Microsoft’s IntelliMirror technologies in Windows 2000 can use group policies to provide increased security, reduced support incidents, quicker disaster recovery, and improved user data availability, but it can also automate a wide range of tasks and reduce administrative overhead by providing remote OS installation. In this Daily Drill Down, I’ll explain how IntelliMirror can save you time and centralize the distribution of OSs on your client workstations from your servers.
Want to learn more about IntelliMirror?
Read the Daily Drill Down “IntelliMirror: What it is and what it isn’t” for a more detailed explanation of IntelliMirror and what it can do for your organization.
Why do I care about remote installation?
The primary benefit of remote OS installation is reduced IT support time. Whether you’re installing systems for new or existing users, you reduce the time required to deploy a new system to almost zero. You don’t need to spend time installing Windows 2000 for the user because it happens automatically. You don’t spend time helping the user through the installation because it is automated. You see these same benefits for disaster recovery, as well, but an added benefit is the ability to get the user back online and working in a minimal amount of time.
For example, if a user’s system goes down and you need to replace the drive, you can simply put in a blank drive and the installation takes place almost automatically. The advantage here is that the OS is installed clean on the system and accommodates disparate hardware while requiring little or no interaction with the user or support staff. Another approach might be to have spare drives on hand with OS images already ghosted onto them, but this requires essentially identical systems throughout the organization and often isn’t practical.
Any user downtime and associated lost productivity can have a major impact on the company’s bottom line. Plus, if the CEO’s computer suffers a meltdown, wouldn’t you rather be able to get him or her back online in an hour rather than a day? When you couple Windows 2000’s remote OS installation capabilities with other IntelliMirror features, such as automated application deployment, folder redirection, and user settings management, you can do just that.
Overview of remote installation
Remote OS installation in Windows 2000 makes uses of a handful of key technologies and features of the OS. The Remote Installation Service (RIS) is an optional component in Windows 2000 Server that works with other components of the OS to allow Windows 2000 to be automatically installed across the enterprise. This means that you can easily deploy Windows 2000 to a large number of systems in the enterprise with little administrative interaction. Using RIS also is a means by which you can deploy Windows 2000 to those workstations without disk or CD-ROM drives.
One of the technologies that RIS requires is the Pre-boot Execution Environment (PXE), a standard that allows a user to boot directly from a PXE-compliant network card to initiate an OS installation or repair. When a PXE-compliant system boots, it uses DHCP to request an IP address lease from a DHCP server and obtain the address of an available RIS server. As part of the request, it provides its globally unique identifier (GUID), which is defined in the system’s BIOS. RIS servers listen for that query, and because the client system identifies itself as being PXE-compliant, the RIS servers respond by providing their IP addresses along with the name of the boot image file the client system can request. Eventually, the image is downloaded via TFTP, and the client computer boots from that image.
The RIS server then looks up the GUID in Active Directory (AD) to determine whether or not there is a prestaged account for that GUID or computer. The RIS server then downloads the Client Installation wizard to the computer, which prompts the user to log on. Using the logon information provided, the RIS server looks up the account in AD to determine which installation options it should offer the user. It then presents those options to the user through the wizard. If there are no options configured in AD for the user, RIS starts the installation process without prompting for options, although it does warn the user that the system’s hard disk will be reformatted and offers the option of canceling the installation. If no GUID was found in AD that matches the one provided by the client computer, the RIS server creates a computer account in AD with a unique computer name and starts an unattended installation using that name.
But what if your systems—or at least some of them—are not PXE-compliant? You can still take advantage of remote OS installation because RIS can generate boot disks that provide PXE emulation. Instead of booting from a PXE-compliant network adapter, noncompliant systems can boot from the emulator disk to access the RIS server and its services.
Because an administrator can control the options offered to the user on his logon account, you, as an administrator, can control which OS options are installed. Although this requires a bit of planning and configuration, you still gain the advantage of simplified installation.
Also, RIS relies on AD and group policies to implement the remote OS installation. You don’t apply policies at the user level, which means you don’t have to prestage installations for every user. Instead, you typically apply the necessary group policy object (GPO) at the organization unit (OU) level, adding or moving users to the OU as needed. If you prefer, you can apply the GPO at the domain or site level, depending on the needs of your users and if those needs are consistent across those levels or if they vary.
IntelliMirror gives you the power to manage many aspects of your users’ workstations. You can even use it to remotely install a new OS on distant client machines, which can save your IT staff a lot of time and ultimately save your company money.