Remote Installation Service (RIS)

 

In the Nexus system, we currently have 2 method of operating system deployment.

 

RIS is a Microsoft tool for deploying of Windows2000 operating system through the network without the need to physically visit each client computers. RIS is a part of a management system called IntelliMirror with User Data Management, Software Installation, and Maintenance.

 

Components and Role of RIS:

 

The process includes three components:

 

1.)      RIS services are hosted on Windows 2000 servers. The servers can either be domain controllers or member servers.

2.)      RIS clients can connect to a RIS server upon start-up to remotely install Windows 2000 Professional or run diagnostic maintenance utilities.

3.)      Images are the operating system only. RIS supports two type so f images: CD-based and Remote Installation Preparation (RIPrep). RIS also only supports the remote installation of Windows 2000 Professional. It does not support remote installation of the Windows 2000 server line nor images created by third-party imaging utilities.*

 

* Sysprep uses third-party imaging utilities (See Sysprep-HOWTO)

 

Network Services:

 

RIS requires that several services be running on the network for it to function. They can run on the same computer as RIS or on other computers located on the network.

 

 

Disk Space requirements:

 

RIS server requires a minimum of 2G of disk space for the installation of W2K Professional source files and support files. The hard disk must have a least 2 partitions – one for the server OS and the other for the RIS images. The RIS image partition must be in NTFS file system.

 

Configuring and Starting RIS:

 

  1.  To install RIS, select “Control Panel | Add/Remove Programs | Add/Remove Windows Component”.
  2. Select the “Remote Installation Services” checkbox.
  3. Complete the wizard

 

Start the RIS set-up to create the initial CD-based image

 

  1. Click Start | Run
  2. Type “risetup” and click OK.
  3. Follow the on-screen instructions when the RIS set-up wizard starts. You will be prompted to provide information to the following:

 

RIS folder location:

Specify the NTFS partition and folder on the RIS server where you want to install the supporting files and RIS images.

 

Initial settings:

Specify how the RIS server will respond to clients requests:

 

  • Default is “does not respond to client requests”.
  • Respond to all client requests
  • Respond only to requests from pre-staged computer accounts

 

RIS source files location:

Specify the location of the W2K Pro source files that will be user to create the initial CD-based image.

 

Windows installation image folder name:

Specify the folder within the RIS installation folder where the initial CD-based imaged is created.

 

Description and help text:

Specify the description for the initial CD-base image.

 

 

Authorizing the DHCP/RIS server:

 

If DHCP service is already installed, skip to step 4.

 

  1. To install RIS, select “Control Panel | Add/Remove Programs | Add/Remove Windows Component”.
  2. Select “Networking Service | DHCP” checkbox.
  3. Complete the wizard.
  4. Click on “Start | Settings | Control Panel | Administrative Tools | DHCP”
  5. In the console tree, right –click “DHCP”, then “Manage authorized servers | Authorized”.
  6. When prompted, type the name or IP of the RIS server to be authorized, and then OK.

 

* User must the Administrator to authorize a DHCP or RIS server.

 

Assigning User Permissions:

 

  1. To assign users the permission to create computer objects in AD, use “Active Directory Users and Computers”.
  2. Right-click the OU where you want to allow users to create computer objects and click “Delegate Control”.
  3. Follow the wizard and set permissions.

 

 

Pre-staging Client Computers:

 

Pre-staging means pre-configuring a computer account for the client computer in AD and optionally assigning it to a designated RIS server. If you assign a client to a RIS server, only the designated RIS server will respond to requests from that client computer.

 

Pre-staging is primary done for security reasons. It prevents unknown RIS clients from obtaining images, thereby preventing users from joining unauthorized computers to the domain or from illegally installing software. It is also provide load balancing to ensure that no single server responds to a disproportionate number of installation requests.

 

Globally Unique Identifier (GUID)

 

For computers starting from a RIS boot disk, the GUID is the MAC address of the network adapter, padded with leading enough zeroes to ensure that the GUID is 32 characters in length. It is in the following form:

 

e. g. {00000000-0000-0000-0000-00A2B38A7D07}

 

For computers booting with a motherboard embedded PXE capable network card or computers from brand name companies (e.g. IBM, DELL, COMPAQ), the GUID is a string of 32 characters that can be found in the motherboard’s BIOS, label on the side of the computer case, or within the computer case.

 

e. g. {921FB874-DE23-11B9-CD2E-BD0023F23198}

 

 

Pre-staging With a Known GUID:

 

In Active Directory

 

  1. In “Active Directory Users and Computers”, right-click the OU where you want to create the computer account, click “NEW” then click “COMPUTER”.
  2. In dialog box, type a computer name, then NEXT.
  3. Select “this is a managed computer” checkbox, type the computer GUID, then NEXT.
  4. Type the fully qualified name of the RIS server under “specify the remote installation server to support this client | the following remote installation server”.
  5. Click Next, and then Finish.

 

Using Adman (Single Machine)

 

  1. Click Start | Run.
  2. Type “net use z: \\hope\adman /user:nexus\username” and click OK.
  3. Authenticate yourself.
  4. Click Start | Run.
  5. Type “cmd” and click OK.
  6. In the command prompt type z:\adman

 

- base //nexus/faculties/engineering/engineering computing/development/hon’s office

- addpc Noriko-chan /bootguid=0x123456 /server=nausicaa.uwaterloo.ca /path=c:\temp\temp.txt

- modify Noriko-chan /location="CPH 2374H"

- quit

 

Scripting using Adman (Multiple Machines)

 

  1. Create a DOS text file with all the computer information in it.

 

e. g.   temp.txt

 

addpc TEST-A01     /bootguid=0x000000000000000000000003D38a7d07            /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A02     /bootguid=0x000000000000000000000003D38C8FFB           /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A03     /bootguid=0x000000000000000000000003D38AB180          /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A04     /bootguid=0x000000000000000000000003D38C8AF5          /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A05     /bootguid=0x000000000000000000000003D35FF980           /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A06     /bootguid=0x000000000000000000000003D38A8B6C          /server=nausicaa /path=c:\temp\temp.txt

addpc TEST-A07     /bootguid=0x000000000000000000000003D38A8B68          /server=nausicaa /path=c:\temp\temp.txt

 

 

Creating a RIS Start-up Disk

 

There are 2 ways of installing a RIS image on a client computer: one by using network adapters that meet the PXE specification and second by using a RIS start-up diskette. If a computer has a supported PXE network adapter, you can initiate a RIS session by pressing F12 when prompted after boot up. The RIS start-up disk simulates the PXE start-up process for computers with network adapters that do not support PXE.

 

You can use the same RIS start-up disk on any client computer that has one of the supported network adapters installed. You do not need to create a separate start-up disk for each type of network adapter.

 

i.e. Intel Pro/100B RIS driver will work with Intel Pro/100 network adapters (Pro100/Pro100B/Pro100+)

 

RIS start-up disk creation:

 

1.)      On any Windows 2000 computer, click Start | Run.

2.)      In the open box, type \\[RIS server]\remiinst\admin\i386\rbfg.exe

3.)      A “Remote Boot Disk Generator” program will appear. Insert a blank diskette into the floppy drive, select the right network adapter driver and click “create disk”.

 

Note: Remember not all network adapters are supported by the Remote Boot Disk Generator and not all adapters meet PXE specification. Check the Generator program first for supported adapters before any purchases are made.

 

 

Deploying Images by Using RIS

 

Modifying the Installation of a CD-based Image

 

When you first install RIS, the CD-bases image and a standard answer file is created for you. After the image is created, you can configure the answer file (ristandard.sif) or create an additional answer file using the “Setup Manger” wizard.

 

An answer file is a text file that contains the information that the user would usually need to supply during setup of Windows 2000 Professional. It uses the same format as the unattended.txt file used in unattended installations in Windows NT 4.0 and Windows 2000.

 

You can deploy partial or fully unattended set up of Windows 2000 Professional. You can configure the answer file so that the image is installed with little or no user intervention. You can also deploy to a group of computers that require custom settings.

 

Partitioning Using the Answer File

 

The answer file supports a hard disk partitioning section ([RemoteInstall]) that contains the repartition parameter. If this value is not specified or set to “yes”, a RIS install will delete all partitions on the client computer and format that drive with one NTFS partition. If this value is set to no, RIS will use the default parameters in the answer file.

 

e. g. [RemoteInstall]

                repartition = no

 

 

Associating an Answer File with an Image

 

You can associate multiple answer files with a single image. It is a very useful method of adding new configuration of an image without having to re-copy all of the files for the image.

 

1.) Local the name of the RIS server in Active Directory Users and Computer, then right-click “Properties”.

2.) Click “Remote Install” tab, then click on “Advanced Settings”.

3.) In “Remote Installation Services Properties”, click “Images”, then “Next”.

4.) Click “Associate a new answer file to an existing image” when the “Add” wizard starts, then click “Add”.

5.) Select the location of the answer file on the “Unattended Setup Answer File Source” page, then click “Next”.

6.) Follow the on-screen directions to finish the process.

 

Restricting Images

 

By default, all images that are created are available to all users. This is a security hole when all users can an answer file contains the local administrative password to the workstation in plain text. However, you can restrict the images that are available by setting the NTFS file system permissions on the answer file. By setting permissions, it allows you to determine which images a user can select and download.

 

1.)      In Windows Explorer, right-click the answer file that you want to restrict, then click “Properties”.

2.)      Click on the “Security” tab, click “Everyone”, then click “Remove”.

3.)      Click “Add”.

4.)      Select “Select Users, Computers, or Groups” button, select the security group or individual user that you want to have access to the image, then click “Add”.

 

NOTE: The default permissions (Read and Read & Execute) are the only permissions that the user will need to install the image.

 


Last updated: Jan 03, 2002 13:38:41 EDT 2002 by Hon