Process for Deploying RIS

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The RIS deployment process consists of three phases including planning, design, and configuration and deployment. You will need a design team to handle the planning and design phases and a deployment team for the configuration and deployment phase.

Figure 4.1 illustrates the process steps for deploying RIS in your organization, followed by the deployment of an operating system.

Figure 4.1   Deploying RIS

RIS Deployment Teams

Design team personnel might consist of high-level system architects who make planning decisions and designers who are upper-tier administrators that choose the appropriate methods for carrying out the planning decisions. Deployment team personnel might consist of lower-tier administrators and technicians who implement the design decisions.

Some of the responsibilities of the design team include tasks such as evaluating the current environment, assessing RIS network security, and evaluating image requirements, in addition to designing the overall installation configuration, the supporting infrastructures, the RIS server configuration, and a RIS test environment.

Some of the responsibilities of the deployment team include tasks such as configuring the network infrastructure to support RIS, creating and configuring RIS servers, creating images, customizing answer files, creating client boot disks, and designing the Client Installation Wizard (CIW) process. The deployment team also deploys the operating systems.

RIS Technology Background

RIS was introduced in Microsoft® Windows® 2000 to allow server-based installation of an operating system onto client computers that do not currently contain one. Improvements to RIS in the Windows Server 2003 family are summarized in the following section.

New in Windows Server 2003

With the release of Windows Server 2003, RIS now supports the following new capabilities:

• Deployment of Microsoft® Windows® 2000 Professional, Microsoft® Windows® 2000 Server, Microsoft® Windows® 2000 Advanced Server, Windows XP Professional, and the Windows Server 2003 family operating systems.

• Automation of the CIW using the Autoenter feature.

• Enhanced cross-domain functionality.

• Increased security by adding a masked double-prompt administrator password.

• Automatic DHCP authorization with Risetup.exe.

• Auto-detection of the target system Hardware Abstraction Layer (HAL) type to allow filtering of images from the CIW.

• Support for the Recovery Console and support for Microsoft® Windows® Preinstallation Environment.

• Support for Microsoft® Windows® XP 64-Bit Edition Version 2003 and the 64-bit versions of the Windows Server 2003 family.

• Support for the Uniqueness Database in .sif files.

• Support for Secure Domain Join.

• Support for NTLM version 2 (NTLMv2)

• Support for encrytped local administrator password entries.

RIS Components

RIS consists of several components that facilitate the remote installation of client operating systems. To create the RIS server configuration, you must install the Remote Installation Services Windows component from Add or Remove Programs in Control Panel. This component configures and starts the following services:

Remote Installation Services (Binlsvc)   This service detects PXE-initiated DHCP requests from RIS clients and facilitates a response to those requests. Remote Installation also directs clients to files on the RIS server that initiate the installation process and then services CIW requests. In addition, Remote Installation checks Active Directory to verify client credentials, determines if a client can be serviced, and confirms whether to create a new computer account object or reset an existing account on behalf of the client. Also, if a client that is prestaged in Active Directory has settings specifying that a particular RIS server must answer the client, then Remote Installation facilitates the response to that client from the specified RIS server.

Note

• Remote Installation Services was formerly known as the Boot Information Negotiation Layer (BINL) service in Microsoft® Windows® 2000 and Windows XP Professional.

Trivial File Transfer Protocol Daemon (TFTPD)   A RIS server uses TFTP to download the CIW and the initial files needed to start the remote installation process on the client computer.

Note

• On a RIS server, TFTP is called a daemon or service (TFTPD) while on the client side it is referred to as a protocol (TFTP).

The first file that downloads is Startrom.com, which is a small bootstrap program that displays the Press F12 for Network Boot prompt to the client. If the user presses F12 within 3 seconds, the CIW downloads to the client so the installation process can begin. The file Startrom.com is located on your RIS server in the directory path \\ServerName\RemoteInstall\OSChooser\i386\.

Note

• For installations of Windows XP 64-Bit Edition Version 2003, the first file downloaded is Oschoice.efi It is not necessary to press F12 for these installations.

Single Instance Store (SIS) Service   SIS consists of an NTFS file system filter driver and a groveler agent that interacts with RIS images. The SIS service reduces the hard disk storage requirements for RIS images. SIS does this by monitoring the RIS server partition for duplicate files. Whenever the groveler agent finds a duplicate file, SIS copies the original file into a directory and an NTFS reparse point containing the current location, size, and attributes of the original file. This way, SIS retains only a single instance of the file while replacing duplicate files with links to the single instance. This enables SIS to store the duplicate files it finds in RIS images and reduce disk space usage on your RIS server.

Caution

• When backing up a RIS server, you must use an SIS-aware backup solution. Failure to use an SIS-aware backup solution while backing up a RIS server consumes unnecessary disk space while performing a restore operation and might result in some of your files not being restored. The backup program included in Windows Server 2003 is SIS-aware.

Remote Boot and Installation Setup Processes

RIS uses PXE technology to allow RIS clients without an operating system to initiate the boot sequence from their network adapters, thus facilitating operating system installations from remote network locations. To initiate the remote boot process and set up a RIS-based operating system installation, PXE interacts with the Dynamic Host Configuration Protocol (DHCP), the Remote Installation services, and the TFTPD, as shown in Figure 4.2.

Figure 4.2   RIS Installation Configuration

When you start a new PXE-enabled RIS client computer, the following sequence of events occurs:

1. The client computer initiates the communication by sending a DHCP Discover broadcast on its subnet. A DHCP server with an active scope for that subnet will issue an IP address to the client.

2. All Remote Installation servers that receive the client’s DHCP Discover broadcast extract (from the PXE data portion of the packet) the UUID of the client that is requesting service. The RIS server then queries its preferred domain controller to search for this UUID in all prestaged computer accounts in Active Directory.

   If the domain controller does not find the UUID in the local domain, the RIS server queries the global catalog to locate the client computer account. If the UUID is found in either location, the client computer is recognized as a known client; otherwise, it is an unknown client. If the client is unknown, it will only receive an answer from a RIS server that is configured to answer unknown clients, provided one exists on the network.

3. If the client is known, all available RIS servers query the domain to determine whether the prestaged client computer account has a setting that specifies that only a particular RIS server can answer the client.

   If this is the case, then only the designated RIS server answers the service request, and other RIS servers simply notify the client of the particular RIS server configured to answer it. If the client computer account does not have a setting that requires it to be answered by a particular server, any RIS server can answer the request. However, the client only receives service from the first RIS server it contacts.

4. The user receives a prompt to press the F12 key to initiate a network service boot request from the RIS server.

5. Using the TFTP daemon (service), the contacted RIS server downloads the CIW to the RIS client, along with all client dialog boxes contained within the CIW.

6. The CIW prompts the user to log on with a valid user name, password, and domain name.

7. The user receives an offering of operating system images hosted on the RIS server for installation on the client computer.

   The list of operating system images offered to the user is based on the user’s credentials or security group membership.

PXE Specifications

The published PXE specification defines the remote boot process and also establishes the PXE compliance standards for hardware manufacturers and other vendors. RIS uses PXE environment extensions to DHCP, an industry-supported technology, to allow workstations to do the following:

• Boot remotely using their network adapters to access bootstrap code from a network location.

• Install an operating system from a remote source to a client’s local hard disk.

The PXE environment is built upon Internet protocols and services that are widely used in the computer industry. This includes TCP/IP, DHCP, and TFTP. The PXE extensions to the DHCP protocol enable information to be sent to network-bootable systems and also allow these systems to locate remote installation services. For more information about PXE and the protocols required to support network booting, see the Preboot Execution Environment (PXE) Specification link on the Web Resources page at: https://www.microsoft.com/windows/reskits/webresources.

Note

• Network adapters that meet the PXE .99n specification should work correctly with RIS.

RIS Components

The following RIS components enable you to install, configure, and implement RIS in your organization.

Remote Installation Services   An optional Windows component that you can install with Windows Server 2003 or you can add it at any time after the operating system installation. Services that install with RIS include Remote Installation, TFTPD, and the SIS Groveler.

Remote Installation Services Setup (Risetup.exe)   You use this component to initially set up the RIS server and create at least one CD-based operating system image. You can initiate the setup process from the Start menu of your RIS server. By selecting Remote Installation Services Setup from the Administrative Tools group, a wizard starts and does the following:

• Requests preliminary information, including the installation folder name and the path to the operating system installation files.

• Copies Windows installation files.

• Updates the CIW screens.

• Creates a default answer file (Ristndrd.sif).

• Starts RIS services.

• Authorizes the DHCP server.

Note

• Risetup is also used to create any additional CD-based operating system images after the initial installation is created.

Remote Installation Preparation Wizard (Riprep.exe)   Riprep.exe allows you to create a customized image of an operating system such as Windows XP Professional. To create an image means that you create a replica of a hard disk that you can install on other computers in your organization. You use Riprep to image an existing Windows XP Professional operating system installation on a master computer and replicate that image to an available RIS server on your network. The image can include the operating system with default parameters applied, or the operating system with a preconfigured desktop, locally-installed applications, and drivers.

Remote Boot Floppy Generator (Rbfg.exe)   Rbfg.exe allows you to create remote boot floppy disks for some RIS clients that are not PXE-enabled, so that these clients can emulate the remote boot process and install an operating system over the network using RIS. However, for non PXE-enabled RIS clients to use the remote boot floppy disk, they must each have a supported Peripheral Component Interconnect (PCI) network adapter.

Client Installation Wizard (OSChooser)   The OSChooser is the client-side service of the CIW. It is a text-based program downloaded by the RIS server that allows the client to communicate with the RIS server during setup of the installation process. Remote Installation is the server-side component that sends a default set of CIW screens to guide the client through the remote installation process. Remote boot-enabled clients use the CIW to log on and select from operating system installation options. You can customize these setup screens to meet the needs of your organization.

Active Directory Users and Computers Extension for RIS (Dsa.msc)   When you create the RIS server, the Active Directory Users and Computers extension installs on the RIS server. The extension provides a Remote Install tab within the computer account Properties dialog box of each RIS server that allows you to administer the RIS server. You can start this extension by specifying the Microsoft Management Console (MMC) snap-in Dsa.msc in the Run dialog box or you can start it from the command line.

You can administer RIS locally or through a Terminal Services session on another network computer. You can also administer RIS from a computer running Windows XP Professional if you install the Adminpak.msi on that computer.

RIS Tasks

Table 4.1 describes some of the tasks that you might perform while using RIS, the corresponding RIS components you would use, and which users can perform the tasks.

Table 4.1   RIS Components, Tasks, and Users

RIS Technology Limitations

You can use RIS technology to install operating systems, with or without software applications, to portable and desktop computers in your organization, which include member servers, stand-alone servers, and domain controllers. However, limitations to the scope of RIS-based operating system installations include the following:

Clean Installs   You can only use RIS to provide a clean version of an operating system, with or without software applications. You cannot use RIS to upgrade an operating system or software configuration.

Server Components   If you use RIS to install a server operating system, you might not be able to include all the server components you want to provide with the RIS image. For example, some server components require that you install and configure them only after the RIS-based installation is complete. This can include components such as Certificate Services, Cluster service, or software that is dependent on Active Directory.

Domain controllers   You cannot install a preconfigured domain controller using a RIS image. However, you can use RIS to install a stand-alone server and then configure the server as a domain controller by running the Active Directory Installation Wizard.

Encryption and security settings   You cannot use RIS to deploy files that are encrypted with a system such as the Encrypting File System (EFS). Also, you cannot use RIS to deploy systems with preconfigured user-level security settings such as file and folder permissions. To configure these settings, you can run a script after completing your RIS-based installation.

Wireless networks   Wireless networks do not support pre-booting computers using PXE technology.

Multihomed computers   Multihomed RIS servers are supported if the network adapters service multiple separate subnets or if all network adapters service the same subnet. In both cases the RIS server must also be the DHCP server. The DHCP server must have active scopes for each subnet serviced and must be authorized for each IP address on the network adapters being serviced.

Supported operating systems   RIS has certain limitations depending on the operating system that you are installing. For more information about operating systems supported by RIS, see "Operating systems supported by Remote Installation Services" in Help and Support Center for Windows Server 2003.