Thursday, August 10, 2006

RIS 2003 Documentation

I will need to document our RIS server environment and I don't want to forget about these websites.

http://web.mit.edu/ist/topics/windows/server/winmitedu/whatsRIS.htm

http://bink.nu/Forums/ShowPost.aspx?PostID=1684

I really felt I had to copy the text from un4given1. I didn't like the format on the webpage and I was concerned that the information may be lost. I don't have a way to contact un4given1 but I give this person full credit for this post.





I have been working with RIS for almost 2 years now and I concider myself somewhat of a seasoned pro so I would be more than happy to help anyone who has questions. I figured I would get this section off to a good start, so kick back and relax and get ready for a really long thread.I will start with a page that I am working on...-----------------------------------------------------
Introduction to RIS

There are many ways to deploy Operating Systems. Manual CD installs, image-based installations, network unattended installs and CD unattended installs are amongst a few of them. Each offering positives and negatives for their use. One other option is Remote Installation services, or RIS for short.

Lets first talk about Manual CD installation. It is obvious why this installation method is the least preferred. Such an installation requires constant user interaction. This is valuable time wasted especially when you have a need for a large volume of PCs.

Image-based installations offer a good amount of positives. With image based installations such as Ghost or DriveImage you can build a PC and configure it will all of your software. You then create the image and burn it to disk. The negatives of this would be that you would have to recreate an image and re-burn it to disk each time you needed to make a change. There is also a good amount of administration that needs to be done with image-based installations, such as using a utility to change the SID and computer name. One other negative point is that an image may only work with one hardware configuration.

Some imaging software does give you options to run “mini-setup” programs but since I am not all to familiar with image-based installations I can not comment on such programs. CD unattended installations give you all of the options that a manual CD installation offers but allows

you to create an answer file which holds the answers to all of the questions the setup wizards ask. You

can automate in installation of software through using a cmdlines.txt file and the GuiRunOnce options in

the answer file, but you are limited to the size of a CD minus how much Windows takes up. A negative

point would be that as with image-based installations, you have to recreate a CD each time you want to

add or remove an item.

Network installations offer the same positives and negatives as CD unattended installations with the

exception of size limitations and the need to burn the information to a CD.

Remote Installation Services allows you to do everything that all of the other methods offer and much

more. RIS allows you to install an operating system without any interaction and install programs

through the use of the same methods as a CD or network based unattended installation. RIS also allows

you to add a computer to a domain without having to save your password information into the answer file.

RIS can be updated without recreating the image. There really aren’t any disadvantages to using RIS.

Remote Installation Services can be used many ways. You can create images using RIPrep, which in my

opinion is an unpreferred method since it must be recreated each time you make a change. You can use a

base image and through cmdlines.txt, GuiRunOnce, and batch scripting you can accomplish almost anything.

This is the method that I will focus on.

Prerequisites for Remote Installation Services

Remote Installation Services is only available on Windows 2000 Server and Windows 2003 Server. It

cannot be installed on the same drive or partition that Windows is installed on. The drive must be

formatted with the NTFS file system and must have enough space to hold at least one full image of

Windows 2000 or Windows XP. I recommend that you have at least 3 gigabytes, this way you accommodate

for a working image, a test image and space for any software you may want to include.

Remote Installation Services also requires other available services. These services can be run locally

on the RIS server or as part of your network domain. These services include Active Directory, DHCP

(Dynamic Host Configuration Protocol), and DNS (Domain Name Service).

Installing Remote Installation Services

Before you will be able to use RIS you will need to install the necessary components. The following

instructions will show you how to install Remote Installation Services.

1. Log into the Windows 2000/2003 Server you would like to use for your Remote Installation

Services as an administrator.
2. For Windows Server 2000: click Start, Settings, and Control Panel.
For Windows Server 2003: click Start, Control Panel, Add/Remove Programs then skip to step 4.
3. Double-click on Add/Remove Programs.
4. Double-click on Add/Remove Windows Components.
5. Select Remote Installation Services and click Next.
6. Insert your Windows Server 2000 or 2003 CD into your CD drive.
7. Click Finish to exit the Windows Components wizard.
8. When you are prompted to restart your server click Yes.

Configuring Remote Installation Services

The steps you followed minutes ago installed the necessary service, but without an image and other

changes you will be unable to use RIS. So, here we go.

1. Click Start, Run, enter RISetup.exe and click Open.
2. You will be prompted with the Remote Installation Services Setup Wizard dialogue box. Click

Next to continue.
3. You will be prompted to the drive and directory where you would like RIS to install it’s files.

Enter the drive and directory you would like to use, keeping in mind that you may not use the system

drive, and click Next.
4. In the next dialogue box you will be prompted with the options of Respond to clients requesting

service and Do not respond to unknown client computers. My recommendation is to choose the first

option. You can control who is allowed to use the services through permissions and delegated control.

If you choose the second option a PC must be pre-staged within Active Directory in order to connect to

the RIS server. Pre-staging PCs requires you to enter a GUID from each PC into Active Directory and

give it a computer name. Unless you are running another network based PXE (Pre-eXecution boot

Environment) you should have no need to use the second option. Make your selection and click Next.
5. You will be prompted for the location of your Windows 2000 or Windows XP installation files.

Contrary to information on Microsoft’s site stating that RIS works only with Windows 2000, it also works

with Windows XP and now in Windows Server 2003 support for Server operating systems has been included.

Insert your Windows 2000 or Windows XP CD into the drive. Enter the location of the CD and click Next.

IMPORTANT: Please be aware of licensing when creating an image. An image should be created with an

enterprise edition of Windows 2000 or XP. A retail or OEM installation disk may work with other retail

or OEM installation license keys but you should be careful not to include the license key in the answer

file. Unfortunately this will require a manual step, but it is always necessary to maintain license

compliance with Microsoft. I can not be held responsible for abuse of the aforementioned choices.
6. You will now be prompted to enter the name of the directory for which you will want to save

these installation files. You can name the directory anything you wish but you should not use spaces.

I recommend, as it is recommended by Microsoft as well, that you name the directory in a method such as

“win2000.pro” or you can take it one step further and use names such as “w2k.sp4.production” or

“wxp.sp1.test” Depending on how many images you create you will find that it’s important to have a good

naming scheme for the images. Enter the name of the directory you wish to use and click Next.
7. You will be prompted to enter a description of the image you are creating. This description

will be shown during the RIS setup screens on the client PC when the image is highlighted. Be as vague

or as detailed as you would like. Click Next to continue.
8. You will be prompted now with a dialogue box showing all of the choices you made. Click Finish

to accept these options and continue.
9. You will have to wait while RIS completes it’s tasks and creates the image by copying the

complete contents of the CD to it’s drive. This can take awhile. When it is finished click Done.

Authorizing Remote Installation Services in Active Directory

Well, you probably thought you were just about done. You were wrong. Before you can use the images you

just created you have to authorize RIS in Active Directory. The following changes must be made as a

domain administrator of the root domain that the RIS server will be servicing. They can be made from

the DHCP server or using the snap-ins on any other server, or available by installing the administrator

tool package located on your Windows 2000 or Windows XP CD as “adminpak.msi” It is not necessary to

complete these next steps if your DHCP server is also your RIS server.

1. Click Start, Programs, Administrative Tools and then DHCP.
2. Right click on DHCP in the top left of the window.
3. Select Manage Authorized Servers.
4. Click Authorize.
5. Enter the DNS or IP address of your RIS server and click OK.
6. Click Yes to verify that the DNS or IP address you entered is correct.

The changes you have just now made enable RIS to respond to client PCs that request it’s service.

User Permissions in Active Directory

In order for users to use RIS to install an operating system they must have the rights necessary to use

RIS. These rights would include the ability to join a computer to the domain. If you will not be

joining the PC to your domain you may skip the following steps.

1. Click Start, Programs, Administrative Tools and then Active Directory Users and Computers.
2. Right click on the domain name at the top left and select Delegate Control.
3. The Delegation of Control Wizard will begin. Click Next to continue.
4. Click Add.
5. Enter the name or group name you wish to delegate control to and click OK.
6. Click Next.
7. Select the radio box Delegate the following common tasks and then select Join a computer to the

domain.
8. Click Next.
9. Click Finish to exit the wizard.

At this point you are now able to use RIS. The image you created earlier will be the only image

available at this time and until you have edited the answer file it will act in the same manor as a CD

install.
--------------------------------------------

Now... that is just the setup of a RIS server... I could tell you how to use it but I think it's more

important to configure it first, so I will take some time to show you my method for that...

--------------------------------------------

First I start by creating an $OEM$ directory in the image directory, adjacent to the i386 directory. In

this I create three directories, $1, $$, and SOFTWARE. Within the $1 directory I create a directory

called FILES. Within that directory I create a directory for hotfixes with the 4 types of hotfixes each

having a directory (1,2,3,4). I will explain the different types a little later. Then I throw in

directories for programs I want to install during the build, such as acrobat reader and shockwave/flash

player. Throw anything into the $$ directory that you want to include in your %windir% and you can even

create sub directories. I then create a SOFTWARE directory that any software that is installed during

the cmdlines.txt is copied. So the directory structure will look a bit like this..

i386
$OEM$
-$1
--files
---hotfixes
----1
----2
----3
----4
---acroread
---swfp
-$$
-SOFTWARE

Now, you ask, "What do I do now?"

Well, all of those directories are useless without the files necessary so here we go..

In the $OEM$ directory you want to create a file called CMDLINES.TXT The format in the file will be

something like this...

------------
[commands]
".\software\ieak\ie6setup.exe /q:a /r:n"
------------

That would install your internet explorer administration kit during the 13 minute mark in GUI setup mode

for Windows XP. You can add any other commands that you would like.

For the example above you would need to copy the IEAK files to the IEAK directory under the SOFTWARE directory.

The $1 directory will be the root of the C drive (RIS does not allow you to do much with formatting and partitioning). In this directory you want to create a command script file that you will launch from the [GuiRunOnce] in the SIF file. So, lets assume that you want to install Service Pack 1 when the system starts for the first time. You would copy the SP1 file to the $OEM$\$1\files\SP1 directory. You would then create a CMD file to launch this... like this...

-----------
@echo off
echo Installing Service Pack 1
start "" /wait "c:\files\SP1\wxpsp1a.exe -u -z -q"
echo -completed
shutdown -r -t 10 -f -c "The system is restarting"
-----------

But what I usually do in this case is add an item that will write to the RunOnce regkey for when the PC restarts again, so that I can kick off hotfixes... You can do that by adding this item before the shutdown command...

-----------
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v hotfixes /t REG_SZ /d "c:\files\hotfixes.cmd"
-----------

What is HOTFIXES.CMD, you ask? It's a script to run all of your current hotfixes... and here it is...

-----------
@echo off
TITLE Hotfix Installation Script - by Donald Freeman
echo Collecting list of current hotfixes...
echo @echo off>>c:\hotfixes\hotfixinst.cmd
echo echo Please wait while current hotfixes are being installed. This may take awhile!!!>>c:\hotfixes\hotfixinst.cmd

for /f %%i IN ('dir c:\hotfixes\1 /b') Do @echo start "" /wait c:\hotfixes\1\%%i /passive /norestart>>c:\hotfixes\hotfixinst.cmd
for /f %%i IN ('dir c:\hotfixes\2 /b') Do @echo start "" /wait c:\hotfixes\2\%%i /q /r:n>>c:\hotfixes\hotfixinst.cmd
for /f %%i IN ('dir c:\hotfixes\3 /b') Do @echo start "" /wait c:\hotfixes\3\%%i -u -n -z>>c:\hotfixes\hotfixinst.cmd
for /f %%i IN ('dir c:\hotfixes\4 /b') Do @echo start "" /wait c:\hotfixes\4\%%i /C:"dahotfix.exe /q /n" /q>>c:\hotfixes\hotfixinst.cmd

echo echo - Completed>>c:\hotfixes\hotfixinst.cmd
echo - Completed
echo.
CALL c:\hotfixes\hotfixinst.cmd
shutdown.exe -r -t 15 -f -c "PC must reboot to make changes. This is part of the unattended installation. Please do not disturb."
:end
------------

Now, for the explanation of the different hotfix types...

type 1 is only used by the new XP rollup package. It's unattended switches are "/passive /norestart" This will allow you to view the install progress and it will be unattended.

type 2 is used by many packages and uses the switches "/q /r:n" This will also allow for you to view it's progress and allow for unattended install.

type 3 is used by many packages as well and uses the switches "-u -n -z" This will allow for all of the same as the above two.

type 4 is used by packages such as MDAC and others and uses the switches "/C:"dahotfix.exe /q /n" /q" Same as the above...

By placing the correct hotfixes in the correct directories (you can determine it's switches by typeing hotfix_name /? in a command window (where hotfix_name) is the name of the hotfix. You will learn to know the difference after you have done it a couple times.

The above will make your PC reboot once again. You can continue to write items to the RunOnce key and reboot the PC as many times as you would like (my build has 4 reboots, but that's just me...)

OK now... what about the programs such as acrobat reader and flash player? Well, I drop the EXEs into thier corresponding directories and create a CMD file in the $OEM$\files\ directory that includes the unattended switches for that file... such as this...

----------
@echo off
echo Installing Acrobat Reader 5.1...
start "" /wait c:\files\acroread\setup.exe
reg add "HKLM\Software\Adobe\Acrobat Reader\5.0\AdobeViewer" /v EULA /t REG_DWORD /d 00000001
echo - Completed
echo.
----------

The "reg add" key accepts the license agreement.

Well, in order for you to install this you have to call it at some point right? You can decide the point and just call the following file which will scan the directory for files in it and launch each of them in alphabetical order (I usually put numbers at the beginning of the files to control order.. if your hotfixes files is part of this directory it will call it, and you can do away with the call script I spoke of earlier and input this following script instead)

----------
for /f %%g IN ('dir c:\files\*.cmd /b') Do @echo CALL c:\files\%%g>>c:\RISinstalls.cmd
CALL c:\RISinstalls.cmd
----------

This will gather the names of the files in the c:\files directory and launch each.

Ok, so it's always a good idea to clean all of the files off when you are done so you would need to add a script to delete any temporary files and directories you have. Thats easily accomplished using the RD /q /s command.

OK.. I know that this is spotty and some things may be missing, but it is getting late so I am going to conclude this addition. Please let me know if you have any questions, comments or suggestions!

Later!