You can centralize your OS installations and save yourself some time and expense by implementing IntelliMirror’s remote OS installation feature. But before you jump right in and start to set it up, you’ll need to consider such things as how you will deploy OSs across the enterprise, how those deployment needs match your current Active Directory (AD) structure, and the most efficient means of deploying GPOs. Deciding these things up-front will make the actual implementation run more smoothly. In this Daily Drill Down, I will tell you how to prepare and then guide you through the actual steps of implementing remote OS installation with IntelliMirror.
Need to know how remote OS installation works?
Read the Daily Feature “How to perform remote operating system installations with IntelliMirror.”
Planning for RIS Implementation
Like most IntelliMirror features, remote OS installation requires a few steps of preparation before you can start deploying OSs with it. First, because Remote Installation Services (RIS) relies heavily on group policies, you need to have a good understanding of them. You need to evaluate how to deploy OSs across the enterprise and whether that deployment will require changes to your current AD structure.
Because you define deployment options through group policy, you need to determine at which level you’ll apply the group policy objects (GPOs) that contain those policies. You can apply GPOs at the organizational unit (OU), domain, or site levels. If you need to deploy OSs based on user job function, you should apply the installation policies at the OU level. If they don’t currently exist, create the necessary OUs, and place users in them according to installation requirements. If the installations are the same across domains or the entire site, apply the GPO at the site level. Whatever your situation, determining the most efficient means of deploying the GPOs reduces duplication of effort.
In addition to AD and group policies, RIS also uses the following services:
- Boot Information Negotiation Layer (BINL)—BINL supports RIS by handling network communications, such as responding to client queries for RIS services, communicating with the AD, and verifying the correct application of policies and settings to the client computer during a remote OS installation.
- Trivial File Transfer Protocol Daemon (TFTPD)—This service handles file transfers that relate to the remote installation, including downloading the Client Installation Wizard and related files for the client installation session.
- Single Instance Store (SIS)—This service manages the disk space on the RIS volume where the OS images are stored. It actively monitors the disk for duplicate files and replaces duplicates with links to the original file.
Windows 2000 installs each of these services when you install RIS, and you don’t need to perform any configuration steps for them. In addition, RIS uses a handful of other components to provide the services for remote installation. For example, when you install RIS, Windows 2000 updates the DHCP service to include support for PXE clients, so you’ll need to configure DHCP and authorize it in the AD as part of the RIS installation process. As you plan the installation, determine the DHCP scopes and options you’ll need.
You must also decide where you will host the Windows 2000 Professional OS images on the RIS server. You’ll need an NTFS version 5 or later volume with sufficient space to hold the OS images you plan to offer your users. Before you implement remote OS installation, install a new drive or prepare an existing one for your OS images.
You should also decide what types of installations to offer your clients. You can deploy Windows 2000 through remote installation in two ways: offer a custom installation that mimics the options available from a CD installation or create an OS image for a specific computer configuration. The former offers the user essentially the same range of options as he or she would have for a local installation; the latter installs Windows 2000 for a specific hardware configuration without any user intervention. The former works across a range of system configurations, and the latter is targeted at a specific configuration. So, if a large group of your systems use the same hardware configuration, you can create a prestaged image for those systems. If you choose the latter option, you can use the RIPrep tool to create the image from a preconfigured system. I’ll discuss RIPrep and prestaging in more detail below. First, let’s discuss installing RIS on your server.
Implementing remote OS installation
There are several steps to complete to fully install and implement RIS, including installing RIS, configuring and authoring DHCP, creating OS images for prestaged installations, and creating the group policy objects that will make the OS installations available to clients. I will cover each step in detail below. First, let’s look at the RIS installation process.
You install RIS much like any other Windows 2000 component. Open the Add/Remove Programs object in Control Panel and click Add/Remove Windows Components. Locate Remote Installation Services in the list of components, select it, and click Next. Follow the prompts provided by the wizard to copy the files to the server.
After you install RIS, you need to complete the installation process by running the Remote Installation Services Setup Wizard. After you install RIS, open the Add/Remove Programs object in Control Panel or open Configure Your Server from the Administrative Tools folder, and then click Finish Setup. In the Add/Remove Programs dialog box, click Configure, which is next to Configure Remote Installation Services, to start the wizard. In the wizard, you’ll specify the following information:
- The path to remote installation folder—This is the path to the folder where RIS will store the OS installation images. The volume must be formatted with NTFS version 5 or later and have sufficient free space to contain the images.
- Client support—You can configure the service to begin serving clients immediately. However, you don’t have the service fully set up yet, so I recommend you leave this option disabled until you complete the installation process and the service is really ready to start serving clients.
- Installation source files—Specify the location of a shared network installation file set or the Windows 2000 Professional CD.
- Installation folder name—This is the name of the folder the wizard will create on the RIS image volume for storing the OS image.
- Friendly Description and Help Text—RIS presents the Friendly Description and Help Text to the user to help them select the correct OS image during installation.
When you finish entering the information in the wizard, it will create the image folder, copy files, create an unattended setup file for the image, create a SIS volume, and start the service. The Configure Remote Installation Services object should also disappear from the Add/Remove Programs dialog box upon completion.
Configuring and authorizing DHCP
Next, you will configure DHCP on the server and authorize the server for DHCP in AD. Open the DHCP console from the Administrative Tools folder. Since this article focuses on RIS, I won’t cover DHCP configuration in detail. If you want to learn more about DHCP, see the Daily Drill Down “Understanding new DHCP features in Windows 2000.” I will, however, give you a brief overview on how to get the server running.
First, create a DHCP scope on the server. The scope defines the IP address the server will allocate to clients that request an address lease. To create the scope, right-click the server in the DHCP console’s left pane and choose New, Scope. Follow the wizard’s prompts to specify the address range, exclusion range (if any), gateway, DNS server addresses, and other properties for the scope.
Next, authorize the DHCP server to operate in the domain. Right-click the server in the DHCP console and choose Authorize. Depending on the structure of your AD and number of domain controllers, this could take a few minutes. Close the DHCP console when you’ve finished adjusting scope settings.
Setting RIS properties
After you configure and authorize DHCP, you need to configure settings for RIS. Open the Active Directory Users And Computers console, and then open the Domain Controllers branch. Right-click the RIS server and choose Properties, and then click the Remote Install tab. You can use the Remote Install tab to enable and disable the RIS service on the computer, verify the server, and set other properties.
Click Advanced Settings to open the RIS Properties dialog box. The Client Computer Naming Format group lets you specify how RIS creates computer names for remote installations. The default setting uses the user’s logon name as the computer name. You can also choose other options or create a custom method. Next, specify the location for the clients’ accounts in AD through the Client Account Location group of controls. By default, RIS looks in AD on the RIS server, but you can specify a different location if needed.
The Images tab lets you add images and modify existing ones. You can only modify the name and help text for an existing image, so if you need to make other changes, delete the image and add a new one with your new configuration. To add a new image, click Add. Windows 2000 will open a wizard that lets you associate a new answer file to an existing image or add a complete new image from the Windows 2000 CD. So, create the setup information file (SIF) that you want RIS to use, and then add a new image that references that SIF. When importing SIF files you’ve created and stored on other servers, choose An Alternate Location when prompted for the location of the SIF. Close the properties sheet when you’ve finished configuring settings.
Creating and modifying the GPO
At this point, your RIS server is set up, DHCP is ready to go, and the images are in place to support remote OS installation clients. The next step is to create or modify GPOs to enable the clients to use RIS. Open the Active Directory Users And Computers console and locate the level at which you want to apply the GPO, either OU or domain. To apply the policy at the site level, use the Active Directory Sites And Services console. Right-click the OU or domain where you want to create or modify the GPO, choose properties, and then click the Group Policy tab. If you have an existing GPO, you can apply the settings there, or you can create a new GPO.
Open the GPO, and expand the User Configuration/Windows Settings/Remote Installation Service branch. Double-click Choice Options in the right pane to open its Properties screen. Use the options provided for each policy to fine-tune installation behavior for the applicable group. Make other changes for other policy settings not related to remote OS installation, such as application deployment or folder redirection, and then close the GPO.
The process for prestaging computers involves adding a computer object in AD for each computer to be prestaged. Before you crack open the Active Directory Users And Computers console, however, you need the GUID of each computer to be added. The GUID is a property included in the BIOS for all PC98- or Net PC-compliant computers. If a system doesn’t have a GUID, you won’t be able to prestage it. Often you’ll find the GUID on a sticker on the outside of the computer, but if all else fails, start the computer and look for it in the BIOS settings.
Once you have the GUID, open the Active Directory Users And Computers console, and then open the OU in which you want to place the prestaged computer objects. Right-click the container (or in the right pane) and choose New, Computer to start the New Object-Computer Wizard. Specify the computer name in the first page of the wizard, using the naming scheme you selected when you set the RIS properties. For example, your naming scheme might be the user name. Then, click Next and select the option This Is A Managed Computer. Enter the computer’s GUID in the space provided and click Next. Use the default option to allow the computer to use any RIS server, or select a specific RIS server for the computer, click Next, and then click Finish.
Creating a RIPrep image
You can use the RIPrep utility to create Windows 2000 OS images preconfigured for a specific hardware configuration. This essentially allows you to clone the OS from one computer to other computers that have the same hardware. First, install Windows 2000 Professional on the source system—the one to be used as the model for the image—from the appropriate CD-based image on the RIS server. Install all additional applications that will not be installed through IntelliMirror, and then configure the system as needed.
Next, run the RIPrep utility on the source computer. You’ll find RIPrep.exe in the \%systemroot%\system32\reminst folder on the RIS server. The wizard prompts you for the RIS server on which to store the image, a directory name for the image, the image name, and the Help text for the image. The wizard removes unique settings, such as the computer’s SID, computer name, and unique registry settings, and then creates the resulting image on the RIS server. When RIPrep has completed the process of replicating the image to the RIS server, that image is immediately available to clients for installation.
Creating a boot disk for non-PXE clients
Systems that include a PXE-compliant network interface with remote boot ROM can boot from a RIS server without additional software. Systems that are not PXE-compliant, however, can use a PXE emulator boot disk to boot from the RIS server and perform a remote OS installation. This allows you to use RIS to deploy Windows 2000 to existing systems without replacing network adapters.
When you install RIS, Windows 2000 adds the Remote Boot Disk Generator utility, or Rbfg.exe, to the \%systemroot%\system32\reminst folder on the RIS server. You can use Rbfg to create a boot disk for systems that contain a network adapter supported by Rbfg, which includes 25 adapters manufactured by 3Com, AMD, Compaq, DEC, HP, Intel, and SMC. The utility lets you view the list of supported adapters. Insert a blank, formatted disk in the drive, run Rbfg, and click Create Disk to create the book disk. Make copies of the disk as needed and distribute them to users requiring remote OS installation services for non-PXE-compliant systems.
Planning for a remote OS installation can make a huge difference in the time and effort required to implement it. Just follow the steps I’ve outlined above to prepare for and complete the implementation efficiently and effectively.