Step-by-Step Guide to Remote OS Installation

One of the most challenging and costly functions performed by IT staff today is deploying a new operating system to client computers on a network. Remote OS Installation was created to ease deployment throughout an enterprise network by eliminating the need to physically attend to each client computer. This document outlines the steps necessary to install, configure, and use Remote Installation Services (RIS).

Introduction

Remote Installation Services (RIS) ships as part of the Windows® 2000 Server operating system. This document outlines the steps necessary to install, configure, and use RIS.

RIS was designed to reduce the costs incurred by pre-installing or physically visiting each client computer to install the operating system (OS). By combining RIS with other Windows 2000 IntelliMirror™ management technologies features—User Data Management, Software Installation and Maintenance, and User Settings Management—companies benefit from better disaster recovery with easier OS and application management.

Prerequisites

See Appendix A below to ensure that both your server and client hardware meet the remote installation hardware requirements.

The drive on the server where you choose to install RIS must be formatted with the NTFS file system. RIS requires a significant amount of disk space and cannot be installed on the same drive or partition on which Windows 2000 Server is installed. Ensure that the chosen drive contains enough free disk space for at least one full Windows 2000 Professional compact disc—a minimum of approximately 800 megabytes (MB)–1 gigabyte (GB).

RIS requires several other services that also ship as part of Windows 2000 Server. These services can be installed on individual servers, or all on a single server, depending on your network design:

• Domain Name Service (DNS) Server. Remote installation relies on DNS for locating the directory service and client machine accounts. You can use any Windows 2000 Active Directory^TM service-compliant DNS server, or you can use the DNS server provided with Windows 2000 Server.
• Dynamic Host Configuration Protocol (DHCP) Server. RIS requires a DHCP server to be present and active on the network. The remote boot-enabled client computers receive an IP address from the DHCP server before contacting RIS.
• Active Directory. RIS relies on Windows 2000 Active Directory for locating existing client machines as well as existing RIS servers. RIS must be installed on a Windows 2000-based server that has access to Active Directory. This can be a domain controller or a server that is a member of a domain with access to the Active Directory.

To ensure a successful installation, you must install and configure the additional services described above in order for RIS to function. In addition, make sure that you have both the Windows 2000 Server and Professional CDs available.

Before beginning this step-by-step guide, you need to build the common infrastructure, which specifies a particular hardware and software configuration. The common infrastructure is covered in the Common Infrastructure step-by-step guide, “Part 1: Installing a Windows 2000 Server as a Domain Controller”. If you are not using the common infrastructure, you need to make the appropriate changes to this instruction set.

Although not required, we also recommend reading and performing the exercises available in the Step-by-Step Guide to Understanding the Group Policy Feature Set. It addresses how Group Policy works and can be applied in the context of remote installations.

Prerequisites for Client Installations

Ensure that the client computer’s network card has been set as the primary boot device within the system BIOS. When the client computer boots and is configured with the network card as the primary boot device, it requests a network service boot from the remote installation server on the network. Once contacted, the RIS server prompts users to press the F12 key to download the Client Installation wizard. Users should be instructed to press F12 only if prompted, and only if they need a new OS installation or access to maintenance and troubleshooting tools. Once the OS has been installed via RIS, the user can ignore the request to press F12 during future client computer reboots. If using the RIS boot floppy disk, simply insert the boot floppy into the drive and start the client computer. The computer boots from the floppy disk, and the user is requested to press F12 to initiate the network service boot.  When the RIS boot floppy disk is used, the user must remove the boot floppy at some point after pressing F12 and before the text mode portion of setup completes.

Note : Compaq computer systems provide the ability to press the F12 key during power up on PC98 or Net PC-based systems. In this case, the user is required to press F12 on the Compaq Splash screen, and then press F12 again when prompted by the RIS server.

Installing the Windows 2000 Remote Installation Services

The following instructions help you install, configure, and use the Windows 2000 Remote Installation Services.

Install Remote Installation Services

1. On a Windows 2000 Server, click Start, point to Settings, and click Control Panel.
2. Double-click Add/Remote Programs.
3. Double-click Add/Remove Windows Components.
4. Scroll down and select Remote Installation Services and Click Next.
5. Insert the Windows 2000 Server CD-ROM into the CD drive and click OK . The necessary files are copied to the server.

Note: After the CD is entered, a dialog box asks if you want to upgrade to the operating system. Click No and exit this screen.

6. Click Finish to end the wizard.
7. You are prompted to restart your computer. Click Yes.
8. When the server is done rebooting, logon as a local administrator.

To set up Remote Installation Services

1. Click Start, click Run, and type RISetup.exe. This starts the Remote Installation Services (RIS) Setup wizard.
2. The Welcome screen appears, indicating some of the requirements to successfully install RIS. Click Next.
3. The next screen prompts you to enter the server drive and directory where you would like to install the RIS files. The default drive and directory will be the largest non-system, non-boot, NTFS-formatted drive. In our example, this would be E:\RemoteInstall. Click Next.

Note: The drive on which you choose to install RIS must be formatted with the NTFS file system. RIS requires a significant amount of disk space and cannot be installed on the same drive or partition on which Windows 2000 Server is installed. Ensure that the chosen drive contains enough free disk space for at least one full Windows 2000 Professional compact disc —a minimum of approximately 800 MB–1GB.

4. The setup wizard prompts you to either enable RIS at the end of setup, or disable the service to allow modification of specific server options before servicing client computers. These options are:
   • Respond to clients requesting service. This option controls whether this RIS server responds to client computers requesting service at the end of setup. If this option is checked, the server will respond to clients and provide them with OS installation options. If unchecked, this RIS server will not respond to clients requesting service.
   • Do not respond to unknown client computers. This option controls whether this server responds to unknown client computers requesting a remote installation server. A client computer is known if a managed computer account object exists for it within Active Directory. This allows the administrator to offer only authorized—that is, pre-staged within the Active Directory—computers the OS installation options from this RIS server. This setting also provides support for multiple Remote Boot or Install servers from different vendors on one physical network. For example, if another vendor’s remote install/boot server exists on the same network as the RIS server, you cannot control which server answers the client computer’s request. Setting this option and pre-staging client computers ensures that this RIS server will service only pre-staged client computers.
5. For the purpose of this guide, select Respond to client computers requesting service and click > Next.
6. The setup wizard prompts you for the location of the Windows 2000 Professional installation files. RIS supports the remote installation of Windows 2000 Professional only. Insert the Windows 2000 Professional CD into the server’s CD drive and type the drive letter containing the CD  (or browse to a network share that contains the installation source files). Click Next.
7. The wizard prompts you to enter the directory name that will contain the workstation files on the RIS server. This directory is created beneath the directory specified in Step 3 above. The directory name should reflect its contents—for example, Win2000.pro. Click Next to accept the default name of   win2000.pro.
8. You are prompted for a friendly description and help text that describes this OS image. The friendly description and help text is displayed to users or IT staff during the client installation wizard (OSChooser) at initial startup on a remote client. For example, if this workstation OS will be tailored to sales staff, then a friendly description might be “Windows 2000 Professional for Sales Staff.” The help text is displayed when the user selects the description within the Client Installation wizard. Make sure you provide clear help text to your users, to ensure that they choose the correct OS option at installation time. For this exercise, click Next to accept the default name of Microsoft Windows 2000 Professional.
9. At this point, you are presented with a summary screen indicating the choices you have made. Click Finish to confirm your choices. Once the installation wizard completes, you are ready to either service client computers, or additionally configure the RIS settings.

Wait while the wizard installs the service and settings you have selected. This takes several minutes. When it is finished, a screen appears as in Figure 1 below:

Figure 1. Completed RIS installation.

10. Click Done.

Now that RIS is successfully installed, you must authorize the RIS server within Active Directory. If you do not authorize the RIS server, it will fail to service client computers requesting a network service boot. The next section outlines these steps.

Authorizing RIS within the Active Directory

RIS allows you to control which RIS servers can service client computers on the network. For a RIS server to operate, it must first be authorized within Active Directory. If the RIS server is not authorized within Active Directory, client computers requesting service will not be able to contact the RIS server and will not be answered.

To authorize a RIS server within Active Directory, you must be logged on as an enterprise administrator or a domain administrator of the root domain. You can complete the following steps on any domain controller, member server of the domain, or a Windows 2000 Professional workstation that has installed the Administrator Tools Package containing the DHCP Server Management snap-in. This guide performs the authorization on a domain controller: specifically, the domain controller that would have been created by running Part I of the Common Infrastructure step-by-step guide.

1. Click Start, point to Programs, point to Administrative Tools and click DHCP. The following snap-in appears as in Figure 2 below:
   
   
   Figure 2. DHCP Snap-In
2. Right-click DHCP in the upper-left corner of the DHCP screen, and select > Manage Authorized Servers. If your server is not already listed, click Authorize, and enter the IP address of the RIS server. Click > Yes when prompted to verify that the address is correct.

At this point, your RIS server is authorized within Active Directory and is now able to respond to client computers requesting service.

Note: If you authorize the RIS server on a non-domain controller computer, follow these steps to install the Administrator Tools Package:  Click Start, click Run, and type adminpak.msi on a Server system.  From a Professional based system, execute adminpak.msi from the Windows 2000 Server CD.

Setting Required User Permissions

If users are allowed to use RIS to install their own client computers, the administrator must ensure that those users have been granted the correct permissions for creating machine accounts within the domain. The permissions granted using the steps below will allow users to create computer accounts anywhere in the domain.

1. Click Start, point to Programs, point to Administrative Tools, and click Active Directory Users and Computers.
2. Right-click the Domain Name (Reskit.com) at the top of the snap-in, and click the Delegate Control option. 
3. A wizard starts. Click Next.
4. Click Add to add users who are allowed to install their own computers using Remote OS Installation.
5. For the purpose of this guide, highlight Everyone and click Add. Click OK.
6. Click Next to continue.
7. Check the Join a Computer to the Domain option, and click Next.
8. Click Finish. Users can now create computer account objects during the OS installation using the RIS service.

You can now either use the default RIS settings and immediately begin servicing client computers, or you can make changes to the RIS settings first. In either case, review the section titled "Prerequisites for Client Installations" above before servicing the first client computer.

Installing Client Computers Using Remote Installation

This section describes the steps required to successfully install Windows 2000 Professional on a Net PC, a Managed PC (PC 98 compliant system), or a PC that contains a network card supported by the remote installation boot floppy. To ensure a successful client installation, complete all prerequisites listed at the beginning of this document.

1. Reboot your client machine from either the remote floppy or the PXE boot ROM. When prompted, press the F12 key to start the download of the client installation wizard.
2. Press Enter at the welcome screen.
3. For the user name, type Jon Grande (this user is created using the Common Infrastructure step-by-step guide discussed in the Prerequisites Section above.) Press the Tab key twice. For this instruction set, the password is left blank and the domain name should be entered as reskit.com. Press Enter to continue.
4. You will get a warning message that all data on the client machine hard drive will be deleted. To continue, press Enter.
5. A computer account and a global unique ID for this workstation are displayed. Press Enter to begin Setup. The Windows 2000 Setup program begins.
6. If prompted, type the Product Key (found on the back of the Windows 2000 Professional CD case) and click > Next.  (Note: This step can be avoided by specifying the product key in the .sif file; see Windows 2000 Online Help for assistance in making this change to the .sif file.)

After the installation is complete, the user is prompted to log on to the network with an existing user account, password, and logon domain. 

At this point, you have successfully configured and installed a remote operating system using RIS. See below for additional information on configuration options.

Configuring Remote Installation Services

This section outlines the specific RIS configuration options that can be configured. If desired, these optional steps should be performed using the Active Directory Users and Computer snap-in on the RIS server.

Note: Although not covered in this guide,  you can administer the majority of the RIS configuration settings from a Windows 2000 Professional client. To administer a RIS server from a Windows 2000 Professional client, install the Administrator Tools package AdminPak.msi that ships as part of the Windows 2000 Server CD. The Administrator Tools package can be deployed or installed from the <Windir>\System32 directory on the server.

1. Click Start, point to Programs, point to Administrative Tools, and  click Active Directory Users and Computers.

You are presented with your Active Directory tree as in Figure 3 below:

Figure 3. Active Directory Users and Computers Snap-In

There are two areas of administration concerning the configuration of the RIS server settings:

• Remote installation server properties, which allow you to determine how this RIS server responds to client computers that request service.

• Advanced settings, which provide additional flexibility regarding the ways in which client computers are installed.

Locate your RIS server computer object within the Active Directory Users and Computers snap-in. Depending on the type of server, domain controller, or member server of a domain, the server’s computer object can be located in the Domain Controller Active Directory container or another container specified by the administrator at install time.

2. Click Domain Controllers in the left pane.

3. Right-click HQ-RES-DC-01 in the right pane.

4. Click Properties.

5. Click the Remote Install tab. The property page appears as in Figure 4 below :
   
   
   Figure 4. RemoteInstall Options
   
   The server options control how this RIS server responds to remote client computers requesting service.

6. Click Advanced Settings on the RIS server property page.

7. Click the down arrow next to the Generate client computer names using drop-down box as in Figure 5 below.
   
   
   Figure 5. Client under Advanced

The administrator can define the automatic computer naming policy that is used during OS installation to provide the computer with a unique name. The computer name is used to identify the client computer on the network, similar to the older NetBIOS name used in previous versions of the Windows NT® and Windows operating systems.

This tab also allows you to define a default Active Directory container for client computer account object creation. You can group clients within a specific directory service domain or organizational unit (OU). During OS installation, Windows 2000 setup queries these settings to ensure the client computer is configured according to what the administrator has specified. These are the options:

• Default directory service location. This option specifies that the computer account object for the client computer will be created in the default Active Directory computer accounts location. The default Active Directory location is set to the Computers container within the Active Directory. The client computer becomes a member of the same domain as the RIS server installing the client.

• Same location as the user setting up the computer.This options pecifies that the client computer account object will be created within the same Active Directory container as the user setting up the machine. For example, if Jon logs on within the Client Installation wizard and his user account currently resides within the "Users" Active Directory container, the client computer account is created within the "Users" container in the Active Directory.

• A specific directory service location. This option allows the administrator to set a specific Active Directory container where all client computer account objects installed from this server are created. It is assumed that most administrators will select this option and specify a specific container for all remote installation client computer account objects to be created in.

Note: If an end user is setting up the client computer, the user must have the appropriate rights to create the computer account within the domain or OU chosen. For more information on giving users computer account creation permissions, please see the RIS online Help.

Note: In order for all client computers using the RIS feature for OS installation to contain the same settings, all remote installation servers need to be configured in the exact same way. This release does not support replication of OS images or RIS configuration settings between RIS servers.

8. Specify the desired user name parameters and directory service location and click Apply.

9. Click the Images tab.

The Images tab is used for managing the client operating system images installed on a RIS server. Its options allow an administrator to add, remove, or modify the properties of an operating system image.

There are two types of images that can be displayed on the Images tab:

• CD-based.A CD-based image is simply a copy of the Windows 2000 Professional CD. This installs only the base operating system without applications or configuration settings.

• Remote Installation Preparation (RIPrep). RIPrep images are a combination of the OS, locally installed applications, and configuration settings. Many companies standardize on a single type of OS installation across their organization. Administrators can now use RIS to install the base OS, then add corporate standard applications and configure the installation exactly as they want. Once the workstation is configured appropriately, the administrator runs the Remote Installation Preparation Wizard (RIPrep) utility to create that image on an available RIS server. Once the image is replicated on the RIS server, new client computers requesting an OS installation can download the image. For more information on the RIPrep wizard and feature set, please see the section, “Using the Remote Installation Preparation Wizard” below.

• Use the Addoption to add a new CD-based OS image or to associate an unattended setup answer file (*.sif) to an existing CD-based image on the RIS server. You can associate a number of unattended setup answer files to a single OS-based CD Image. This allows the administrator to offer users a variety of unattended Windows 2000 installation types, each performing a different type of installation from the same OS image on the RIS server. RIS installs a default unattended setup installation (.sif) file with the default OS image that was added during RIS installation.

< Note: You cannot use the Add option on the Images tab to add an RIPrep image, nor can you use the Add option to associate additional unattended setup answer files to a RIPrep image.

• Use the Remove option to remove the unattended setup answer file (*.sif) that is associated with the OS image. Note that this option removes only the .sif file. You should not remove the physical OS image completely until all client computers have upgraded beyond that version. To remove the OS image from the remote installation server, use Windows Explorer to delete the directory and subdirectories containing the image.

• Use the Propertiesoption to change the friendly description and help text that describes the operating system image. If you want to change the description of an OS image, click the Image you want to modify and click Properties. The dialog box appears as in Figure 6 below:

Figure 6. Image Properties

If you replace the existing friendly description and help text with new text, all users of the client installation from that point forward see the new text descriptions. You can also use the Properties option to view specific image attributes, such as OS version, language, and the type of image (CD or RIPrep).

10. Click Cancel to make no changes.

11. Click the Tools tab if you wish to view its options.

The Tools tab is available for independent software vendors (ISVs) or original equipment manufacturers (OEMs) that would like to use their pre-boot tools with RIS. ISVs or OEMs need to provide an external setup program that adds their respective tool to the \RemoteInstall directory tree. Once added, the tool shows up on the Tools tab and is available to administrators and users of the Client Installation wizard.

The Tools option also allows ISVs or OEMs to provide pre-OS installation maintenance and troubleshooting tools to administrators, IT staff, or users. This provides administrators with an easy way to update client computer systems, such as the system BIOS.

12. After making the desired changes, close Active Directory snap-in.

Client Installation Options

There are four installation options that you can choose to present to a user of the Client Installation wizard. These options are:

• Automatic setup
• Custom setup
• Restart a previous setup attempt
• Maintenance and troubleshooting

The installation options available to any given user are determined by the specific Remote Installation Services Group Policy settings. For example, you can choose to provide all members of the Help Desk Security group access to all of the installation options, yet restrict general network users to the Automaticsetupand Maintenance and troubleshootingoptions. This prevents user confusion and helps guide the user to the correct choices for OS installation. By default, users are given the right to automatic setup only.

Automatic Setup

The Automatic setup option is the default installation option enabled for all users of the Client Installation wizard. If this is the only installation option available to a user, when the user logs on within the Client Installation wizard, the automatic setup option is not displayed. Instead, the Client Installation wizard jumps directly to the OS images selection screen. If there is only one OS image offered, the user simply logs on within the Client Installation wizard and is asked to confirm the installation. If more than one OS image is available for installation, the user has a choice of which OS to install. Note that you can configure the RIS server to limit the OS images the user can see. For more information on restricting OS image access, see the section “Restricting OS Image Options” below.

By using an unattended installation setup answer file (*.sif), you can create several unattended OS installations that are associated with one CD-based OS image on the remote installation server. You can customize which items are installed, as well as how the specific OS options are configured during OS install.

For example, you can choose to create a specific OS unattended setup answer file (*.sif) that installs the TCP/IP protocol, sets the display resolution to 800 x 600, and sets a specific company or department name. You can provide a friendly description for this OS image that the user can relate to, such as Windows 2000 Professional for Sales Staff. The friendly description is configurable after the initial posting of the workstation OS image on the RIS server (see the preceding section on configuring options on the RIS server). When a user logs on, a list of OS installation images is displayed for the user to choose from.

When the user selects one of the operating system images, a message displays stating that an operating system is about to be installed on this computer, and that the operating system requires the local hard disk to be repartitioned and formatted, thus erasing all data that currently resides on the disk.

Note: An administrator can edit the “Caution.osc” screen using the Notepad.exe program to provide a friendly message regarding the repartition and format of the local hard disk.

Custom Setup

The Custom setup option allows you to override the automatic computer name assignment, as well as the computer account creation mechanism. You are prompted to manually enter a computer name or the Active Directory location where the computer account should be created.

Note: The Custom setup option can also be used to pre-stage a client computer into the Active Directory before delivery of the PC to the end user. Windows 2000 Remote Installation Services do not support fully unattended installations on machines that contain ISA or non Plug and Play aware devices.

Restart a Previous Setup Attempt

This option provides the ability to restart a failed setup attempt. If you started to install the OS and for some reason lost your connection to the RIS server, you can reboot the client computer, press F12 when prompted for a network service boot, and choose the Restart a Previous Setup Attempt. This restarts the installation of the previous installation attempt without asking for the computer name or Active Directory location previously entered before the initial failure.

Maintenance and Troubleshooting

This option provides access to third-party ISV and or OEM Pre-OS maintenance and troubleshooting tools.

Restricting Client Installation Options

To restrict the client installation options for users of RIS within your organization, apply the appropriate Group Policy settings for the RIS servers on your network.

1. Click Start, point to Programs, point to Administrative tools, and click Active Directory Users and Computers.
2. Locate the Active Directory container where you would like the RIS policy settings to be set. By default, the RIS policy settings are applied within the Default Domain Policy Object, which is located at the root of your domain.
3. Right-click Reskit.com in the left pane, and click the > Properties option.
4. Click the Group Policy tab from the top of the Properties dialog box.
5. Click the Default Domain Policy object and click Edit.
6. Expand the User Configuration option by clicking the + next to it (unless it is already expanded), and then expand the > Windows Settings option in the same way. Click the Remote Installation Services option as in Figure 7 below.
   
   
   Figure 7. Group Policy RIS Choice Options
7. Double-click the Choice Options in the right pane. 

Each Choice Option allows for a specific setting, as follows:

• Allow. If this option is selected, the users that this policy is applied to are offered the installation option.
• Don’t Care. If this option is selected, the administrator accepts the policy settings of the parent container. For example, if the administrator for the entire domain has set RIS specific policy, and the administrator of this container has chosen the > Don’t Care option, the policy that is set on the domain is applied to all users who are affected by that policy.
• Deny. If this option is set, the users affected by this policy are not allowed to access that installation option within the Client Installation wizard.

8. Close the Choice Options and other windows, and close the Active Directory Users and Computers Snap-In.

Restricting OS Image Options

RIS provides the administrator flexibility in the amount of control users have in choosing the OS that is installed on their computer. The administrator can configure the RIS servers to guide users through a successful OS installation without requiring the user to select the correct OS image.

By setting explicit user or group security permissions on the unattended setup answer file (*.sif) for a given OS image, you can determine which OS options a user can see and install. You can choose to allow all users of RIS to choose from all of the OS images available on a given RIS server, or you can restrict the user to only a select few that are appropriate for that user or group of users.

1. Click Start, point to Programs, point to Accessories, and click Windows Explorer.
2. Click the + next to My Computer
3. Click the + next to New Volume
4. Click the + next to RemoteInstall
5. Click the + next to Setup
6. Click the + next to English (or whatever language you are using)
7. Click the + next to Images
8. Click the + next to win2000.pro
9. Click the + next to i386
10. Click Template. A sample directory structure is shown in Figure 8 below.
    
    
    Figure 8. Templates
    
    Note: Each CD-based OS image that you add to a RIS server has an associated \Templates directory that contains the image’s associated unattended setup answer files (*.sif).
    
    Depending on the level of restriction that you want to establish, you can set specific access permissions on the \Templates directory or in the individual unattended setup answer files within this directory. If you have not associated additional unattended answer files to the base OS image, you will only see one SIF file (Ristndrd.sif) within the \Templates directory.
11. Right-click the > \Templates directory, and click the Properties option. The property page for the > \Templates folder appears.
12. Select the Security tab. A dialog box appears as in Figure 9 below:
    
    
    Figure 9. Template Properties
    
    In this example, the existing security permissions allow all users access to this OS image from within the Client Installation wizard. 
13. To restrict access to this OS image, select the Everyone group, and click Remove. This removes user access to this OS image. If a normal user were to run the Client Installation wizard at this point, the user would not have access to any available OS image to install.
14. Click Add, and select the security group or individual users that should be allowed access to this OS image. Click > Add to add them to the authorized list, and then click > OK twice. The default permissions that are set for each user or security group are sufficient for use with RIS.

Note : Selecting individual users for specific access can become an administrative burden. Instead group your users by security group and apply the security group to the \Templates directory for OS image access. In this way, if you add users to the security group, they already have access to the correct OS image.

Important Note Never remove the permissions assigned to the Administrators group for a .SIF file. Doing so will prevent the RIS components themselves from accessing the file and prevent proper client installations.

At this point, you are ready to service client computers with RIS. Ensure that all services are running, all configuration settings have been made, and that the client computers adhere to the minimum requirements as described above.

Remote Installation Preparation Wizard (RIPrep)

The Remote Installation Preparation wizard (RIPrep.exe) provides the ability to prepare an existing Windows 2000 Professional installation, including locally installed applications and specific configuration setting, and replicate that image to an available RIS server on the network. The RIPrep feature currently supports replication of a single disk single partition (C Drive only) with Windows 2000 Professional installation. This means that the OS and all of the applications that make up the standard installation must reside on the C: drive before running the wizard.

First use RIS to remotely install the base Windows 2000 Professional OS on a client computer. Next, install any desired applications on the client computer. Configure the installation to adhere to any company policies; for example, you might choose to define specific screen colors, set the background bitmap to a company-based logo, or set intranet proxy server settings within Internet Explorer. Once the workstation is configured and tested, run the Remote Installation Preparation wizard (RIPrep.exe) from the RIS server that will receive the RIPrep-based OS image.

The destination computer does not need to have the same hardware as the source computer used to create the image, with the exception that the Hardware Abstraction Layer (HAL) drivers must be the same.  For example, both computers must be ACPI (Advanced Configuration and Power Interface)-based or both must be non ACPI-based). In many cases, workstation-class computers do not require unique HAL drivers. The RIPrep utility uses the new Plug and Play support that ships with Windows 2000 for detecting any differences between the source and the destination computer hardware during image installation time.

To run the Remote Installation Preparation wizard (RIPrep.exe)

1. Install the base Windows 2000 Professional OS from an available RIS server on a supported client computer.
2. Install any applications locally on the client computer. Configure the client computer with any specific corporate standard desktop settings. Be sure the client installation is exactly as you want it to be. Once the image is replicated to the RIS server, you cannot alter its configuration.
3. Connect to the RIS server where you want to replicate this image, as follows:
4. Click Start , click Run, and type the following command in the Open text box:

   \\RISservername\Reminst\Admin\I386\RIPrep.exe 
   

   where RISservername is the computer name of the destination RIS server. In our example, this is HQ-RES-DC-01. Reminst is the Remote Installation Share that is created when you installed the RIS service on the server. > Admin is the directory that contains the RIPrep.exe that launches the remote installation.
5. At this point, the Remote Installation Preparation wizard starts and you are presented with a welcome screen that describes the feature and its functionality. Click Next.
6. You are prompted to enter the name of the RIS server where you would like to replicate the contents of the client hard disk. By default, the RIS server that the wizard (RIPrep.exe) is being run from is automatically filled in (in our example, Reskit.com). Click Next.
7. You are prompted to provide the name of the directory on the RIS server where this image will be copied. The image is created under the \remoteInstall\setup\OS Language\Images directory. Click Next.
8. You are prompted to provide a friendly description and help text describing this image. The friendly description and help text are displayed to users of the Client Installation wizard during OS image selection. Provide enough information that a user can distinguish between images. Click Next.
9. The wizard displays a summary screen of your selections. After you have reviewed them, click Next.

The image preparation and replication process begins. The system is prepared and files are copied to the RIS server specified. Once the replication of the image completes, any remote boot enabled client computer can select the image for a local installation.

Remote Installation Boot Disk Option

The remote installation boot disk can be used with computers that do not contain a remote boot-enabled ROM on the network card. The boot disk is designed to simulate the PXE boot process for computers that lack a supported DHCP PXE-based remote boot ROM. The boot disk generator utility is called RBFG.EXE and is located within the \RemoteInstall\admin directory on every Remote Installation Server.

The RBFG.exe utility is also contained within the Administrator Tools package that ships with Windows 2000 Server. The Administrator Tools package can be deployed across your organization using either Systems Management Server 2.0 or using the new Software Management feature, which is part of the Group Policy infrastructure.

Creating a Remote Installation Boot Floppy

To create a Remote Installation Boot Floppy, run the RBFG.exe utility from the RIS server either on a client computer that is connected to the RIS server or a computer with the administrator tools package installed.

1. Click Start, click Run, and in the Open text box, type RBFG.exe, and click OK.

To see a list of network adapters supported, click Adapter List. (Note: the RBFG.exe utility does not allow you to add network adapters). To create a remote installation boot disk, insert a disk into the appropriate drive and then select Create Disk.

Remote Boot ROM PXE Architecture

Remote Installation Services uses DHCP for IP address assignment to clients. When a new DHCP- PXE-based remote boot client computer is powered on for the first time, the client requests an Internet Protocol (IP) address, and the IP address of an active boot server via the DHCP protocol. As part of the initial request, the client computer sends out its globally unique identifier (GUID or UUID), which is used to uniquely identify the client machine within the Active Directory, in the case of Windows 2000 Remote Installation Services.

From the RIS server, the client computer receives:

• Its own IP address from DHCP.
• The IP address of the RIS server.
• The name of a boot image the client computer will need to request when contacting the RIS server for initial service.

Once the client request is made, the first RIS server to respond will check Active Directory to see if this client has been pre-staged or not.  RIS does this by checking in Active Directory for a computer account object that has the unique GUID/UUID.

The PXE process is used every time a remote boot ROM-enabled client requests a network service boot. Remote boot/installation server vendors implement their own process to download the first image.

Conclusion

The information presented in this guide has provided the technical details required to install, configure, and use Microsoft Remote Installation Services.

Remote Installation Services require several of the Windows 2000 Server technologies—Active Directory, DHCP server, and the DNS server services. The remote installation sever also requires that client computers contain either the new DHCP PXE-based remote boot capable ROMs or a network card supported by the remote installation boot floppy.

Appendix A: Remote Installation Server and Workstation Hardware Requirements

Server Hardware Requirements

See the Product Compatibility page to verify that your server meets the minimum requirements for Windows 2000 Server.

• Pentium or Pentium II 200 megahertz (MHz) recommended (166 MHz minimum)
• 64 MB RAM minimum. If additional services such as the DS, DHCP, and DNS are installed then the minimum amount of RAM is 96 or 128 MB
• 2-GB drive dedicated to the Remote Installation Servers directory tree
• 10 or 100 megabits per second (Mbps) network adapter card. (100 Mbps preferred.)

Note: You should dedicate an entire hard drive or partition specifically to the Remote Installation Services directory tree. (SCSI-based disk controller/disks are preferred.)

Client Hardware Requirements

See the Product Compatibility page to make sure that your workstation meets the minimum requirements for Windows 2000 Professional.

• Pentium 166 MHz or greater NetPC client computer
• 32 MB of RAM
• 1.2-GB drive minimum
• PXE DHCP-based boot ROM version .99c or greater or a network adapter supported by the RIS boot floppy.

Best Practice: Always check with the manufacturer of your network adapter to get the latest version of the PXE ROM.

Network Cards supported by RIS Boot Floppy

3 Com Network Adapters

• 3c900 (Combo and TP0)
• 3c900B (Combo, FL, TPC, TP0)
• 3c905 (T4 and TX)
• 3c905B (Combo, TX, FX)

AMD Network Adapters

• AMD PCNet and Fast PC Net

Compaq Network Adapters

• Netflex 100 (NetIntelligent II)
• Netflex 110 (NetIntelligent III)

Digital Equipment Corporation (DEC) Network Adapters

• DE 450
• DE 500

Hewlett-Packard Network Adapters

• HP Deskdirect 10/100 TX

Intel Corporation Network Adapters

• Intel Pro 10+
• Intel Pro 100+
• Intel Pro 100B (including the E100 series)

SMC Network Adapters

• SMC 8432
• SMC 9332
• SMC  9432

Appendix B: Frequently Asked Questions

How do I know I have the correct PXE ROM version?

When the NetPC or client computer ROM-boots, a PXE (LSA) ROM message appears on the screen. You can see which version of the PXE ROM code is displayed during the boot sequence of the client machine. Windows 2000 RIS supports .99c or greater PXE ROMs. You may be required to obtain a newer version of the PXE-based ROM code from your OEM if you are not successful with this existing ROM version.

How do I know if the client computer has received an IP Address and has contacted the Remote Installation Server?

When the client computer boots, the PXE Boot ROM begins to load and initialize. The following 4-step sequence occurs with most Net PC or PXE ROM-based computers (Note: the sequence may be different on your computer):

Step 1: The client computer displays the message > BootP. This message indicates the client is requesting an IP address from the DHCP server.

Troubleshooting: If the client does not get past the BootP message, it means the client is not receiving an IP address. Things to check are:

• Is the DHCP server available and has the service started? DHCP and RIS servers must be authorized in the Active Directory for their services to start. Check that the service has started and that other non-remote boot-enabled clients are receiving IP addresses on this segment.
• Can other client computers—that is non-remote boot-enabled clients—receive an IP address on this network segment?
• Does the DHCP server have a defined IP address scope and has it been activated? To check this click Start, point to Programs, point to Administrative Tools, and click DHCP.
• Click Start, point to Programs, point to Administrative Tools, and click Event Viewer.  Are there any error messages in the event log under the System Log for DHCP?
• Is there a router between the client and the DHCP server that is not allowing DHCP packets through?

Step 2: When the client receives an IP address from the DHCP server, the message changes to > DHCP. This indicates the client successfully leased an IP address and is now waiting to contact the Remote Installation Server.

Troubleshooting: If the client does not get past the DHCP message, it means the client is not receiving a response from the remote installation server. Things to check are:

• Is the remote installation server available and has the (BINLSVC) RIS service started? RIS servers must be authorized in the Active Directory for their services to start. Check to ensure the service has started using the DHCP snap-in (click Start, point to Programs, point to Administrative Tools, and click DHCP).
• Are other remote boot-enabled clients receiving the Client Installation wizard? If so, this may indicate this client computer is not supported or is having remote boot ROM-related problems. Check the version of the PXE ROM on the client computer.

Is there a router between the client and the remote installation server that is not allowing the DHCP-based requests/responses through?  When the RIS client and the RIS server are on separate subnets the router between the two systems must be configured to forward DHCP packets to the RIS server. This is because RIS clients discover a RIS server by using a DHCP broadcast message.  Without DHCP forwarding set up on a router, the clients’ DHCP broadcasts will never reach the RIS server. This DHCP forwarding process is sometimes referred to as DHCP Proxy or IP Helper Address in router configuration manuals. Please refer to your router instructions for setting up DHCP forwarding on your specific router.

• Click Start, point to Programs, point to Administrative Tools, and click Event Viewer. Are there any error messages in the event log under the System or Application logs specific to RIS (BINLSVC), DNS, or the Active Directory?

Step 3: The client changes to BINL or prompts the user to click the F12 key. This means that the client has contacted the RIS server and is waiting to TFTP the first image file—OSChooser. You may not see the BINL and TFTP message as on some machines as this sequence simply flashes by too quickly.

Troubleshooting: If the client machine does not get a response from the Remote Installation Server, the client times out and displays an error that it did not receive a file from either DHCP, BINL, or TFTP. In this case, the RIS Server did not answer the client computer.

Stop and restart the BINLSVC. From the Start menu, click Run, and type CMD. Enter these commands:

Net Stop BINLSVC

Net Start BINLSVC

If the client machine does not receive an answer after attempting to stop and restart the service, then check the Remote installation Server Object properties to ensure the correct setting has been set—that is, verify that RIS is set to "Respond to client computers requesting service", and "Do not respond to unknown client computers".  Click Start, point to Programs, point to Administrative Tools, and click Event Viewer to check the Event log on the RIS server for any errors relating to DHCP, DNS, or RIS (BINLSVC).

Step 4: At this point, the client should have downloaded and displayed the Client Installation wizard application with a Welcome screen greeting the user.

Does RIS support remote installation of Windows 2000 Server CD-based or RIPrep OS images?

No. RIS does not support remotely installing Windows 2000 Server.

Does RIS support remotely installing an OS image (RIPrep or CD-based) on laptop computers?

Yes and no. RIS has been tested with laptop computers in docking stations that support the required PXE ROM code. The laptops must be located within the docking stations with the network cable plugged into the network adapter located in the docking station.  

RIS does not support laptop computers that contain PC Card or PCMCIA cards that contain a PXE supported ROM.

Is the Pre-Boot portion of the PXE-based Remote Boot ROM Secure?

No. The entire ROM sequence and OS installation/replication is not secure with regard to packet type encryption, client/server spoofing, or wire sniffer based mechanisms. As such, use caution when using the RIS service on your corporate network. Ensure that you only allow authorized RIS servers on your network and that the number of administrators allowed to install and or configure RIS servers is controlled.

Can RIPrep-based OS images be replicated to alternate media such as DVDs, CDs, and/or Zip drives?

No. This is something that is being considered for the next major release of RIS.

Does the RIPrep feature of RIS support different hardware between the source computer used to create the RIPrep-based OS image and the destination computer that will install the image?

Yes. The hardware between the source PC and the destination PC can be different. The one exception to this is the Hardware Abstraction layer (HAL) driver used. For example, if the source PC is an Advanced Configuration Power Interface (ACPI)-based computer, it uses a specific ACPI HAL driver. If you attempt to install this RIPrep image on a non-ACPI-based or enabled computer, it will fail.

Does the RIPrep wizard support multiple disks and or multiple partitions on a given client computer?

No. The RIPrep utility only supports a single disk with a single partition (C:\ drive) in this release of RIS.

How does the RIPrep wizard deal with disks that differ in size between the source PC used to create the image and the destination PC that will receive it?

The destination PC’s disk size must be equal to or larger than the source disk used to create the image.

How do I replicate all of the OS images currently located on one of my RIS servers to other RIS servers on the network for consistency across all client installations?

Currently RIS does not provide a mechanism for replication of OS images from one RIS server to another. There are several mechanisms that can be employed to solve this problem. Take advantage of the replication features of the Microsoft Systems Management Server product, for example. This product provides for scheduled replication, compression, and slow link features. You can also employ third-party vendor solutions for OS image replication. Ensure that the replication mechanism supports maintaining the file attributes and security settings of the source images.

Can I have an RIS server and a third-party remote boot server on the network at the same time? If so, what are the implications?

Yes. You can have multiple vendor Remote Boot/Installation (RB/RI) servers on one physical network. It is important to understand that currently the remote boot PXE ROM code does not know the difference between vendors RB/RI servers. As such, when a remote boot-enabled client computer powers up and requests the IP address of a RB/RI server, all of the available servers respond to that client. Thus, the client has no way to ensure it is serviced by a specific RB/RI server.

RIS allows an administrator the ability to pre-stage client computers into the Active Directory and mandate which RIS server services that client. By configuring the RIS server to answer only known client computers (pre-staged), the administrator is assured that the correct RIS server services the client. Not all of the third-party RB/RI vendors have implemented the ability to ignore service requests, so you may need to segment off the specific vendors servers so that clients are not answered by these vendors’ RB/RI servers.

Can I remotely manage the RIS servers from Windows 2000 Professional workstations on my network.

Yes. If you are an administrator in the domain and you have installed the Administrator Tools MSI package, you can administer the majority of the RIS configuration settings. There are some items that you cannot manage. For example, you cannot remotely add additional OS images to RIS servers from Windows 2000 workstation computers.

Can I add additional network adapter cards to the RIS Boot Floppy?

No. The RBFG.exe utility is hard-coded with the supported network card adapters for this release of RIS. Microsoft will be adding additional network card adapters over time. Microsoft makes the updated RBFG.exe utility available through normal distribution channels such as the Web, Windows Update, and future service/feature pack updates.

Can I use the Active Directory object attributes to create a naming format for use with the RIS automatic computer-naming feature?

No. The existing attributes supported with the automatic computer-naming feature leverage the Active Directory. However, all of the Active Directory object attributes are not currently supported. This is something that is being investigated for a future release of RIS.

Where do I look on the client computer to find the GUID/UUID for pre-staging clients in the Active Directory for use with RIS?

The GUID/UUID for client computers that are PC98 or Net PC compliant can be found (in most cases) in the system BIOS. OEMs are encouraged to ship a floppy disk containing a comma-separated file or spreadsheet that contains a mapping of Serial # to GUID/UUID. This allows you to script pre-staging client computers within the Active Directory. OEMs are also encouraged to post the GUID/UUID on the outside of the computer case for easy identification and pre-staging of computer accounts. If the GUID is not found in the above-mentioned locations, you can sniff the network traffic of the client, locate the DHCP Discover packet, and within that field will be the 128-bit 32 byte GUID/UUID.

Important Notes

The example company, organization, products, people, and events depicted in this step-by-step guide are fictitious. No association with any real company, organization, product, person, or event is intended or should be inferred.

This common infrastructure is designed for use on a private network. The fictitious company name and DNS name used in the common infrastructure are not registered for use on the Internet. Please do not use this name on a public network or Internet.

The Active Directory structure for this common infrastructure is designed to show how Windows 2000 features work and function with the Active Directory. It was not designed as a model for configuring an Active Directory for any organization—for such information see the Active Directory documentation.

This feature information was obtained from the Microsoft Windows 2000 website at http://www.microsoft.com/windows2000 and are linked from ActiveWin.com for your convenience and is subject to Microsoft's copyright. For the most accurate information please visit the official site.

Return To The Windows 2000 Section