the image is replicated to the RIS server, it is added to the list of available OS installation choices displayed within the Client Installation wizard. At this point, any remote boot-enabled or compatible client computers that use the PXE-based remote boot technology can install the image.
When you use the Remote Installation Preparation wizard to create an installation image of a client computer that was originally installed using a retail version (rather than a Select or original equipment manufacturer [OEM] version) of Windows 2000 Professional, the RIS unattended setup answer file (RIPREP.SIF) must be modified to include the product identification number (PID). The PID is a unique identification number specific to each copy of Windows 2000 Professional used to identify the OS installation and track the number of copies installed throughout an organization.
If the PID is not entered in the RIPREP.SIF file, the installation process stops and the user is prompted for the PID information during the installation of that RIPrep image.
Follow these steps to include the PID in the RIPREP.SIF file:
The PID for each client installation is randomly generated using the PID entered in the RIPREP.SIF file.
When the source computer OS is installed from the Select or OEM version of the Windows 2000 Professional CD, the PID does not need to be modified in the RIPREP.SIF file.
You must create a boot disk to support existing client computers that do not have a PXE-based remote boot-enabled ROM but do have a supported network adapter. The RIS boot disk works like the PXE boot process. First you: turn on the computer, booting from the RIS boot disk. Then you immediately press F12 to initiate a network service boot, and the Client Installation wizard is downloaded and starts. Once the Client Installation wizard starts, the rest of the RIS process is identical regardless of whether the client was booted using a PXE boot ROM or the RIS remote boot disk.
Follow these steps to create an RIS boot disk:
Figure 20.30 Windows 2000 Remote Boot Disk Generator dialog box
You can use the boot disk only with computers that contain supported PCI-based network adapters. To view the list of supported network adapters, click Adapter List in the Windows 2000 Remote Boot Disk Generator dialog box.
RIS enables you to check the integrity of the RIS-enabled server. You can verify an RIS configuration if you suspect that the server is failing, if you are currently seeing inconsistent behavior, or if you need to restore an RIS volume from backup. The Check Server wizard checks whether all of the settings, services, and configuration options are correctly set and functioning.
Follow these steps to verify an RIS configuration:
If you are verifying the server configuration because you need to restore an RIS volume from backup, you must verify the server configuration before you restore the volume.
In this lesson you learned about the tasks necessary to implement RIS, including setting up and configuring RIS, creating an RIPrep image, creating an RIS boot disk, and verifying an RIS configuration.