Have you ever stopped to think about how much the act of
installing the Windows operating system has changed over the years? When
Windows 3.1 was the king of the hill, the installation process involved
answering a couple of quick questions and then swapping a bunch of floppies.

Today though, the whole installation process is a lot
different. On the up side, swapping floppies is a thing of the past. On the
down side, the installation itself tends to be a lot more complicated than it
used to be. Don’t get me wrong; installing Windows is simple. Anybody with
minimal computer skills can install Windows. The tricky part is to install
Windows in a way that is compliant with your corporate security policy.
Typically this means adjusting a lot of settings once the installation
completes, and hoping that you aren’t forgetting anything.

This type of manual system deployment is considered to be
bad practice though in all but the smallest organizations. Manual deployments
are time consuming and they are risky from a security standpoint. It is usually
better to automate the deployment of new systems than to attempt to load
Windows manually every time a new computer is added to the network. There are
lots of different ways that you can automate a Windows deployment. One of the
most effective techniques involves creating a remote installation script. In
this article series, I will show you how it’s done.

Setup Manager

Although you can create a remote installation script from
scratch if you really want to, I prefer to cheat. I like to use the Windows
Setup Manager to create a basic deployment script for me, and then modify the
script to meet my needs. For the purposes of this article, I will be using the
version of Setup Manager that comes with Windows Server 2003 Enterprise
Edition. Although I am using the Windows Server version of Setup Manager, I
will be creating a script that can be used to deploy Windows XP Professional.

When you install Windows Server 2003, Setup doesn’t install
Setup Manager. Instead, you will have to extract Setup Manager from the Windows
Server installation CD. To do so, insert your Windows Server 2003 installation
CD and navigate to the CD’s Support\Tools folder. Now, double click on the
DEPLOY.CAB file to reveal the files that it contains. Finally, select all of
the files contained in the DEPLOY.CAB file and copy those files to an empty
folder on your hard disk.

Running Setup Manager

Now that you have extracted the necessary files, it’s time
to use the Setup Manager to build a basic automated deployment script. Begin
the process by double clicking the SETUPMGR.EXE file. Doing so will launch the
Setup Manager. The Setup Manager uses a wizard to guide you through the process
of creating the script.

When the Setup Manager Wizard opens, click Next to bypass
the wizard’s Welcome screen. You will now see a screen asking if you would like
to create a new answer file or modify an existing one. Choose the option to create
a new answer file, and click Next to continue.

The wizard will now ask you what type of deployment you plan
on performing. Since our goal is to use our script to completely automate the
Setup process, choose the Unattended Setup option and click Next to continue.
You will now see a screen asking which operating system the script will be used
to deploy. For the purposes of this article, select the Windows XP Professional
option and click Next to continue.

As you will recall, earlier in the process, we told Setup
Manager that we wanted to perform an unintended Setup. Even though we specified
an unattended Setup, we must now tell Setup how much user interaction we want
to have. This screen, shown in Figure A, offers a lot of different options.

Figure A

Choose the Fully Automated option and click Next to continue.

By default, the script will fill in the various Setup
prompts, and the user will be free to change any of the Setup options as they
see fit. Since secure installations are one of our goals, using this option is
a bad idea. Instead, I recommend using the Fully Automated option. In theory,
if you specify a fully automated installation, you should be able to launch the
installation process, walk away, and come back an hour later to a fully
installed copy of Windows. As you will see later, things aren’t quite that

At this point, you will see a screen asking if you would
like to create a distribution share. The idea behind a distribution share is
that you can set up a network share point and copy all of the Windows
installation files to it. Using a distribution share somewhat complicates
things though because the CD must be able to access the distribution share.

Of course if the PC does not currently have an operating
system installed, it doesn’t have an easy way of gaining access to the
distribution share. To avoid the complications of a PXE boot, just choose the
Setup from CD option for now, and click Next to continue.

The next screen that you see asks you to accept the Windows
end user license agreement. Select the I Accept The Terms Of The License
Agreement option and click Next to continue. Now you start getting into the
real meat of the Setup Manager. From this point forward, the Setup Manager asks
you the same types of questions that you would normally be asked if you ran
Setup manually. Most of the information that you will be asked to fill in is
rather straightforward, so I won’t bore you by going into an exhaustive amount
of detail on every option. However, some of the Setup questions are machine
specific and I will go into those questions in more detail.

The next screen that you will encounter is one of those
machine specific screens. It asks for the user’s name and organization. Since
the script that we are creating will be used for multiple users, we definitely
don’t want to enter a user name. Instead, I recommend just entering the company
name in both fields.

Click Next, and you will be prompted to select a color
palette, a screen resolution, and a monitor refresh rate. Technically, you can
just choose to use the default options if you want. In my opinion though, if
you are only going to be using the script to set up new PCs, then you can be
pretty sure that any PC that you buy is going to support 1280 x 1024
resolution. I tend to think that you are pretty safe selecting this resolution
rather than going with the Windows default. The color palette is a matter of
personal preference, but I recommend going with the Windows default on the
refresh rate unless you have a specific reason for changing it.

Click Next and you will be prompted to select the
appropriate time zone. Make your selection, click Next, and you will be asked
to enter a product key. Whatever product key you enter will be assigned to all
of the computers that you setup using the script. You must therefore make sure
that you use a product key that is authorized to be used on multiple PCs. You
must also make sure that you have enough licenses to cover you on all of the
computers that you plan on setting up.

The next screen that you will encounter prompts you for a
computer name. As you probably know, every computer on the network has to have
a unique name. This causes a bit of a problem since whatever name you enter
will be assigned to every computer that you run the script against.
Fortunately, Microsoft has provided a couple of ways that you can get around
this little dilemma.

One way of achieving unique computer names is to have the
script to assign a random computer name to each machine. Using random computer
names is effective, but it can make management difficult later on. For example,
suppose that you found out that a computer named XJ5GGM was having problems.
How would you know which computer was using this name?

The other way of getting around the computer name issue is
to import a list of computer names. The idea here is that you can create a text
file containing all of the computer names that you want to use. You would then
import the list into the Setup Manager wizard, and Setup manager would use the
names in sequence. This option allows you to assign more meaningful names to
the machines, but you may find yourself having to perform the installations in
a specific order. You may also find that using a list of names makes it
difficult to perform simultaneous installations. Of the two options, I tend to
prefer using random computer names because doing so is less complicated than
using a list of predetermined names.

The following screen prompts you to enter a local
administrator password for the machines. Whatever password you use, be sure to
use the encryption option so that the password won’t be visible in plain text
in the script file.

The following screen allows you to specify which networking
components are going to be installed. Again, every machine needs to have a
unique IP address. I therefore strongly recommend that you have a DHCP server
in place prior to using the script, and that you use the Typical Settings
option so that IP addresses will be assigned by the DHCP server.

The last network related Setup screen asks if you want to
make the computer a part of a workgroup or a domain. In most cases, you will
probably want to join a domain. If that’s the case, be sure to select the
option to create a computer account in the domain. You will also have to enter
the credentials for a domain administrator with the authority to add computers
to the domain. Unfortunately, the Setup Manager does not provide you with an
option for encrypting the Administrator’s credentials.

Now that Setup Manager has finished asking you about the
network configuration, it’s time to give it some more specific information
about the way that you want to setup your computers. The first screen that you
encounter in this section asks about the computer’s modem configuration. Enter
the region, area code, etc. and click Next.

The next screen that you will encounter asks whether you
want to specify any regional settings. In most cases, you will want to just
accept the default options and click Next. You will now see a screen asking you
if you want to install any additional languages. Unless your office is
multilingual, just click Next.

The next screen that you will see asks you want to use the
default Internet Explorer settings. Personally, I recommend choosing the option
that allows you to specify a proxy and default home page. You can then click
the Browser Settings button and specify the home page, search page, and help
page. You can even add pages to the favorites if you want. The reason why I
recommend doing this is because it allows you to specify your company’s Web
site instead of having Internet Explorer default to MSN.

Click next and you will be asked which folder Windows should
be installed into. Generally, you will just want to install Windows into the
Windows folder. Click next to continue. You will now be asked if you would like
to install any network printers. If you do decide to install some printers,
then you should know that the only thing that the Setup Manager lets you do is
to specify the path to the printer. You are not given the chance to load a
driver. Of course if the printer is hosted on a Windows Server, then the
workstation is usually able to download the driver directly from the server.

The last two screens give you the opportunity to run
additional commands from the script. We’ll cover these screens in detail in an
upcoming article. Finally, Setup prompts you for the path and filename that you
want to use for the script. Enter a filename, click OK, and the script will be

When Setup Manager creates the script, it actually creates
two different files. One file is the script itself. The other file is a batch
file that is designed to run Windows Setup and call the script. The batch file
accomplishes this by running the WINNT32 command with the /S and the
/UNATTENDED parameters. The /S parameter lets you specify the location of the
Windows Setup files. The /Unattended parameter allows you to specify the Setup
file. In this case the Setup file is our script.