Deploying Windows 2003 Using RIS

1
Deploying Windows 2003 Using RIS

• RIS Overview
• Implementing RIS
• Administering RIS
• RIS Frequently Asked Questions and Troubleshooting

2
RIS Overview

• Remote OS Installation Overview
• Remote Install Server Components
• Remote Install Client Components
• How the Remote OS Installation Process Works
• RIS Server and Client Requirements
• Network Cards Supported by RIS Boot Disk

3
Remote OS Installation Overview
4
Remote Install Server Components

• Boot Information Negotiation Layer (BINL)
• Trivial File Transfer Protocol Daemon (TFTPD)
• Single Instance Store (SIS)

5
Boot Information Negotiation Layer (BINL)

• Added during the RIS installation process and
  provides overall management of the RIS
  environment
• Responsible for answering client computer network
  service requests
• Responsible for querying Active Directory on
  behalf of the client computer
• Responsible for ensuring that the correct policy
  and configuration settings are applied to the
  client computer during the OS installation
• Ensures that the client is passed the correct
  files
• Makes sure the correct RIS server services a
  prestaged client
• Creates the client computer account object within
  Active Directory if the client computer has not
  been prestaged

6
Trivial File Transfer Protocol Daemon (TFTPD)

• Server-side TFTP service
• Responsible for hosting specific file download
  requests made by the client computer
• Used to download the CIW and all client dialog
  boxes contained within the CIW for a given session

7
Single Instance Store (SIS)

• Responsible for reducing disk space requirements
  on the volumes used for storing RIS installation
  images.
• When RIS is installed as an optional component,
  the administrator is prompted for a drive and
  directory where to install RIS.
• Attaches itself to the RIS volume and looks for
  any duplicate files that are placed on that
  volume.
• Creates a link to any duplicates found, thus
  reducing the disk space required.

8
Types of Remote Boot-Enabled Client Computers

• Computers with PXE DHCP-based remote boot ROMS
• Computers with network cards supported by the RIS
  boot disk

9
PXE Remote Boot Technology

• Remote OS Installation uses the PXE remote boot
  technology to initiate the installation of an OS
  from a remote source to a client hard disk.
• The remote source, a server that supports RIS,
  provides the network equivalent of a CD-based
  installation of Windows 2003 Professional or a
  preconfigured RIPrep desktop image.
• Windows 2003 Professional OS is currently the
  only installation option supported by RIS.
• Once images have been posted on the RIS
  server(s), end users equipped with PXE-based
  computers can request to install those images
  from any available RIS server on the network.
• Users can install the OS without administrator
  assistance, which saves both time and expense
  normally associated with OS installations.

10
CD-Based Installation

• Similar to setting up a workstation directly from
  the Windows 2003 Professional CD-ROM
• Differs from CD-ROM setup insofar as the source
  files reside across the network on available RIS
  servers

11
RIPrep Image Format

• Allows a network administrator to clone a
  standard corporate desktop configuration.
• After installing and configuring Windows 2003
  Professional, its services, and any standard
  applications on the computer, the administrator
  runs a wizard that prepares the installation
  image and replicates it to an available RIS
  server for installation on other clients.

12
How the PXE Remote Boot Technology Works

• PXE is a new form of remote boot technology.
• PXE enables companies to use their existing
  TCP/IP network infrastructure with DHCP to
  discover RIS servers on the network.
• Net PC/PC98-compliant systems can take advantage
  of the remote boot technology included in the
  Windows 2003 OS.

13
PXE Remote Boot ROM Boot Process
14
The RIS Boot Disk

• Provided by Windows 2003 for computers that do
  not contain a PXE-based remote boot ROM so that a
  remote boot disk can be created for use with RIS
• Used with a variety of PCI-based NICs
• Eliminates the need to retrofit existing client
  computers with new NICs to take advantage of the
  Remote OS Installation feature
• Simulates the PXE remote boot sequence and
  supports frequently used NICs

15
RIS Architecture
16
How the Remote OS Installation Process Works

• The process is the same for both the PXE remote
  boot ROM and the RIS boot disk boot processes.
• The process of contacting an RIS server and
  selecting an OS image is accomplished in a few
  steps.
• The process is simple from an end user
  perspective.
• An administrator can guide the user through a
  successful OS installation by predetermining the
  installation options available.
• An administrator can also restrict the OS
  image(s) available to a user, thus ensuring the
  correct OS installation type is offered to the
  user for a successful installation.

17
The Remote OS Installation Process

• Network service request
• BINL service
• Client Installation Wizard (CIW)
• User logon
• User options
• OS installation begins

18
CIW Installation Options
19
RIS Server Hardware Requirements

• Pentium or Pentium II 166 MHz 200 MHz or faster
  processor recommended
• 64 MB of RAM 96 to 128 MB if additional services
  such as Active Directory, DHCP, and DNS are
  installed
• 2 GB minimum hard disk or partition dedicated to
  the RIS directory tree RIS requires a
  significant amount of disk space
• 10 or 100 mbps NIC 100 mbps preferred

20
RIS Server Software Requirements

• DNS
• DHCP
• Active Directory

21
RIS Client Hardware Requirements

• Pentium 166 MHz or faster processor Net PC client
  computer
• 32 MB RAM minimum 64 MB recommended
• 800 MB hard disk drive
• Supported PCI Plug and Play NIC
• Optional PXE-based remote boot ROM version . 99c
  or later

22
Implementing RIS

• Implementing RIS
• Setting Up RIS
• Configuring RIS
• Creating an RIPrep Image
• Creating an RIS Boot Disk
• Verifying an RIS Configuration

23
Implementing RIS Overview

• Set up RIS
• Configure RIS
• Create an RIPrep image
• Create an RIS boot disk (optional)
• Verify the RIS configuration

24
Windows Components Wizard Dialog Box
25
Tasks to Configure RIS

• Authorize RIS servers
• Set RIS server properties
• Set RIS client installation options
• Set RIPrep image permissions

26
Authorizing RIS Servers

• Specifying the RIS servers that are allowed to
  run on the network can prevent unauthorized RIS
  servers, ensuring that only RIS servers
  authorized by administrators can service clients.
• Unauthorized RIS servers will be automatically
  shut down.
• An RIS server must be authorized before it can
  service client computers.

27
Remote Install Tab
28
New Clients Tab on the RIS Properties Dialog Box
29
Images Tab on the RIS Properties Dialog Box
30
Tools Tab on the RIS Properties Dialog Box
31
Setting RIS Client Installation Options

• Enables an administrator to control the options
  presented to different groups of users during the
  CIW.
• Four options can appear on the CIW Automatic
  Setup, Custom Setup, Restart A Previous Setup
  Attempt, and Maintenance And Troubleshooting.

32
Restart A Previous Setup Attempt

• Provided in case the installation of the OS fails
  for any reason
• Enables administrators to customize the CIW to
  ask a series of questions about the specific OS
  being installed
• When restarting a failed OS setup attempt, the
  end user is not asked these questions again.
• Instead, Setup restarts the file copy operation
  and completes the OS installation.

33
Maintenance And Troubleshooting

• Provides access to third-party hardware and
  software vendor tools.
• Range from system BIOS flash updates and memory
  virus scanners to a wide range of computer
  diagnostic tools that check for hardware-related
  problems
• Available before installing and starting the OS
  on the client computer
• If the option to display the Maintenance And
  Troubleshooting menu is enabled, user access to
  individual tool images is controlled in the same
  way as OS options, by setting specific end user
  permissions on the individual answer file (.sif)
  for that tool.

34
Choice Options Properties Dialog Box
35
Changes to RIS Policy

• Take effect only when the policy is propagated to
  the computer
• One of the following is done to initiate policy
  propagation
• Type secedit /refreshpolicy user_policy at the
  command prompt, and then press Enter.
• Restart the computer.
• Wait for automatic policy propagation, which
  occurs at regular, configurable intervals by
  default, every eight hours.

36
Setting RIPrep Image Permissions

• Enables administrators to guide users through the
  selection of the unattended OS installation
  appropriate for their role within the company.
• When an OS image is added to an RIS server, the
  image will be available to all users serviced by
  that RIS server.

37
Create an RIPrep Image

• Many organizations use disk imaging or cloning
  software to build and maintain standard desktops.
• Cloning software enables administrators to
  configure a client computer exactly how they want
  it, and then make a copy of that image for
  installation on client computers on the network.
• Remote OS Installation supports creation and
  installation of standard desktop images using
  RIPrep images.
• Before an RIPrep image can be created, the
  following tasks must be completed
• Create the source computer
• Configure the workstation

38
Creating the Source Computer

• The Remote OS Installation feature is used to
  remotely install the base Windows 2003
  Professional OS.
• Once the OS is installed, applications or
  application suites, including in-house LOB
  applications, are installed.
• The workstation is configured to adhere to
  company policies.

39
Configuring the Workstation

• When creating RIPrep images, understanding the
  relationship of user profiles, the changes made
  to an RIPrep source computer, and the desired
  result for users that log on to computers
  installed using the RIPrep image is important.
• Applications that carry the Certified for
  Windows logo properly separate user- and
  computer-specific configuration settings and
  data.
• Certified applications are also available to all
  users of systems later installed with the
  resulting RIPrep image.
• Non-Windows 2003compliant applications may
  perform and/or rely on per-user configurations
  that are specific to the profile of the user
  actually installing the application prior to
  running RIPrep, rather than to all users of the
  system.

40
Configuring the Workstation (cont)

• Applications that remain specific to that user
  may result in the application or configuration
  setting not being available or not functioning
  properly for users of computers installed with
  the RIPrep image.
• Some non-application configuration changes, such
  as the wallpaper specified for the user desktop,
  are by default applied only to the current users
  profile and will not be applied to users of
  systems installed with the RIPrep image.
• Any applications or configuration settings
  desired for use must be thoroughly tested.
• Some configuration settings can be copied
  directly from the profile where they were applied.

41
RIPrep Requirements

• The destination computer is not required to
  contain hardware identical to that of the source
  computer used to create the image.
• The destination computers disk capacity must be
  equal to or larger than that of the source
  computer.
• All copies of Microsoft software made or
  installed using RIS must be properly licensed.
• All copies of other software made or installed
  using RIS must be properly licensed.

42
RIPrep Limitations

• RIPrep currently supports replicating a single
  disksingle partition Windows 2003 Professional
  installation to an available RIS server.
• The OS and all applications must reside on the C
  partition prior to running the Remote
  Installation Preparation Wizard.
• The Remote Installation Preparation Wizard
  currently allows source image replication only to
  available RIS servers source replication to
  alternate drives or media types is not supported.
• Replication of encrypted files is not supported.
• Changes made in the source computers registry
  before running the Remote Installation
  Preparation Wizard are not maintained in the
  installation image.
• Modifications to replicated installation images
  are not supported.

43
Installation Image Sources

• The Remote Installation Preparation Wizard is
  used to create an installation image of a client
  computer that was originally installed using a
  retail version of Windows 2003 Professional.
• RIPREP.SIF must be modified to include the PID
  number.
• The PID is a unique identification number
  specific to each copy of Windows 2003
  Professional used to identify the OS installation
  and track the number of copies installed
  throughout an organization.

44
Including the PID in the RIPREP.SIF File

• Open the RIPREP.SIF file located at
  \RemoteInstall\Setup\applicable_language\Images\a
  pplicable_image_name\I386\Templates\RIPREP.SIF.
• Type ProductID xxxxx-xxx-xxxxxxx-xxxxx into
  the UserData section of the RIPREP.SIF file.
• The PID for each client installation is randomly
  generated using the PID entered in the RIPREP.SIF
  file.

45
Create an RIS Boot Disk

• A boot disk must be created to support existing
  client computers that do not have a PXE-based
  remote boot-enabled ROM but that do have a
  supported network adapter.
• The RIS boot disk works like the PXE boot
  process Turn on the computer, boot from the RIS
  boot disk, press F12 to initiate a network
  service boot, and the CIW is downloaded and
  starts.
• The rest of the RIS process is identical
  regardless of whether the client was booted using
  a PXE boot ROM or the RIS remote boot disk.

46
Remote Boot Disk Generator Dialog Box
47
Verifying an RIS Configuration

• RIS provides the ability to check the integrity
  of the RIS-enabled server.
• The RIS configuration can be verified if the
  server is suspected of failing, if inconsistent
  behavior is present, or if an RIS volume needs to
  be restored from backup.
• The Check Server Wizard checks whether all of the
  settings, services, and configuration options are
  correctly set and functioning.

48
Administering RIS

• Administering RIS
• Managing RIS Client Installation Images
• Managing RIS Client Computers
• Managing RIS Security

49
Managing RIS Client Computers

• Prestaging RIS client computers
• Finding RIS client computers

50
Prestaging RIS Client Computers

• The process of creating a valid client CAO within
  Active Directory.
• After RIS client computers are prestaged, the RIS
  servers can be configured to respond only to
  prestaged client computers.
• Ensures that only those client computers that
  have been prestaged as authorized users are
  allowed to install an OS from the RIS server.
• Saves time and money by reducing or eliminating
  the need to fully preinstall the computer.
• Enables administrators to define a specific
  computer name and optionally specify the RIS
  server to service the computer.
• This information is used to identify and route
  the client computers during the network service
  boot request.
• The appropriate access permissions must be set
  for users of the prestaged client computer.

51
New Object-Computer Dialog Box
52
Managed Dialog Box
53
Host Server Dialog Box
54
Finding RIS Client Computers

• Active Directory can be searched for RIS client
  computer accounts by using their computer name or
  GUID.
• The Show Clients feature searches for all client
  computers that are prestaged for this RIS server.
• The search process can include the entire Active
  Directory structure or can be limited to a
  specific domain.
• The search process returns a list of the client
  computers and displays them by their computer
  name and GUID.

55
GUID for Client Computers Overview

• The manufacturer supplies the computers GUID.
• The GUID must be in the form dddddddd-dddd-dddd-d
  ddd-dddddddddddd, where d is a hexadecimal text
  digit.
• Valid entries for the client GUID are restricted
  to the following 0 1 2 3 4 5 6 7 8 9 a b c d e f
  A B C D E F.
• Dashes are optional and spaces are ignored
  brackets must be included.

56
Locating the GUID for Client Computers

• Label on the side of the computer case
• Label within the computer case
• BIOS of the client computer

57
Find Remote Installation Clients Dialog Box
58
Tasks for Managing RIS Security

• Set permissions for creating computer accounts
• Creating prestaged computer accounts
• Creating user-created computer accounts
• Set permissions for joining computer accounts to
  a domain
• Joining computer accounts created in the
  Computers container to the domain
• Joining computer accounts created in OUs to the
  domain

59
Initiating Policy Propagation

• Type secedit /refreshpolicy machine_policy at the
  command prompt, and then press Enter.
• Restart the computer.
• Wait for automatic policy propagation, which
  occurs at regular, configurable intervals by
  default, occurs every eight hours.

60
RIS Frequently Asked Questions and Troubleshooting

• Frequently Asked RIS Questions
• Troubleshooting RIS

61
Symptom Command Settings Are Not Being Processed
During the Unattended Installation

• Cause When using the OemPreinstall yes
  setting in an .sif file, the correct directory
  information is required
• Solution Change the directory information to
  \RemoteInstall\Setup\applicable_language\Images\a
  pplicable_image_name\oem

62
Symptom Language Choice Options Are Not
Displayed During the CIW Session

• Cause
• By default, RIS uses the WELCOME.OSC file to
  manage the client installation image choices.
• For multiple language installation image options,
  the default WELCOME.OSC file needs to be replaced
  with the MULTILND.OSC file.
• Solution
• The CIW uses the WELCOME.OSC file located in the
  \RemoteInstall\OSChooser folder to manage client
  installation image choices.
• After WELCOME.OSC is removed and MULTILNG.OSC is
  renamed to WELCOME.OSC, the CIW will also offer a
  menu of multiple language choices to the user.
• The WELCOME.OSC file can be edited to create
  custom language options.

63
Symptom The Client Computer Is Prestaged to an
RIS Server But Is Being Serviced by a Different
Server

• Cause When a client computer is prestaged into a
  domain with multiple domain controllers, the
  replication delay of the CAO information can
  cause a client computer to be serviced by another
  RIS server
• Solution Wait for the computer account
  information to be propagated during the next
  scheduled replication session or modify the
  replication frequency between the domain
  controllers

64
Symptom Following the Restoration of a Backup of
an RIS Volume, RIS No Longer Functions Properly

• Cause Backup restored the volume without an SIS
  directory
• Solution Verify the configuration of the RIS
  volume and then restore the volume again