Installing Your First Client

You're almost ready to start rolling out your clients. Remember that your clients need network cards that are PXE Boot ROM-capable. To use the NICs that have the ROM code built right onto the card, watch for the PC to flash "Hit F12 for Network Boot" upon reboot. If your computer doesn't flash that message (or something similar), you'll need to check the network card's BIOS, the PC's BIOS, or both to see if the PXE feature is disabled, or you can create the PXE Boot ROM emulator disk as described in the next section.

Creating a Remote Boot Disk

The code to write an RIS boot disk is less than 1Kb. Therefore, creating a remote boot disk takes only a moment. Moreover, the PXE boot disk supports a slew of network cards. If you have multiple cards that you need to boot from, it doesn't matter what brand the NIC is, since all are supported by the same floppy. To create your PXE Remote Boot Disk, follow these steps:

image from book
RIS versus PXE

Many other vendors use PXE technology, but their tools might not hook into RIS. Indeed, if RIS is installed alongside some third-party tools, clients can get confused about what server is going to serve them, and you might get unpredictable results.

Some tools that use PXE technology (but aren't related to RIS) include On Technology's CCM (recently bought by Symantec), PowerQuest's v2i builder (also recently bought by Symantec), and Norton Ghost (also by Symantec). It seems like a little monopoly is happening over at Symantec with regard to these tools.

image from book
 
  1. Run the RBFG.EXE program from the \Admin\i386 directory where you installed RIS. Click Start ˜ Run, and type R:\RemoteInstall\Admin\i386\rbfg.exe in the Open dia log box.

  2. Put a blank floppy in the floppy drive and click the Create Disk button to start the boot disk generation.

  3. When prompted to create another disk, click No, and click Close to close the "Microsoft Windows Remote Boot Disk Generator."

Note 

If your card isn't listed, you still have a ray of hope. Check out Argon Technologies at www.argontechnology.com/mbadisk/index.shtml and www.emboot.com/ . It makes special PXE boot floppies that could support your hardware!

With boot disk in hand, you're ready to install your first client.

Warning 

Running RIS on your workstations completely formats the first hard drive.

To use RIS to install a client, follow these steps:

  1. Insert the floppy disk you just made in the previous exercise into the client computer and turn on the machine.

  2. The boot floppy will query for the nearest DHCP server and get an address. When prompted, immediately press F12 to start the DOS-based Client Setup Wizard.

  3. When the first information screen appears, press Enter to open the Client Installation Wizard Logon screen.

  4. Enter a valid username, password, and domain. In this case, you can enter the username and password of the administrator of the domain. Press Enter to open the Client Installation Wizard Caution screen.

    Tip 

    Anyone who has the "Create Computer Object" for "This object and all child objects" of an OU right can use RIS to deploy machines.

  5. Read the text explaining that all data on the hard drive will be deleted. Agree by pressing Enter, which opens the Client Installation Wizard Information screen.

  6. Verify that the information is correct and press Enter. This is your last chance to reset the machine to abort the installation.

    Tip 

    If you ever need to know the GUID of a machine but can't find it anywhere else, you can use this screen to get the information and then cancel at this point.

  7. The "Blue Screens of Life" will appear, load some necessary files into RAM, automatically format the hard drive, and start the installation.

  8. Remove the floppy from the drive and take a coffee break. It will be a while before you can get to the next step. If the floppy is out of the drive, the machine will automatically reboot and then start and finish the graphical part of the installation.

If all goes well, the computer will be left at a logon prompt, waiting for the user to log on for the first time.

image from book
Mere Mortals Can Add Only 10 Workstations

In Windows NT, only administrators can add computer accounts to the domain. Now, under Active Directory, the Authenticated Users group can add computer accounts to the domain via the Add Workstation to Domain user right. But there's a catch. Each authenticated user can add only 10 new computer accounts. On the next try, the user is presented with the error message: "The machine account for this computer either does not exist or is unavailable."

This is a little-known problem that has three little-known solutions.

Administrators can pre-create the computer accounts.

Administrators can create as many accounts as they like. They are exempt from the "10 strikes and you're out" rule.

You can grant the "Create Computer Objects" (and if desired) the "Delete Computer Objects" rights to the Computers folder in Active Directory.

These rights are different from the Add Workstation to Domain user right that all Authenticated Users are given. To make this change, follow these steps:

  1. Choose Start ˜ Programs ˜ AdministrativeTools ˜ Active Directory Users and Computers.

  2. Choose View ˜ Advanced to enable the Advanced view.

  3. Right-click the Computers folder, and choose Properties from the shortcut menu to open the Properties dialog box.

  4. Click the Security tab, and then click the Advanced button to open the Advanced Settings for Computers properties.

  5. On the Permissions tab, click Authenticated Users, and then click the Edit button to open the Permissions Entry for Authenticated Users.

  6. Before proceeding, make sure the "This Object and All Child Objects" option is displayed in the "Apply Onto" box.

  7. In the Permissions list, click the Allow check box for "Create Computer Objects" and, optionally , "Delete Computer Objects" as seen here.

image from book

Use ADSI edit to manipulate the ms-DS-MachineAccountQuota to increase (or decrease) the value to the desired number of times a user can create a computer account.

  1. Load an MMC console with the "ADSI Edit" snap-in.

  2. Expand the Domain NC partition to expose the first level, which is the domain. Right-click the domain and choose Properties to open the Properties dialog box.

  3. Ensure that you have the Attribute Editor tab selected.

    image from book
  4. In the Select a Property to View drop-down list box, select ms-DS-Machine-AccountQuota .

  5. Click Edit to open the Integer Attribute Editor dialog box.

  6. In the Value field enter the desired number of times a user can create computer accounts, and then click OK.

  7. Click OK to close the Domain Properties dialog box.

image from book
 
Warning 

By default, new client machines born via RIS will have no Administrator password. You can gain finite control over many aspects of an unattended installation, including Administrator password, via tools in the Resource Kit. See the section on "How to Create Your Own Automated RIS Answer files" later in this chapter, as well as the Resource Kit documentation, specifically UNATTEND.DOC for more information. On Windows XP machines, the local Administrator account is disabled. If you want to change this, remove the line that says "DisableAdminOnDomainJoin=YES" from your answer file.

The Remote Installation Prep Tool ( RIPrep )

Well, you've blasted down your first base image using RIS. But RIS images can additionally contain all your base applications, if you want, including commercial and homegrown applications, provided that the application(s) are supported for imaging. Most client applications and some server applications are. Check with your vendor to be sure imaging is supported.

At this point, you need to choose one of the following:

  • Put your applications inside your RIS image.

  • Use the techniques described in the previous chapter and have clients pull down the software to your users and/or computers.

  • Use a combination of the previous two techniques such that a bunch of general applications are in the image and the remainder of the applications are deployed via Group Policy Software Installation (GPSI).

On the one hand, it's certainly faster to load an application, such as Office XP, inside the RIS image and then deploy the image all at once rather than deploying a base RIS image and then using GPSI to shoot down Office XP. But remember, our GPSI features have the added ability to upgrade packages and perform magic such as applying transform files to packages; these abilities are lost if the applications are embedded inside the RIS image.

Therefore, you'll need to analyze each application to determine if it's better to embed it inside the RIS image or deploy the package after the fact using GPSI. In my experience, in almost all cases, it's better to use GPSI to deploy your applications. Later, if you want to do some of the stuff we explored in Chapter 10, such as upgrading an existing package or revoking existing applications, you can only do so if you've originally deployed the applications via GPSIand not by installing the applications in an embedded fashion via RIS. So, for the record, if you do choose to embed applications in your RIS images, I'm presenting that information here. Again, however, I encourage you not to do this . After you install the applications on your target machine, you can simply run RIPREP from the client PC, which creates another RIS image on the server.

In this example, you'll create a special image for the Nurses group, which automatically has any application or applications loaded.

  1. Create your first RIS workstation as described in the preceding exercise.

  2. Log on to the workstation with the local Administrator account (there should be no password), and load the desired software.

  3. Since you're logged in as the local Administrator, the configuration changessuch as iconsaffect only the Administrator account. In order for the changes to take effect for every user, you'll need to copy the Administrator's profile to the Default User's profile. Right-click My Computer and choose Properties from the shortcut menu to open the System Properties dialog box. Click the User Profiles tab, select the Administrator profile, and then click the Copy To button to open the Copy To dialog box.

  4. In the "Copy profile to" field enter the path for the Default User folder, usually C:\Documents and Settings\Default User. Click the Change button to open the "Select User or Group" dialog and designate the Everyone group to be able to use the profile. Click OK to close the Copy To dialog box, and click OK again to close the System Properties dialog box.

  5. Do this at the workstation by clicking Start ˜ Run, and then typing \\windc01\reminst\admin\i386\riprep in the shared RIS directory. The RIPREP Wizard starts. Click Next.

  6. After the RIPREP Wizard starts, click Next to open the Server Name screen.

  7. By default, the server you used to create this image appears in the Server Name box. Leave the defaults and click Next to open the Folder Name screen.

  8. You can give a somewhat descriptive name for how this image will be used. Click Next to open the Friendly Description and Help Text screen.

  9. The text you enter here is displayed when administrators load RIS images. An example is shown in Figure 11.9.

  10. If you don't use a freshly installed machine, you might get a warning message stating "Multiple Profiles Detected." This warning alerts you that other users' sensitive data can be available whenever this machine is used as an image. The best advice is to use a freshly installed machine that has only been logged on with the local Administrator account. Click Next.

  11. The "Stop Services" screen may appear next. You'll see a list of the running services that will automatically be stopped . Click Next.

  12. The "Programs or Services Are Running" screen may appear next. Close all running programs, and stop any remaining running services to get the cleanest image possible. Click Next to open the Review Settings screen.

  13. Verify that the information is correct, and click Next. One additional information screen appears, stating that this process can be repeated if desired. Click Next to continue.

image from book
Figure 11.9: When running RIPREP, give the image a descriptive name.

The RIPREP image will then be uploaded to the server and can be seen as an additional image. The next time you initiate RIS with the PXE boot disk or ROM, a new menu selection will be available, asking which image to load.



Group Policy, Profiles, and IntelliMirror for Windows 2003, Windows XP, and Windows 2000
Group Policy, Profiles, and IntelliMirror for Windows2003, WindowsXP, and Windows 2000 (Mark Minasi Windows Administrator Library)
ISBN: 0782144470
EAN: 2147483647
Year: 2005
Pages: 110

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net