Remote Installation Service (RIS)
In the Nexus system, we currently
have 2 method of operating system deployment.
RIS is a Microsoft tool for
deploying of Windows2000 operating system through the network without the need
to physically visit each client computers. RIS is a part of a management system
called IntelliMirror with User Data Management, Software Installation, and
Maintenance.
Components and Role of RIS:
The process includes three components:
1.)
RIS services are
hosted on Windows 2000 servers. The servers can either be domain controllers or
member servers.
2.)
RIS clients can
connect to a RIS server upon start-up to remotely install Windows 2000
Professional or run diagnostic maintenance utilities.
3.)
Images are the
operating system only. RIS supports two type so f images: CD-based and Remote
Installation Preparation (RIPrep). RIS also only
supports the remote installation of Windows 2000 Professional. It does not
support remote installation of the Windows 2000 server line nor images created
by third-party imaging utilities.*
* Sysprep uses third-party
imaging utilities (See Sysprep-HOWTO)
Network Services:
RIS requires that several
services be running on the network for it to function. They can run on the same
computer as RIS or on other computers located on the network.
Disk Space requirements:
RIS server requires a minimum
of 2G of disk space for the installation of W2K Professional source files and
support files. The hard disk must have a least 2 partitions – one for the server
OS and the other for the RIS images. The RIS image partition must be in NTFS
file system.
Configuring and Starting RIS:
Start
the RIS set-up to create the initial CD-based image
RIS folder location: |
Specify the NTFS
partition and folder on the RIS server where you want to install the
supporting files and RIS images. |
Initial settings: |
Specify how the RIS server
will respond to clients requests:
|
RIS source files location: |
Specify the location of the
W2K Pro source files that will be user to create the initial CD-based image. |
Windows installation image folder name: |
Specify the folder within
the RIS installation folder where the initial CD-based imaged is created. |
Description and help text: |
Specify the description for
the initial CD-base image. |
Authorizing the DHCP/RIS server:
If DHCP service is already
installed, skip to step 4.
* User must the Administrator
to authorize a DHCP or RIS server.
Assigning User Permissions:
Pre-staging Client Computers:
Pre-staging means pre-configuring
a computer account for the client computer in AD and optionally assigning it to
a designated RIS server. If you assign a client to a RIS server, only the
designated RIS server will respond to requests from that client computer.
Pre-staging is primary done
for security reasons. It prevents unknown RIS clients from obtaining images,
thereby preventing users from joining unauthorized computers to the domain or
from illegally installing software. It is also provide load balancing to ensure
that no single server responds to a disproportionate number of installation
requests.
Globally Unique Identifier
(GUID)
For computers starting from a
RIS boot disk, the GUID is the MAC address of the network adapter, padded with
leading enough zeroes to ensure that the GUID is 32 characters in length. It is
in the following form:
e. g.
{00000000-0000-0000-0000-00A2B38A7D07}
For computers booting with a
motherboard embedded PXE capable network card or computers from brand name
companies (e.g. IBM, DELL, COMPAQ), the GUID is a string of 32 characters that
can be found in the motherboard’s BIOS, label on the side of the computer case,
or within the computer case.
e. g.
{921FB874-DE23-11B9-CD2E-BD0023F23198}
Pre-staging With a Known GUID:
In Active Directory
Using Adman (Single Machine)
- base
//nexus/faculties/engineering/engineering computing/development/hon’s office
- addpc
Noriko-chan /bootguid=0x123456
/server=nausicaa.uwaterloo.ca /path=c:\temp\temp.txt
- modify Noriko-chan /location="CPH 2374H"
- quit
Scripting using Adman (Multiple Machines)
e. g. temp.txt
addpc TEST-A01 /bootguid=0x000000000000000000000003D38a7d07 /server=nausicaa /path=c:\temp\temp.txt
addpc TEST-A02 /bootguid=0x000000000000000000000003D38C8FFB /server=nausicaa
/path=c:\temp\temp.txt
addpc TEST-A03 /bootguid=0x000000000000000000000003D38AB180 /server=nausicaa
/path=c:\temp\temp.txt
addpc TEST-A04 /bootguid=0x000000000000000000000003D38C8AF5 /server=nausicaa
/path=c:\temp\temp.txt
addpc TEST-A05 /bootguid=0x000000000000000000000003D35FF980 /server=nausicaa
/path=c:\temp\temp.txt
addpc TEST-A06 /bootguid=0x000000000000000000000003D38A8B6C /server=nausicaa
/path=c:\temp\temp.txt
addpc TEST-A07 /bootguid=0x000000000000000000000003D38A8B68 /server=nausicaa
/path=c:\temp\temp.txt
Creating a RIS Start-up Disk
There are 2 ways of
installing a RIS image on a client computer: one by using network adapters that
meet the PXE specification and second by using a RIS start-up diskette. If a
computer has a supported PXE network adapter, you can initiate a RIS session by
pressing F12 when prompted after boot up. The RIS start-up disk simulates the
PXE start-up process for computers with network adapters that do not support
PXE.
You can use the same RIS
start-up disk on any client computer that has one of the supported network
adapters installed. You do not need to create a separate start-up disk for each
type of network adapter.
i.e. Intel Pro/100B RIS driver will work with Intel
Pro/100 network adapters (Pro100/Pro100B/Pro100+)
RIS start-up disk creation:
1.) On any Windows 2000 computer, click Start | Run.
2.) In the open box, type \\[RIS
server]\remiinst\admin\i386\rbfg.exe
3.) A “Remote Boot Disk Generator” program will appear.
Insert a blank diskette into the floppy drive, select the right network adapter
driver and click “create disk”.
Note: Remember not all
network adapters are supported by the Remote Boot Disk Generator and not all
adapters meet PXE specification. Check the Generator program first for
supported adapters before any purchases are made.
Deploying Images by Using RIS
Modifying the Installation of a CD-based Image
When you first install RIS,
the CD-bases image and a standard answer file is created for you. After the
image is created, you can configure the answer file (ristandard.sif)
or create an additional answer file using the “Setup Manger” wizard.
An answer file is a text file
that contains the information that the user would usually need to supply during
setup of Windows 2000 Professional. It uses the same format as the
unattended.txt file used in unattended installations in Windows NT 4.0 and
Windows 2000.
You can deploy partial or
fully unattended set up of Windows 2000 Professional. You can configure the
answer file so that the image is installed with little or no user intervention.
You can also deploy to a group of computers that require custom settings.
Partitioning Using the Answer File
The answer file supports a
hard disk partitioning section ([RemoteInstall]) that
contains the repartition parameter. If this value is not specified or set to
“yes”, a RIS install will delete all partitions on the client computer and
format that drive with one NTFS partition. If this value is set to no, RIS will
use the default parameters in the answer file.
e. g. [RemoteInstall]
repartition = no
Associating an Answer File with an Image
You can associate multiple
answer files with a single image. It is a very useful method of adding new
configuration of an image without having to re-copy all of the files for the
image.
1.)
Local the name of the RIS server in Active Directory Users and Computer, then
right-click “Properties”.
2.)
Click “Remote Install” tab, then click on “Advanced Settings”.
3.)
In “Remote Installation Services Properties”, click “Images”, then “Next”.
4.)
Click “Associate a new answer file to an existing image” when the “Add” wizard
starts, then click “Add”.
5.)
Select the location of the answer file on the “Unattended Setup Answer File
Source” page, then click “Next”.
6.)
Follow the on-screen directions to finish the process.
Restricting Images
By default, all images that are
created are available to all users. This is a security hole when all users can
an answer file contains the local administrative password to the workstation in
plain text. However, you can restrict the images that are available by setting
the NTFS file system permissions on the answer file. By setting permissions, it
allows you to determine which images a user can select and download.
1.)
In Windows
Explorer, right-click the answer file that you want to restrict, then click
“Properties”.
2.)
Click on the
“Security” tab, click “Everyone”, then click “Remove”.
3.)
Click “Add”.
4.)
Select “Select
Users, Computers, or Groups” button, select the security group or individual
user that you want to have access to the image, then
click “Add”.
NOTE: The default permissions (Read and Read & Execute) are the only
permissions that the user will need to install the image.
Last updated: Jan 03, 2002