Have you ever stopped to think about how much the act of installing the Windows operating system has changed over the years? When Windows 3.1 was the king of the hill, the installation process involved answering a couple of quick questions and then swapping a bunch of floppies.
Today though, the whole installation process is a lot different. On the up side, swapping floppies is a thing of the past. On the down side, the installation itself tends to be a lot more complicated than it used to be. Don't get me wrong; installing Windows is simple. Anybody with minimal computer skills can install Windows. The tricky part is to install Windows in a way that is compliant with your corporate security policy. Typically this means adjusting a lot of settings once the installation completes, and hoping that you aren't forgetting anything.
This type of manual system deployment is considered to be bad practice though in all but the smallest organizations. Manual deployments are time consuming and they are risky from a security standpoint. It is usually better to automate the deployment of new systems than to attempt to load Windows manually every time a new computer is added to the network. There are lots of different ways that you can automate a Windows deployment. One of the most effective techniques involves creating a remote installation script. In this article series, I will show you how it's done.
Although you can create a remote installation script from scratch if you really want to, I prefer to cheat. I like to use the Windows Setup Manager to create a basic deployment script for me, and then modify the script to meet my needs. For the purposes of this article, I will be using the version of Setup Manager that comes with Windows Server 2003 Enterprise Edition. Although I am using the Windows Server version of Setup Manager, I will be creating a script that can be used to deploy Windows XP Professional.
When you install Windows Server 2003, Setup doesn't install Setup Manager. Instead, you will have to extract Setup Manager from the Windows Server installation CD. To do so, insert your Windows Server 2003 installation CD and navigate to the CD's Support\Tools folder. Now, double click on the DEPLOY.CAB file to reveal the files that it contains. Finally, select all of the files contained in the DEPLOY.CAB file and copy those files to an empty folder on your hard disk.
Running Setup Manager
Now that you have extracted the necessary files, it's time to use the Setup Manager to build a basic automated deployment script. Begin the process by double clicking the SETUPMGR.EXE file. Doing so will launch the Setup Manager. The Setup Manager uses a wizard to guide you through the process of creating the script.
When the Setup Manager Wizard opens, click Next to bypass the wizard's Welcome screen. You will now see a screen asking if you would like to create a new answer file or modify an existing one. Choose the option to create a new answer file, and click Next to continue.
The wizard will now ask you what type of deployment you plan on performing. Since our goal is to use our script to completely automate the Setup process, choose the Unattended Setup option and click Next to continue. You will now see a screen asking which operating system the script will be used to deploy. For the purposes of this article, select the Windows XP Professional option and click Next to continue.
As you will recall, earlier in the process, we told Setup Manager that we wanted to perform an unintended Setup. Even though we specified an unattended Setup, we must now tell Setup how much user interaction we want to have. This screen, shown in Figure A, offers a lot of different options.
Choose the Fully Automated option and click Next to continue.
By default, the script will fill in the various Setup prompts, and the user will be free to change any of the Setup options as they see fit. Since secure installations are one of our goals, using this option is a bad idea. Instead, I recommend using the Fully Automated option. In theory, if you specify a fully automated installation, you should be able to launch the installation process, walk away, and come back an hour later to a fully installed copy of Windows. As you will see later, things aren't quite that simple.
At this point, you will see a screen asking if you would like to create a distribution share. The idea behind a distribution share is that you can set up a network share point and copy all of the Windows installation files to it. Using a distribution share somewhat complicates things though because the CD must be able to access the distribution share.
Of course if the PC does not currently have an operating system installed, it doesn't have an easy way of gaining access to the distribution share. To avoid the complications of a PXE boot, just choose the Setup from CD option for now, and click Next to continue.
The next screen that you see asks you to accept the Windows end user license agreement. Select the I Accept The Terms Of The License Agreement option and click Next to continue. Now you start getting into the real meat of the Setup Manager. From this point forward, the Setup Manager asks you the same types of questions that you would normally be asked if you ran Setup manually. Most of the information that you will be asked to fill in is rather straightforward, so I won't bore you by going into an exhaustive amount of detail on every option. However, some of the Setup questions are machine specific and I will go into those questions in more detail.
The next screen that you will encounter is one of those machine specific screens. It asks for the user's name and organization. Since the script that we are creating will be used for multiple users, we definitely don't want to enter a user name. Instead, I recommend just entering the company name in both fields.
Click Next, and you will be prompted to select a color palette, a screen resolution, and a monitor refresh rate. Technically, you can just choose to use the default options if you want. In my opinion though, if you are only going to be using the script to set up new PCs, then you can be pretty sure that any PC that you buy is going to support 1280 x 1024 resolution. I tend to think that you are pretty safe selecting this resolution rather than going with the Windows default. The color palette is a matter of personal preference, but I recommend going with the Windows default on the refresh rate unless you have a specific reason for changing it.
Click Next and you will be prompted to select the appropriate time zone. Make your selection, click Next, and you will be asked to enter a product key. Whatever product key you enter will be assigned to all of the computers that you setup using the script. You must therefore make sure that you use a product key that is authorized to be used on multiple PCs. You must also make sure that you have enough licenses to cover you on all of the computers that you plan on setting up.
The next screen that you will encounter prompts you for a computer name. As you probably know, every computer on the network has to have a unique name. This causes a bit of a problem since whatever name you enter will be assigned to every computer that you run the script against. Fortunately, Microsoft has provided a couple of ways that you can get around this little dilemma.
One way of achieving unique computer names is to have the script to assign a random computer name to each machine. Using random computer names is effective, but it can make management difficult later on. For example, suppose that you found out that a computer named XJ5GGM was having problems. How would you know which computer was using this name?
The other way of getting around the computer name issue is to import a list of computer names. The idea here is that you can create a text file containing all of the computer names that you want to use. You would then import the list into the Setup Manager wizard, and Setup manager would use the names in sequence. This option allows you to assign more meaningful names to the machines, but you may find yourself having to perform the installations in a specific order. You may also find that using a list of names makes it difficult to perform simultaneous installations. Of the two options, I tend to prefer using random computer names because doing so is less complicated than using a list of predetermined names.
The following screen prompts you to enter a local administrator password for the machines. Whatever password you use, be sure to use the encryption option so that the password won't be visible in plain text in the script file.
The following screen allows you to specify which networking components are going to be installed. Again, every machine needs to have a unique IP address. I therefore strongly recommend that you have a DHCP server in place prior to using the script, and that you use the Typical Settings option so that IP addresses will be assigned by the DHCP server.
The last network related Setup screen asks if you want to make the computer a part of a workgroup or a domain. In most cases, you will probably want to join a domain. If that's the case, be sure to select the option to create a computer account in the domain. You will also have to enter the credentials for a domain administrator with the authority to add computers to the domain. Unfortunately, the Setup Manager does not provide you with an option for encrypting the Administrator's credentials.
Now that Setup Manager has finished asking you about the network configuration, it's time to give it some more specific information about the way that you want to setup your computers. The first screen that you encounter in this section asks about the computer's modem configuration. Enter the region, area code, etc. and click Next.
The next screen that you will encounter asks whether you want to specify any regional settings. In most cases, you will want to just accept the default options and click Next. You will now see a screen asking you if you want to install any additional languages. Unless your office is multilingual, just click Next.
The next screen that you will see asks you want to use the default Internet Explorer settings. Personally, I recommend choosing the option that allows you to specify a proxy and default home page. You can then click the Browser Settings button and specify the home page, search page, and help page. You can even add pages to the favorites if you want. The reason why I recommend doing this is because it allows you to specify your company's Web site instead of having Internet Explorer default to MSN.
Click next and you will be asked which folder Windows should be installed into. Generally, you will just want to install Windows into the Windows folder. Click next to continue. You will now be asked if you would like to install any network printers. If you do decide to install some printers, then you should know that the only thing that the Setup Manager lets you do is to specify the path to the printer. You are not given the chance to load a driver. Of course if the printer is hosted on a Windows Server, then the workstation is usually able to download the driver directly from the server.
The last two screens give you the opportunity to run additional commands from the script. We'll cover these screens in detail in an upcoming article. Finally, Setup prompts you for the path and filename that you want to use for the script. Enter a filename, click OK, and the script will be created.
When Setup Manager creates the script, it actually creates two different files. One file is the script itself. The other file is a batch file that is designed to run Windows Setup and call the script. The batch file accomplishes this by running the WINNT32 command with the /S and the /UNATTENDED parameters. The /S parameter lets you specify the location of the Windows Setup files. The /Unattended parameter allows you to specify the Setup file. In this case the Setup file is our script.