Installing Windows 2000 | Microsoft Windows 2000 Server Administrators Companion

How you choose to install Windows depends on what is already on the server, where the installation files are, and how many installations you have to do.

If you only need to perform a few installations, you can manually install Windows, either from within an existing copy of Windows or by booting from the Windows CD-ROM.

If you need to perform multiple installations, you can create unattended answer files to automate the setup process, use SysPrep to clone a computer with Windows and applications already installed, or use Remote Installation Services (RIS) to perform automated installations from across the network (RIS is discussed in Chapter 25).

Manually Installing Windows

The most basic way of installing Windows is to manually go through each Setup screen (instead of automating the process). This is fine when doing a few installations or when you're familiarizing yourself with the installation process. However, it's a tedious and slow method of deploying systems en masse, so for multiple installations, automate the process using answer files, SysPrep, or RIS.

The Phases of Setup

The Windows setup process consists of several phases that vary somewhat depending on how you initiate the installation.

If you install from Windows, Setup gathers information and copies the files that are necessary for the computer to boot into text-mode setup, which it then reboots into. You then (optionally) select the appropriate partition, after which Setup installs a minimal version of Windows to the hard disk and reboots into the graphical user interface (GUI)-based Windows Setup Wizard, which collects more information, configures the devices, and finishes copying files. After this, Setup is complete, and the computer reboots into Windows proper.

If you boot the system from the Windows CD-ROM, Setup launches straight into text-mode setup, where you select the partition on which you want to install Windows. Setup then installs Windows to the hard disk and then boots into the GUI-based Windows Setup Wizard. The Setup Wizard then collects information, configures devices, and finishes installing files to the computer. Setup reboots the computer when it's finished.

If you boot the system with a Windows 98 boot disk and then run Setup, Setup copies the necessary files to the hard disk to boot into text-mode setup and then reboots into text-mode setup. Setup then performs the same process it would perform if you booted from a Windows CD-ROM or (or setup boot disks).

If you already have a copy of Windows 2000, Windows NT 4, or Windows 98 installed on the server, the easiest way to install Windows is to run the 32-bit version of setup (Winnt32.exe). To do so, follow these steps (if there isn't already a copy of Windows on the computer, see the sidebar "Installing Windows on a Blank Disk"):

Disconnect the server from the Internet, even if it's destined to become a Web server (you can leave the server connected to the local network, as it is presumably placed securely behind a firewall).
From within Windows, insert the CD-ROM for the version of Windows you're installing (Windows 2000 Professional, Windows 2000 Server, and so on) and click Install Windows as shown in Figure 5-1. If this screen doesn't appear, launch Setup.exe from the Windows CD-ROM, or Winnt32.exe from the \i386 folder on the CD-ROM.

Figure 5-1. The Windows AutoPlay window.
To install Windows from across a network, launch the Winnt32.exe program on the network drive containing the Windows setup files, and then proceed with Setup normally (see the section Creating a Distribution Folder later in this chapter for advanced tips on network installations).
Choose Install A New Copy Of Windows 2000 (Clean Install), as shown in Figure 5-2, and then click Next to perform a clean install of Windows. This installs Windows into a new folder on the hard disk. (For information on upgrading Windows, see Chapter 7.)

Figure 5-2. Windows Setup.
Read through the licensing agreement, choose the I Accept This Agreement option, and then click Next.
Enter the product key from the Windows CD-ROM packaging and then click Next.
In the Select Special Options window shown in Figure 5-3, optionally click Advanced Options to change the file copying behavior of Windows Setup. Then use the Advanced Options dialog box shown in Figure 5-4 to change the following settings and click OK when finished:
- The source for the Windows Setup files (a CD-ROM or network location).
- The name of the folder into which you want to install Windows.
- Whether or not to copy all installation files onto the hard disk before restarting Setup (so that the files remain available even if the network source of the setup files becomes unavailable during setup, such as if the network adapter is unsupported by Windows 2000 Server).
- Whether or not you want to specify the hard disk partition used for Windows.
Figure 5-3. The Select Special Options window.

Figure 5-4. The Advanced Options dialog box.
Click Accessibility Options to optionally enable the use of Microsoft Magnifier and/or Microsoft Narrator during setup for visually impaired users.
Click Language Options to optionally install additional character sets. Select the desired languages, click OK, and then click Next.
You can change the language options after installation by using Control Panel.
Click Next in the Directory Of Applications For Windows 2000 screen.
If prompted, select Yes to upgrade the drive to NTFS and then click Next.
Setup then copies the installation files to the computer. After Setup finishes copying files, it restarts the computer and boots for the text-based part of Setup (you might need to temporarily remove the CD-ROM to properly boot into Setup).
If you need to load special mass storage drivers (such as drivers for a Small Computer System Interface [SCSI] or RAID controller) or a custom HAL, press F6 when the computer reboots into the text-based part of Setup. To manually specify a different HAL, press F5.

Real World

Installing Windows on a Blank Disk

If you don't have a copy of Windows already installed on the server, you need to boot the system with the Windows CD-ROM. To boot from the Windows CD-ROM, insert the CD into the drive and reboot the system. When prompted, press the any key (just teasing—press a key) to boot from the CD. If Setup doesn't launch automatically, you might need to configure the BIOS boot order to tell the system to use the CD-ROM drive before the hard disk drive.

If you are unable to boot from the CD-ROM or you need to install from a network share, you can use the Windows 2000 Setup boot disks, or you can use a boot disk created with Windows 98—the only solution if you want to install from a network source (although Windows XP and the Windows .NET Server family can create bootable floppy disks, these disks don't contain SmartDrive, making the installation process hours longer than it should be). After booting from the floppy, launch the Winnt.exe program from the \i386 folder on the Windows CD-ROM or network source (the floppy disk needs to have appropriate network drivers loaded to access network shares).

After booting from the Setup boot disks or launching the Winnt.exe program the computer reboots into the text-based phase of Windows Setup, as described in the next section (make sure to eject the floppy disk before the reboot).
When the Welcome To Windows Setup screen appears, press Enter to continue with Setup.
Read the licensing agreement and then press F8 to continue, if this screen appears.
In the next screen (shown in Figure 5-5), you're asked to choose the disk and partition on which you want to install Windows (this screen only shows up if you selected the I Want To Choose The Installation Partition During Setup option in step 6 of this section, or if you booted from the Windows CD-ROM or boot disks). All recognized drives and partitions on the system are displayed, organized by SCSI or Integrated Device Electronics (IDE) ID, and bus number. Select a partition or unpartitioned space by using the arrow keys on the keyboard.

Figure 5-5. Choosing a disk partition for Windows 2000.

If you have a removable drive with a capacity of 829 MB or more, you can install Windows onto a removable disk. This step is recommended only for parallel installations for recovery or testing purposes, not for the primary installation of Windows.
To delete the selected partition, press D; to create a new partition, select some unpartitioned free space and press C. If you choose to create a new partition, you are prompted to format the partition using either the NTFS or FAT file system, using either a quick format or a full format. Choose the NTFS Quick format if you know the disk has no bad sectors or history of file corruption, otherwise choose NTFS Full Format and press Enter.
Deleting a partition erases all information on that partition. Don't delete a partition unless all data on the partition is reliably backed up.
After you finish modifying the partitions, select the partition on which you want to install Windows, and press Enter.
Setup confirms the choice of partitions (and warns you if there's an existing operating system on the partition) and gives you the option of converting the partition to the NTFS file system if it's not an NTFS partition already. If you want to reformat the hard drive, choose the Format With NTFS option and press Enter (this erases all data on the selected partition).
Setup checks the hard disks for errors and then copies the appropriate files into the newly created Windows folder (named \Winnt by default). After Setup finishes copying files, it prompts you to remove any floppy disks or CD-ROMs, and then it reboots the system and starts the Windows 2000 Setup Wizard.
The Setup Wizard detects and configures the devices installed on the computer. If Setup can't properly detect a device, it displays a Device Configuration dialog box for manual configuration of the device.
The hardware detection part of the setup process is where problems occur most frequently. If the system becomes unresponsive or doesn't progress for a long time (give it 30 minutes to an hour if possible), press the Reset button on the computer to restart the computer. Setup automatically resumes where it left off, and usually completes Setup successfully.
After the hardware is detected, you are prompted to configure the regional settings, if you haven't already. These settings affect such factors as keyboard layout and how dates and currency values are displayed. Configure these options as appropriate and then click Next.
You can use the Regional Options tool in Control Panel to change regional settings after you install Windows, so you probably don't need to linger over these dialog boxes.
Enter the name of the person the computer will be registered under (if you haven't already), as well as the organization.
Enter the product key if you haven't already, and then click Next.
Choose the licensing mode in the next window (shown in Figure 5-6), either Per Server or Per Seat. If you choose Per Server, specify how many CALs you purchased. See the sidebar "Licensing" earlier in this chapter for more information on licensing.

Figure 5-6. Per Server and Per Seat licensing modes.

You can use the Licensing Control Panel tool after installing Windows to modify the licensing options.
Enter the name for the computer in the Computer Name text box. The computer name can contain the numbers zero to nine, uppercase and lowercase letters, and the hyphen character, but no spaces, underscores, or periods. The name should be DNS-compatible and can be a maximum of 63 characters in length, but in the interest of compatibility with pre-Windows 2000 clients, it should be 15 characters or shorter. See the sidebar "Naming Computers" later in this chapter for advice on naming schemes.
After entering the computer name, enter an administrator account password up to 14 characters long in the Administrator Password text box, and type it again in the Confirm Password text box. Click Next.
Press Shift+F10 at any time during the Windows Setup Wizard to open a command prompt from which you can do devious things, such as inspect log files or launch a screen capture program.

Real World

Password Security

To make the system as secure as possible, always assign a password to the administrator account, preferably a password at least seven characters long and consisting of mixed letters and special characters, uppercase and lowercase. We like to use acronyms for phrases that are meaningful to us, easy to remember, and unlikely to be meaningful or memorable to anyone else, such as Uk,Ur?Ue! (You know, you are what you eat!)

You should also clear the logon history after installing Windows so that would-be hackers must figure out both the password and the user name. Another good precaution after installation is to use the built-in Administrator account to make a second account with full administrative privileges. This account can have a generic name, or you can call it something descriptive. Use it for all the day-to-day administrative work. Assign a special secure password to the built-in Administrator account and rename it from the default. Stash the password and name somewhere safe and relegate that account to semiretirement. Because it's possible to disable any administrator account, including the built-in Administrator account, it's wise to have a backup account. That way, you'll always have an uncontaminated known-to-be-good administrator account to which you can resort, just in case.
Use the next window to select the components to install at this time (Figure 5-7), such as Terminal Services (which allows you to remotely administer the service; this is identical to the Windows XP Remote Desktop feature). To install an option, select the check box to the left of the option, or select the option and click Details to modify the subcomponents that you want installed. (For a list of components and their descriptions, see Appendix B.)
Internet Information Services (IIS) is installed by default and opens the server to viruses and security exploitation (although this isn't as big a deal on a private network, there's still no point in opening up more security risks). We recommend that you not install IIS during Windows setup, even if the server is destined to become a Web server, unless the Windows installation files already have the latest service pack applied.

Figure 5-7. The Windows 2000 Components window.
Review the date, time, and time zone information, make any necessary corrections, and then click Next to configure the network settings.
In the Dialing Location window that is displayed if Setup detects a modem, select the country, enter the area code of the phone line (if any), enter any codes needed to get an outside line, and then click Next. (You can choose additional locations or modify the current location by using the Phone And Modem Options tool in Control Panel after you've finished Setup.)
If you checked Windows Terminal Services, choose the appropriate mode operation—most likely Remote Administration Mode—and then click Next.
Choose the Typical Settings option to install the following commonly used network protocols and services: Client for MS Networks, File and Printer Sharing for MS Networks, and TCP/IP configured to use DHCP (or Automatic Private IP Addressing [APIPA] if no DHCP server is available).
To specify your own network settings, choose the Custom option and click Next. Otherwise, click Next and then skip to step 36. Setup displays the default list of networking components, as shown in Figure 58, which you can modify to suit your needs.

Figure 5-8. The Networking Components window.

Don't disable NetBIOS over TCP/IP, as doing so disables browsing and causes problems logging onto Windows NT 4 domains. If Windows Internet Name Service (WINS) is used on the network, make sure to enable it if TCP/IP settings aren't obtained from a DHCP server.
To install additional components, click Install, select Client, Service, or Protocol, click Add, select the desired component, and click OK.
To turn off an installed component, clear the check box next to the component, or select the component and click Uninstall to remove it from the system.
To join or create a workgroup, choose the first option in the Domain Membership window shown in Figure 5-9, and type the workgroup name in the Computer Domain text box.

Figure 5-9. The Domain Membership window.
To join an existing domain, click the second option and enter the domain name you want to join in the Computer Domain text box. If you are setting up a new domain, join a workgroup or an existing domain (you'll create the new domain later, as discussed in Chapter 6 and Chapter 11).
Click Next when you're finished configuring the domain or workgroup settings. If you chose to join a domain, a dialog box appears and asks you to enter a user name and password for a user with sufficient permissions to create a new computer account for the server. Enter your user name and password, and then click OK. Setup then logs on to the domain and configures a computer account for the server. See Chapter 3 for more information on domains and workgroups.
Setup then installs the components you specified and configures Windows. After Setup finishes this process, it deletes any temporary installation files and then prompts you to remove any CD-ROMs or floppy disks you have in your drives. Click Finish to restart the computer.
If any errors occurred during the installation process, Setup displays an error message and asks you if you want to view the Setuplog.txt log file it created. Click OK to do so. Review the file, and then click Close to restart the system.
After Setup restarts the computer, the Network Identification Wizard appears. Click Next.
Select Users Must Enter A User Name And Password To Use This Computer and then click Next (choosing the other option results in a system that is not secure, at least until this option is turned off), and then click Finish.
Lock down the server's security settings, apply the latest service pack and hot fixes, and update Microsoft Internet Explorer before reconnecting the server to the network, if possible. See Chapter 6 for more information on configuring a newly installed server.

Real World

Naming Computers

Take a few moments to think about naming conventions before you commit yourself. Many ways exist to create names on the network, from the cute to the whimsical to the sensible. Sometimes system administrators devise arbitrary schemes based on algorithms known only to them. Or they attempt to insert charm into the process of computer naming. Block those impulses!

It's easy for you to keep a map of what and where the different clients and servers are on the network, but if you make life hard on users, you pay in the long run. So naming all the domain controllers after Shakespearean characters and naming the client machines after characters in Greek mythology might make sense to you. And it does, of course, have a certain poetic grandeur. But it isn't going to help users figure out that "Cordelia" is the server in Legal and "Goneril" is the one in Production. On the other hand, using "legal_srv" for the server in the Legal department tells everyone immediately which machine it is.

Try to resist the desire to be cute with your machine names. And at all costs, avoid arbitrary names based on some formula that only you know how to crack.

Automating Windows Installations

Installing Windows 2000, like installing any operating system, takes a lot of time. Setting up multiple servers can wipe out entire days if you set up each server manually. The time you can save by automating installations for a large number of similar servers far outweighs the occasional hiccups you might encounter.

Before automating installations, run through a couple of manual installations to get a better feel for the installation process. Review the earlier parts of this chapter and pay attention during the installations. Then try using the command-line switches to partially automate Setup. Following that, use the Setup Manager Wizard to create and test the fully or partially automated setup scripts.

Don't feel that you must fully automate all setups. Using automated answer files (setup scripts) can provide significant time savings, but it's important to choose the appropriate level of automation for the particular job. That might involve creating a single answer file that you'll use to deploy hundreds of servers, or it might mean using just one or two command-line parameters to speed up the installation of a single server.

Using Setup Command-Line Parameters

You can streamline the setup process on a single machine by launching Setup using command-line parameters; you also use command-line parameters to specify an answer file to completely automate Setup.

To use a command-line parameter on a computer with Windows, boot the computer into Windows and open a command prompt window. Then type [path]\winnt32.exe[parameter], substituting [path] with the location of the Windows setup files and replacing [parameter] with the appropriate parameter or parameters you want to use. Table 5-3 shows the available parameters and what they do. (These are for use with only Winnt32.exe, the 32-bit version of Setup.)

Table 5-3. Parameters for Winnt32.exe

Parameter	Function
/checkupgradeonly	Runs a compatibility test on the computer to see whether it has any problems that would interfere with upgrading the OS. Saves a Winnt32.log report in the installation folder for NT upgrades, or an Upgrade.txt report in the Windows folder for Windows 95/98 upgrades.
/cmd:[command]	Runs the command following the /cmd: parameter after the Windows 2000 Setup Wizard completes.
/cmdcons	Enables the use of the Recovery Console at boot time for repairing failed installations. Can only be used after Windows 2000 is installed.
/copydir:[folder name]	Names an additional folder to be copied into the folder in which you install Windows 2000 (\Winnt). The folder remains after Setup completes, and additional folders can be copied by using the parameter multiple times. The folder might contain drivers or other files needed after setup.
/copysource:[folder name]	Names an additional folder to be copied into the folder in which you install Windows 2000. The folder is deleted after Setup completes.
/debug[level:filename]	Creates a debug log file with the specified level. The default creates a log file named C:\Winnt32.log with the level set to 2 (Warning).
/m:[folder name]	Specifies the location of a folder containing system file replacements. Setup checks this folder first for files to copy and then checks the installation folder.
/makelocalsource	Tells Setup to copy all installation files to the local hard disk so the files will be available later during the installation if the Windows 2000 CD-ROM or network share is inaccessible.
/noreboot	Tells Setup not to reboot after the initial Windows NT/95/98/2000 file copy phase of Setup is complete. This allows you to run additional commands before continuing.
/s:[sourcepath]	Specifies the location of the Windows 2000 Setup files. (The default is the current folder.) This must be a full path; for example, X:\path or \\server\share\path. To specify multiple paths in which Setup should search for needed files, use multiple /s: parameters. (You can also sometimes speed transfers from a server by specifying the same source more than once.) Setup fails if the first server isn't available.
/syspart:[drive letter]	Specifies a hard disk to which you want to copy the Setup startup files. This disk drive is then made active and Setup stops, allowing you to remove the disk and insert it in another computer. When you boot the new computer, the next phase of Setup automatically starts. You have to use the /tempdrive parameter in addition to the /syspart parameter (both pointing to the same drive).
/tempdrive:[drive letter]	Specifies the drive to which you want Setup to copy its temporary files and install Windows 2000 on. By default, Setup uses the partition with the largest amount of free space.
/unattend	Upgrades the previous version of Windows in unattended mode, taking all settings from the previous installation. The unattend switch may not be used by original equipment manufacturers (OEMs) selling to end users because it explicitly acknowledges understanding and acceptance of the End-User License Agreement (EULA).
/unattend:[num:answer file]	Launches Setup in unattended mode by using the answer file you provide. The num parameter specifies the number of seconds to wait after copying files before restarting the computer, and it works only when running Setup from Windows 2000. You must use the /s: switch to specify the location of the answer file.
/udf:[id,UDF file]	Specifies a uniqueness database file (UDF) to be used to modify an answer file. The ID identifies data in the UDF that should be used in a corresponding section of the ans-wer file. For example, /df:ComputerName,our_company.udf would take the Computer Name from the UDF instead of the answer file. If you don't specify a UDF, you're prompted to insert a disk that contains the $Unique$.udf file.

As you can see, many of these parameters piggyback onto other parameters, and pretty soon you can find yourself typing (and sometimes retyping) in long strings at the command prompt. If you end up doing this a lot, create a batch file (a text file with the .BAT extension) containing the setup command and parameters. Then simply launch the batch file instead of typing all the parameters.

To use a command-line parameter on a computer without an existing copy of Windows, boot the computer with a Windows 98 boot disk. Then, at the command prompt, type [path]\winnt.exe[parameter], substituting the location of the Windows Setup files for [path]. Table 5-4 shows the available parameters for use only with Winnt.exe, the 16-bit version of Setup.

Table 5-4. Parameters for Winnt.exe

Parameter	Function
/a	Turns on Accessibility features during Setup.
/e:[command]	Runs the command following the /e: parameter after the Windows 2000 Setup Wizard completes.
/i:[inf file]	Specifies the filename of the information (.INF) file used for Setup (the default is Dosnet.inf). Do not include the path to the file.
/r:[folder]	Names an additional folder to be copied into the folder in which you install Windows 2000. The folder remains after Setup completes, and additional folders can be copied by using multiple /r: parameters.
/rx:[folder]	Names an additional folder to be copied into the folder in which you install Windows 2000. The folder is deleted after Setup completes.
/s:[sourcepath]	Specifies the location of the Windows 2000 Setup files. (The default is the current folder.) This must be a full path, X:\path, or \\server\share\path. To specify multiple paths for Setup to search for needed files, use multiple /s: parameters.
/t:[drive letter]	Specifies the drive to which you want Setup to copy its temporary files. By default, Setup uses the partition with the most free space.
/u:[answer file]	Launches Setup in unattended mode using the answer file you provide. You must use the /s: switch to specify the location of the answer file.
/udf:[id,UDF file]	Specifies a uniqueness database file (UDF) to be used to modify an answer file. The ID identifies data in the UDF that should be used in a corresponding section of the answer file. For example, /udf:ComputerName,our_company.udf would take the Computer Name from the UDF instead of the answer file. If you don't specify a UDF, you're prompted to insert a disk that contains the $Unique$.udf file.

Creating a Distribution Folder

A distribution folder (sometimes called a source directory) is a shared folder on a server that contains the \i386 folder (or \ia64 folder for Intel Itanium installations) from the CD-ROM and any device drivers or other files that you add to support the specific systems.

You can create this folder manually, or you can do it while creating an answer file using the Windows Setup Manager (discussed in the next section). To create a distribution folder manually, follow these steps:

Connect to the volume where you want to create the distribution folder. Copy the \i386 folder from the Windows 2000 CD-ROM to the volume on which you want to create the distribution folder.
Create a subfolder named $OEM$ in the \i386 folder for any additional drivers or programs that will be preinstalled on the systems. All files and folders in this folder are copied into the temporary setup folder during installation.
Create any additional subfolders needed for the installations. Table 5-5 describes the special folders that you can create for use by Setup.

With Windows 2000, Windows XP, and the Windows .NET Server family, you can apply service packs to distribution folders. This not only eliminates the service pack step of the setup process, but it also ensures that any time a computer needs original Windows files from the distribution folder, it receives up-to-date files. (So service packs no longer have to be reapplied after changing the system configuration.) To upgrade a distribution folder, see the next section.

Table 5-5. Subfolders you can create to store extra files

Folder	Description
\$OEM$\textmode	The folder in which you place any hardware-dependent files for use while loading Windows 2000 Setup and during the text-mode phase of Setup. These files include any OEM HALs you might use, as well as updated SCSI, keyboard, video, and pointing device drivers. Also include the Txtsetup.oem file in this folder to control the loading and installation of these files. To create the Txtsetup.oem file, create a normal text file and list the filenames of all files in this folder. (Be sure to include this file and all files mentioned in the Unattend.txt file, under the [OEMBootFiles] section.)
\$OEM$\$$	The folder that holds any new system files or files that replace existing system files. These files are copied into the various sub-directories that are created in the Windows 2000 system folder (\Winnt). This folder must match exactly the structure of the Windows 2000 system subfolders for those folders in which you want to add or replace system files. For example, to copy new or replacement into files the \%windir%\System32 folder, create an \$OEM$\$$\System32 folder.
\$OEM$\$1	The folder in which you place files that you want copied to the drive where Windows 2000 will be installed. Equivalent to the %systemdrive% environment variable and can be used to permit drive letters to be changed without causing problems for applications that point to a hard-coded driver letter. You can also create subfolders here for the files and the entire folder structure will be copied to the system drive.
\$OEM$\drive_letter	The folder that specifies additional files and folders to be copied into the root folder of the named drive. You will have one entry for each drive having additional files. For example, the files located in the \$OEM$\C folder are copied into the root folder of the C drive during the text-mode phase of Setup. Any subfolders of the \$OEM$\C folder are also copied. All files must use short (8.3) filenames, but you can rename them after installation by including them in the $$Rename.txt file.

The \Display and \Net folders that were used in the \$OEM$ folder in Windows NT 4 are no longer used in Windows 2000. You can also place the \$OEM$ folder outside of the distribution folder if you place the path (file or Uniform Naming Convention [UNC]) to the \$OEM$ folder after the OEMFILESPATH key in the answer file.

Applying Service Packs to a Distribution Folder

To update a Windows distribution folder to the latest service pack, allowing Windows to be installed with the latest service pack already applied, use the following procedure (you can also integrate hot fixes and security updates into the distribution folder, but it's a nuisance; instead add the hot fixes to an answer file, as described later in this chapter):

Extract the service pack to the hard disk. For example, to extract Windows 2000 Service Pack 3, open a command prompt, switch to the folder storing the service pack, and then type the following command: w2ksp3.exe -x.
When prompted, enter the path of the folder in which you want to temporarily store the extracted service pack (for example, e:\w2ksp3).
Type the command e:\w2ksp3\i386\update\update.exe -s:e:\Win2000, substituting e:\w2ksp3 with the folder storing the extracted service pack, and e:\Win2000 with the path of the Windows distribution folder you want to update. (Make sure that the Windows install files are located in the \i386 folder; if they're not, create an \i386 folder and move them there.)

Don't update your existing Windows installation share if there are users currently performing installations of Windows using the network share. Bad things might happen, such as failed or corrupted installs that create unstable or nonworking systems.

You can't apply a Windows 2000 service pack to Remote Installation Services CD-based images. To work around this, copy the original Windows CD files to the RemoteInstall folder, apply the service pack, and then add the image to the RIS Server. See Microsoft Knowledge Base article Q258868 for updated information on this issue.

When you run the Update.exe file to update a Windows distribution share with the latest service pack, it creates a Svcpack.log file in the systemroot of the computer you ran Update.exe from. If you want to perform more service pack installations from the same computer, you should rename this log file before performing them.

Adding Hot Fixes to a Distribution Folder

Microsoft makes operating system hot fixes and security updates available in between service packs. Although hot fixes and security updates are technically different beasts, the way they are deployed is the same, so we'll cover them at the same time. With that said, you should only apply hot fixes on an as-needed basis because they're not regression tested and might introduce system instabilities (make sure you test them out in a nonproduction environment). Security updates should be applied more liberally, although you should still take the time to verify that the update applies to the environment, and test them out before deploying them.

You can download hot fixes and security updates from Microsoft's Security Web site (http://www.microsoft.com/security/), or from Microsoft Corporate Windows Update (http://corporate.windowsupdate.microsoft.com). We recommend that you register with Microsoft to automatically receive security bulletins by e-mail so that you'll be on top of new patches when they come out.

Most companies deploy hot fixes and security updates using Microsoft Systems Management Server (SMS), Group Policy's Software Management And Installation feature (discussed in Chapter 25), or the new Corporate Windows Update service (or the standard Windows Update if you don't mind manually installing on each system). Although you can also integrate hot fixes and security updates into a distribution folder that is integrated with the latest service pack, it's a nuisance (see the Spdeploy.doc file included with the service pack for the procedure). An easier solution is to use the following steps to copy the hot fixes into the distribution folder and add them to an answer file:

Add the following line to the [Commands] section of the Cmdlines.txt file, either using the Setup Manager Wizard (using the Additional Commands screen, which lists commands to be run at the end of an unattended setup), or manually in the [Commands] section, where Q123456.exe is the name of the hot fix or security update (named after its associated Knowledge Base article):
Q123456.exe -q -m
Rename the hot fix into 8.3 file format, and copy the hot fix executable file into the i386\$OEM$ folder, along with the Unattend.txt and Cmdlines.txt files. If you're using the Setup Manager Wizard, you can use the Copy Additional Files And Folders screen to add the hot fix to the Temporary Files folder of the distribution folder (\i386\$OEM$).

Hot fix chaining (installing multiple hot fixes with a single reboot) is supported in Service Pack 3 and later. Previously you had to reboot after each hot fix installation, or run the Qchain.exe tool after installing the hot fixes before rebooting. We should caution you, though, that Microsoft's official recommendation is still to reboot after every hot fix installation, even if you're using post-SP3 hot fixes or Qchain.exe.

Only install hot fixes released after the service pack version you're deploying. For example, if you're deploying Service Pack 3 using an integrated install, only add hot fixes that are labeled sp4 (which means that they're post-Service Pack 3). Installing hot fixes that are included with the service pack breaks the distribution folder.

Installing Plug and Play Drivers in the Distribution Folder

To configure the distribution folder with additional Plug and Play (PnP) drivers, follow these steps:

Create a subfolder in the \$OEM$\$1 folder with a name containing no more than eight characters.
Inside the subfolder you created, you can make additional subfolders to categorize the devices; for example, you might have the following directories:
\$OEM$\$1\Company\Net

\$OEM$\$1\Company\Video

\$OEM$\$1\Company\Sound
Copy the drivers and .INF files into the appropriate subfolder.
Add the appropriate lines to the answer files:
- Standard answer file users If you placed all the drivers in the single folder (for example, \$OEM$\$1\Drivers), add the following line to the [Unattended] section of the answer file (Unattend.txt or Sysprep.inf):
  OEMPnPDriversPath = \Drivers.
  
  If you created multiple subfolders for the drivers, add them to the answer file in the following format, each folder reference separated by a semicolon:
  
  OEMPnPDriversPath = Drivers\Nic;Drivers\Video;Drivers\Sound
- Remote Installation Services (RIS) users Add or modify the following lines to the [Unattended] section of the default template for the desired image (Ristndrd.sif):
  OemPreinstall = Yes
  
  OEMPnPDriversPath = Drivers\Nic;Drivers\Video;Drivers\Sound
  
  Leave the drive letter out of the paths. The system drive is automatically added to the paths.
If you're installing new drivers for a RIS-based operating system image, restart the BINL service on the RIS server after copying the files into the distribution folder. To do so, enter the following commands at a command prompt:
net Stop "boot information negotiation layer"

net Start "boot information negotiation layer"

SysPrep and RIS installations postpone installing devices with unsigned drivers until an administrator logs onto the computer. To avert this (something we don't usually recommend), add the DriverSigningPolicy = Ignore line to the [Unattended] section of the answer file. Newer versions of drivers that ship with Windows are installed only if they're signed.

Installing OEM Drivers in Remote Installation Preparation Images

Although it's tempting to add OEM drives to a Remote Installation Preparation (RIPrep)-based image by installing them on the source computer before running the RIPrep program on it, this doesn't work because RIPrep images need to be able to adapt to a wide variety of hardware. Therefore, we recommend that you use the following procedure to add drivers to RIPrep-based images:

Before running the RIPrep process (described in Chapter 25), create a folder named SysPrep on the C drive of the source computer.
Create a C:\Drivers folder to hold OEM drivers, and create any necessary subfolders, such as C:\Drivers\Video or C:\Drivers\Sound.
Create a Sysprep.inf file and place it in the SysPrep folder.
Add the following lines to the Sysprep.inf file:
[Unattended]

OEMPnPDriversPath = Drivers\Nic;Drivers\Video;Drivers\Sound
Use Device Manager to remove any devices for which you're installing updated or new drivers. Also remove any unknown devices.
Run Riprep.exe from the RIS server's network share, as described in Chapter 25.
Stop and restart the BINL service on the RIS server by typing the following commands:
net Stop "boot information negotiation layer"

net Start "boot information negotiation layer"

Installing Mass Storage Drivers

If the hard drive or installation source is attached to a device for which Windows doesn't have drivers, such as a new SCSI adapter or network card, you've got a problem. When performing a manual installation, you can always press F6 at the beginning of text-mode setup to install new mass storage drivers, but this option isn't available with unattended installations. To get around this, you need to copy the mass storage drivers to the distribution folder using the following technique:

Open the \i386 folder of the distribution folder.
Create a subfolder named \Textmode.
Copy the storage drivers into the \Textmode folder. These files should include at least one .SYS file and the Txtsetup.oem file.
Edit the Txtsetup.oem file using Notepad, and in the [disks] section, replace any floppy drive references, backslashes (\) or other path references with periods. For example, change the following line:
d1 = "Windows 2000 Driver Set 1.01", \win2kdsk1, \win2k\ultra160\

to read as follows (the path is replaced with a period):

d1 = "Windows 2000 Driver Set 1.01", \win2kdsk1, .
In the answer file, add the following lines:
[MassStorageDrivers]

"scsi controller string from txtsetup.oem" = "OEM"

For example:

[MassStorageDrivers]

"Adaptec Ultra160 Family PCI SCSI Controller (29160, 39160, etc.)" = "OEM"
Add or modify the [Unattended] section of the answer file to include the following line:
OemPreinstall = Yes

Converting Short Filenames Back to Long Filenames

The Windows 2000 text-mode setup requires the use of MS-DOS 8.3 file formats because the program is based on a 16-bit MS-DOS implementation. Thus, all files that are included in the distribution folder need to have MS-DOS-compliant short names. However, Setup converts them to long names with the use of a renaming file. To create a renaming file, follow these steps:

Open Notepad.
Using brackets, type in the path to the subfolder containing the files you want to rename (leave blank or use the backslash character [\] for the root folder).
Underneath the bracketed heading, enter each short filename you want to rename (not enclosed in quotes) followed by an equals sign and then the long filename in quotes.

Repeat step 3 with any additional subfolders in which you have files or folders that need to be renamed. A sample renaming file is shown:

 [media]
 filenm1.txt = "Your long filename here.txt"
 ding.wav = "Really loud and annoying ding.wav"
 whiz.drv = "Whizbang Deluxe Video.drv"
 [images]
 desktp1.bmp = "corporate logo.bmp"
 desktp2.bmp = "division logo.bmp"

Save the file as $$rename.txt in the distribution folder prior to running Setup.

Creating Answer Files Using the Setup Manager Wizard

When Windows is installed, the setup program pauses several times along the way, waiting for input from the user. Answer files are simple text files that supply the information a user would normally enter, thus automating most of the installation process.

Windows 2000 ships with a handy tool, Setup Manager, which graphically walks you through the creation of answer files. To use this tool, follow these steps:

For real labor savings, set up a typical server or client and then let the Setup Manager Wizard build an answer file that duplicates the configuration of the machine. Then use the answer file to set up multiple versions of the typical machine.

More Info

The Windows Setup Manager walks you through the most important parameters in an answer file, but there are other parameters that might be useful to you. For detailed information on each parameter, open the Deploy.chm file (help file) located in the same Deploy.cab file in which Setup Manager is located.

Insert a Windows 2000 CD-ROM in the computer and navigate to the \Support\Tools folder.
Extract the contents of the Deploy.cab file to a location on the hard drive.
Launch the Setupmgr.exe file from the location on the hard drive to which you copied the contents of the Deploy.cab file.
Click Next to begin using the wizard, and then choose the option to create a new answer file (Figure 5-10). The Windows 2000 Setup Manager Wizard walks you through creating or modifying answer files you can use to automate the installations.

Figure 5-10. The Windows 2000 Setup Manager Wizard's New Or Existing Answer File screen.
Choose the type of installation for which you want to create an answer file by choosing the appropriate installation type, as shown in Figure 511. Click Next.
Select the product for which you are creating an answer file.

Figure 5-11. The Windows 2000 Setup Manager Wizard's Product To Install screen.
Choose the level of interaction that will be available during Setup (see Figure 5-12), and then click Next (see the sidebar "Choosing and Interaction Level" for more information).

Figure 5-12. The Setup Manager Wizard's User Interaction Level screen.

Real World

Choosing an Interaction Level

When determining the level of user interaction you want to require, you have several choices, and the choice you make determines how much the person running the installation will need to attend to the process. Here's a more detailed explanation of the interaction levels:

Provide Defaults Uses the information in the answer file as default answers during the Windows 2000 installation. The user still has to confirm the defaults or make changes as the installation progresses.
Fully Automated Completely automates Setup by using the settings you specify in the provided answer file. This option is best for quickly setting up multiple systems with identical configurations. If any settings don't work properly (such as might happen if the answer file provides a computer name that's already in use), the installation will fail.
Hide Pages Automates the parts of Setup that you provide information for, but it requires the user to supply any information you didn't include in the answer file. Use this option to set up a system in a specific way, while still allowing the user some limited customization options. (The user sees only the parts of Setup that aren't covered in the answer file.)
Read Only Hides the parts of Setup you provide information for, just like the Hide Pages option. However, if a window with only partial answers is supplied in the answer file (and therefore not hidden from the user), the user can complete only the unanswered portion of the window. Settings provided in the answer file can't be changed during installation.
GUI Attended Automates the text-based portion of Setup. The person running Setup supplies answers for the Windows 2000 Setup Wizard. Use this level when you want to automate the text-based portion of Setup and allow the person running the installation to provide the settings during the GUI portion.

Supply the name and organization you want to use, and then click Next. (The dialog box says that if you leave the boxes blank, no name or organization will be specified in the answer file—but for a fully automated answer file, a name and organization are required.)
Specify the Licensing mode the servers will use, and, if necessary, how many concurrent connections you have licenses for; then click Next. See the section entitled Gathering Network Information earlier in this chapter for more information about licensing modes or any other setting in the Windows 2000 Setup Manager.
Create a list of computer names to use for the systems, as shown in Figure 5-13. Enter a computer name in the Computer Name text box, and then click Add. The Windows 2000 Setup Manager Wizard takes the names (if you have two or more) and creates a UDF that the setup program then queries for computer names, using each name only once. Make sure that the computer names are both DNS-compatible and NetBIOS-compatible if you want to maintain compatibility with pre-Windows 2000 clients.
Continue entering all the computer names necessary for the number of systems you plan to set up by using this answer file. To remove a name from the list, select the name, and then click Remove. To import a list of names from a text file, click Import. You can select Automatically Generate Computer Names Based On Organization Name to have Setup do it for you—the names will include a few letters from the organization's name but will be otherwise random and unhelpful. When you have finished, click Next.

Figure 5-13. The Setup Manager Wizard's Computer Names screen.
Use the next screen to specify how administrator account passwords for the systems are to be chosen.
The answer file that the Windows 2000 Setup Manager Wizard creates is an unencrypted text file. If you specify an administrator account password in the answer file, make sure that after installation, you change the administrator account password to something more secure.
Select the display settings for the computer to use during Setup in the next screen and then click Next.
Although Windows' default 640 by 480, 60 Hz, 16-color display is pretty horrific, you should use extreme caution here. If you set the screen area (resolution), colors, or refresh frequency too high for some systems, you could damage their monitor or leave them (temporarily) inoperable. We find that 800 by 600, 72 Hz and High Color (16 bit) is a safe setting that's also usable for end users, although if you're sure the hardware is up to it, you might increase the color depth to Full Color (24 bit).
Choose the Typical Settings option to install TCP/IP, enable DHCP, and install the Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks on the systems, or choose the Custom Settings option to specify how you want to configure the systems' network settings. Click Next.
In this screen you have the option to join the computer or computers to a domain or a workgroup. If the systems are going to be joining a workgroup, choose the Workgroup option and type in the appropriate workgroup name.
If the systems are going to be joining a domain, choose the Windows Server Domain option. Type the Windows Server domain name in the text box provided. To create an account for the computer in the domain, click the Create Computer Account In The Domain check box and supply a user name and password. The user name and password must be for a user account that has sufficient administrative privileges to authorize the creation of a computer account. Click Next to continue.

If you enter a user name and password with sufficient privileges to create a computer account in the domain for the new systems, you are introducing a security risk because the answer file stores all passwords in a plain text file with no encryption. The best solution is not to include administrative account passwords in an answer file, but if you feel you must, guard the file carefully and make sure you delete it after installation is completed.
In the next screen, specify the time zone the systems will use. Click Next.
At this point, sufficient information has been garnered to create the answer file, but you can specify additional settings as well. If you choose to not edit the additional settings, skip ahead to step 23. Otherwise, select Yes, Edit The Additional Settings and click Next.
Choose Regional Settings, where you specify (or decline to specify) the character set for the language and region where the computer will be used. This setting determines default views for times, date, currency, and other characters specific to a region.
In the Languages screen, select any additional language groups you want to use. Click Next.
In the Browser And Shell Settings screen, select the customization method for Internet Explorer. You can accept the defaults, use a custom autoconfiguration script created with the Internet Explorer Administration Kit, or specify the individual proxy and default home page settings.
In the Installation Folder screen, choose the folder into which you want to install Windows 2000. Use the default folder and install into a folder named \Winnt unless you have a specific reason to do otherwise.
Specify any network printers to install and then click Next.
Specify any commands to run the first time a user logs on and then click Next.
Choose Yes in the Distribution Folder screen to create a distribution folder, otherwise choose No. Click Next to move on.
If you choose to create a distribution folder from which the system will install Windows 2000, you'll be asked to specify whether a new folder should be created or an existing one modified (Figure 5-14). If you're going to install Windows 2000 from a CD-ROM, you won't need a distribution folder, so choose No.

Figure 5-14. The Setup Manager Wizard's Distribution Folder Name screen.

Setup Manager, by default, creates a distribution folder named \Win2000dist. Unfortunately, it doesn't create an \i386 subfolder, which causes integrated service pack installations to fail. Therefore, we recommend that you create an \i386 folder inside the distribution folder, and then move the contents of the distribution folder into the new \i386 folder.
To install mass storage drivers (typically drivers for newer SCSI adapters or Fibre Channel controllers), click Browse in the Provide Additional Mass Storage Drivers screen. You'll be prompted for the location of the drivers.
Specify a replacement HAL if one is needed. Click Browse and locate the HAL that the system manufacturer provided.
Enter any commands to run at the end of Setup in the Commands To Run text box, clicking Add after typing each command. Note that you can't run commands that require a user to be logged in. You can remove a command from the list by selecting the command and clicking Remove.
To customize the installation, you can include a logo or background to display during setup. A logo bitmap can be specified to run in the corner during the GUI portion of the installation. A background bitmap must be 640 by 480 with 16 colors and will display as the background during installation.
In the Copy Additional Files Or Folders screen, you can select files or folders to be automatically copied to the destination computer. The list can be expanded to a variety of folders. Select a folder and click Add Files. Then browse for the file or folder to add. Figure 5-15 shows the expanded list after a file has been selected for the \Windows folder on the destination computer.
If you have additional drivers for Plug and Play devices that aren't included with Windows 2000, copy them to the \Plug and Play Drivers folder on the system drive. Windows 2000 Setup searches this folder for drivers it couldn't locate.

Figure 5-15. The Setup Manager Wizard's Copy Additional Files Or Folders screen.
Type in the name and location for the answer file, and then click Next. Click Finish to end the wizard. The Setup Manager Wizard creates a batch file (with the same name as the answer file) that, when launched, starts Setup and uses the contents of the answer file. You can use this batch file or launch Setup with the appropriate parameters, including the parameter pointing to the answer file. (See Tables 5-3 and 5-4.)

If you created an answer file automating a CD-based installation, rename the Unattend.txt file Winnt.sif, place it on a floppy disk, and insert the floppy disk right after the computer boots from the Windows 2000 CD.

The batch files that Windows 2000 Setup Manager Wizard creates use the 32-bit version of Setup. If you don't have a 32-bit version of Windows on the machine where you're planning to install Windows 2000, modify the batch file to use the 16-bit Setup file by deleting the 32 from the third to the last line of the file. Also change the /unattend: parameter in the second to last line to /u:.

Using SysPrep to Clone Your Computer

Although creating answer files for running Windows 2000 Setup in an automated fashion is very convenient and can save a lot of time for administrators, you can go a step or two further than that under the right circumstances.

One way to further automate the setup process for a new machine is to "clone" an existing system. (One can also use Remote Installation Services in combination with IntelliMirror to achieve similar results, as discussed in Chapter 25.) The primary advantage of cloning a system is installation speed: a SysPrep-created disk image can usually be installed 45 to 60 minutes quicker than a normal installation.

Cloning works like this: First, install Windows and all of the applications you need on a single machine that is identical or very similar to the many machines on which you want to deploy Windows. Then prepare this system for cloning using SysPrep (which is available on the Windows CD) to clear out the SID and other computer identity information. Clone the configuration using a third-party disk-imaging program, such as PowerQuest's Drive Image or Norton Ghost, which copies and compresses the disk image to a network share. You can then boot up a blank system using the floppy disk created by the disk-imaging program, copy and uncompress the cloned disk image onto the new system, and be up and running in far less time than would be required to perform even a fully automated operating system and application installation.

However, this solution has some problems. First, the systems need to be fairly similar for the disk images to work on them. The computers don't have to be exactly the same because Windows leverages Plug and Play to detect changes to most system components. However, the systems do need to have identical mass storage controllers (SCSI controller or IDE chipset), as well as share the same HAL—no mixing ACPI systems with non-ACPI systems or uniprocessor systems with multiprocessor systems. Also, this process doesn't work for domain controllers, unless you script the DCPROMO process into the disk image.

Covering in detail how to use SysPrep and disk-imaging tools to mass deploy preconfigured computers is outside the scope of this book, but we can give you a taste of how it works. Thoroughly investigate these tools and experiment with them in a test environment before installing Windows throughout your organization using this procedure. The following steps summarize how to clone a system:

Install and configure Windows 2000 on the sample system.
Because a SysPrep-created operating system image can't be installed on a disk partition smaller than that on which the image was created, we recommend that you install Windows into a partition just large enough for Windows and any necessary applications. The destination computer's hard disk will be partitioned to the same size as the source computer's partition, but you can use the ExtendOemPartition entry in the Sysprep.inf file to extend the destination computer's system partition to fill the hard disk.
Install and configure any applications you want to deploy to all systems using this drive image.
Run the SysPrep program to remove all identity information from the system.
Clone the system using a third-party disk-imaging program, and save the disk image to the desired network share. The system you clone will need to be rebooted and run through the mini-Setup Wizard (see step 6) before it can be used again as a normal system. Use a floppy disk to boot the system you want to install the drive image onto and connect to the network share containing the drive image.
Use the drive image's client tools to expand the image file onto the new system's hard drive.
Reboot the system. A Windows 2000 mini-Setup Wizard runs, detecting any additional Plug and Play devices and hiding any missing devices. The wizard generates a new SID, and the system is then fully functional. (To force the mini-Setup Wizard to perform a full PnP detection process to eliminate rather than hide any missing devices, run SysPrep with the /PnP switch.)

You can optionally provide an answer file to modify individual machines' system configurations without re-creating the disk image. To do this, create an Unattend.txt file as you would normally, rename it Sysprep.inf, place it on a floppy disk, and insert the floppy disk right before the mini-Setup Wizard is launched.