Using Remote OS Installation

The Remote OS Installation process is relatively straightforward from an end user perspective because your IT department does most of the work by having the following configurations in place:

• Defining how the operating system will be configured for each group of users.

• Limiting users to as few operating system configurations as you consider appropriate.

• Guiding the user through a successful operating system installation by predetermining which installation options, if any, the end user can modify.

Five major components of RIS are involved in Remote OS Installation:

• Remote Installation Services SetupB> (RISetup.exe).Used to set up the RIS server.

• Remote Installation ServicesB> Administrator.Used to configure Group Policy settings relating to RIS services.

• Remote Installation Preparation wizard (RIPrep.exe). Used to create operating system images and install them on the RIS server. You can also use RIPrep to create application images if you want to install an application with the operating system.

• Remote Installation boot floppy disk (RBFG.exe). Used to create a boot floppy disk, which is needed to install RIS-based operating systems on certain client computers.

• Client Installation wizard (OSChooser.exe). Used on the client computer to select the RIS image that the user needs to install.

All computers that meet the PC98 version 0.6 and later design specification will include a Pre-Boot Execution Environment (PXE) remote-boot ROM for Remote OS Installation. For existing client computers that do not contain a PXE ROM, you can use the Remote Installation boot floppy disk to create a floppy disk that will initiate the RIS process. The RIS remote-boot floppy disk can be used with a variety of supported Peripheral Component Interconnect (PCI)–based network adapters. For more information, see the Windows 2000 Hardware Compatibility List (HCL) on the Windows 2000 operating system CD and at the Microsoft Windows Hardware Compatibility List link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources .

Figure 24.2 illustrates the major steps for configuring Remote OS Installation. The following sections discuss key deployment planning issues that need to be addressed when using RISetup.exe, the Remote Installation Services Administrator snap-in, and RIPrep.exe.

Figure 24.2 Planning Steps for RIS Services

Configuring the Remote Installation Service

Remote Installation Service (RIS) is an optional component that you can install while you are installing Windows 2000 Server. Although much of this setup process is automatic, there are a number of basic and advanced settings that you can configure while RIS is being installed but before offering the service to users.

By default, RIS is not configured to service client computers immediately after it has been installed. If you want to, you can accept all the default RIS configuration settings and begin offering installation images to users based on these options. However, most organizations will customize RIS to better meet their IT and business requirements.

In order to configure RIS settings for both the RIS server and the client computer, you will need to use the Active Directory Users and Computers snap-in to the Microsoft Management Console (MMC). The server configuration options determine how a particular RIS server will respond to client computers requesting service. The client options can help you define how the RIS image is installed on the client computer.

The major configuration options that you can set using the Active Directory Users and Computers snap-in include:

Define automatic client computer naming format    Allows you to determine whether the computer name (which is generated automatically) is to be based on the user's name, the user's last name followed by first name, or a custom naming format specific to your organization. The default is the user name

Define the default Active Directory location for the creation of all Machine Account objects    You can select default Active Directory containers or organizational units (OUs), or you can create a new Active Directory OU specifically for RIS clients. The default setting is the Computers container.

Prestage client computers within Active Directory prior to servicing    This option allows you to define which client computer accounts within Active Directory can use Remote OS Installation. To use this option, you will need to specify the client computer name, the default Active Directory location, the client computer's globally unique identifier (GUID), and, optionally for load-balancing purposes, which RIS server will support specific clients. The default setting is No Prestaged Clients.

Offer third-party ISV maintenance and troubleshooting tools    Gives administrators and—if you allow it—end users access to pre-installation maintenance and troubleshooting tools from independent software vendors (ISVs). Such tools might, for example, upgrade the system basic input/output system (BIOS), check for viruses, perform computer diagnostics, or inventory the system prior to the operating system installation. The default setting is No Tools Installed.

Add more operating system images in either CD or RIPrep format    This option allows you to add new operating system versions or RIPrep images to existing RIS servers within the enterprise, or to associate a variety of unattended installation templates to existing operating system images. For example, you can use this option to set up multiple RIPrep images, each of which could then be made available only to the appropriate users in your organization. The default setting is CD-Based Windows 2000 Image.

Remotely configure RIS servers from Windows 2000 Professional workstations    By enabling this option, you can remotely manage many RIS options on any RIS server in the domain or enterprise. The default setting is N/A, meaning that most of the configuration options described here can also be performed from a computer running Windows 2000 Professional and has been enabled to perform administrative tasks.

Supports coexistence of multiple-vendor installation servers    This option supports organizations with remote installation and boot servers other than Windows 2000 operating on the same physical network. This option is normally used in conjunction with the prestaging option described earlier, so that RIS does not interfere with pre-existing remote-boot servers that use the same remote-boot protocols. The default setting is Disabled.

There are three additional configuration options that you can define outside of the RIS Server property page. These options are determined both by using Group Policy settings and by setting specific security descriptors, or access control lists (ACLs) on operating system images you want to restrict from users:

Define available client installation options    This option uses Group Policy to restrict the installation options for a group of users. For example, you might not want some users to access the maintenance and troubleshooting tools menu or the Custom setup option. The default setting is to make automatic setup available to all users. No other installation options are available.

Define available operating system installation choices    This option uses security descriptors to specify which users should have access to the operating system images available on the RIS server. You can use this feature to guide users to the unattended operating system installation appropriate for their role in the organization. By default, all images are available to all users.

Authorization of RIS servers for rogue server prevention    This option prevents unauthorized RIS servers from servicing clients on the organization's network. You must authorize which RIS servers can provide installations to remote boot–enabled clients. There is no option to change this.

Preparing Client Operating System Images

RIS supports two types of operating system images, CD-based images and RIPrep images. In the simplest case, you can offer users straight CD-based operating system installation, which installs Windows 2000 Professional in an unattended manner.

If you want to configure custom installations of Windows 2000 Professional without creating a separate image for every type of client computer and every piece of hardware installed on that computer, RIS provides this capability by taking advantage of the improved Plug and Play support in Windows 2000 to detect the differences between the source and destination computers at installation time.

Note

If the hardware abstraction layer (HAL) drivers of your client computers are not the same, you will not be able to configure custom installations of Windows 2000 Professional without creating a separate image for every type of client computer and every piece of hardware installed on that computer. However, most workstation-class and desktop-class computers do not require unique HAL drivers as server class computers do. Unique HAL drivers most commonly differentiate client computers that support the Advanced Configuration Power Interface (ACPI) and computers that do not support ACPI.

RIPrep can be used to prepare an existing Windows 2000 Professional image, including any locally installed applications or configuration settings, and replicate that image to a RIS server on the network. By including a basic suite of applications in your RIS images, you can dramatically reduce the amount of work involved in setting up a client computer. For more information about packaging applications for deployment with RIS and IntelliMirror, see "Using Group Policy to Improve Software Management" later in this chapter.

Client Installation Options

To run RIPrep, you need to answer a few basic questions, such as the location of the server that the image will be stored upon. After these questions have been answered, the RIPrep wizard configures the image to a generic state by removing anything unique to the computer, such as the computer's unique security identifier (SID), and then replicates it to the RIS server.

You can use Group Policy to configure the following client installation options when setting up RIS:

Automatic Setup    All users have default access to the Automatic setup option. If you also grant access to a single operating system image, the operating system installation starts as soon as the user logs on, without requiring the user to answer any questions. If you decide to offer users multiple operating system installation types, limit the number to three to five options to minimize confusion and to help ensure that your users select the operating system that best meets their needs and role within the organization.

Custom Setup    The Custom setup option enables you or your Help desk staff to set up a computer for someone else in the organization. It does this by allowing you to override the rules that govern automatic computer naming and where the computer account is created. This is because it might not be appropriate to name the computer or to locate the computer account based on the Group Policy settings that apply to the administrator or Help desk person. You can use this option to preinstall a client computer or when IT or Help desk staff must physically visit an end user to set up or reinstall their computer.

Restart a Previous Setup    Under this option, you can avoid asking the user to re-answer any questions about the operating system being installed. For example, if a user has already been asked the organization name, department name, or video resolution, the Restart option ensures that they do not have to answer these questions a second time if they are restarting after a failed installation. This option does not restart the installation at the point of failure. It also will not attempt to fix any problems that occurred with the previous setup attempt.

Maintenance and Troubleshooting    This option provides access to third-party hardware and software tools such as BIOS updates and virus scanners. If you provide access to installation tools, allow access only to tools that cannot damage the computer or cause further problems.