SQL Server Magazine

Deploying an OS in a large corporate environment is a challenge. Traditionally, organizations installed the OS and applications before delivering systems to users or sent technicians to users' desktops to install and configure workstations individually. Although some organizations ask the vendor to install a custom image when they purchase new systems, this approach doesn't always work because most large corporations require multiple configurations. In these organizations, IT professionals must continually manage users' computing environments, including upgrading and removing software.

Software and hardware vendors have tried to provide organizations with mechanisms for large-scale OS and application deployment. Microsoft has offered several solutions in the past few years (e.g., unattended install capability, Sysdiff). In Windows 2000 (Win2K), Microsoft offers new deployment and management tools under the Change and Configuration Management (CCM) umbrella. (For more information about Win2K's CCM features, see Mark Minasi, "Windows 2000 ZAW Update," August 1999.) You can use this set of features to deploy Win2K Professional (Win2K Pro).

Win2K Pro's CCM deployment features include Remote OS Installation via the Remote Installation Service (RIS) and Remote Installation Preparation (RIPrep) technologies, scripts, and IntelliMirror. These features let IT administrators use centrally administered policies to manage Win2K Pro users. To evaluate Win2K's deployment and management features, I used Win2K beta 3, build 2031, which was the latest build available at press time. For information about other new features in Win2K, see Mark Minasi, "Windows 2000 Overview," page 54.

Remote OS Installation
Remote OS Installation provides a mechanism for computers to connect to a network server during initial boot-up and lets the server send a local installation of Win2K Pro across the network to the computers. This feature uses as a remote source a Win2K Server-based computer running RIS.

RIS provides the network equivalent of a CD-ROM-based Win2K Pro installation or a preconfigured Win2K Pro desktop image. The CD-ROM-type installation works similarly to using the Unattended Install options on the Win2K Pro CD-ROM to set up a computer directly. However, this installation places source files on the Win2K servers and makes the files available on the network rather than storing them on the CD-ROM. The preconfigured desktop image installation lets a network administrator clone a standard Win2K-based corporate desktop image, complete with OS configurations, desktop customizations, and locally installed applications. Computers running Win2K Server then store the cloned image. On request, a server downloads this image to a new computer. The new computer's hardware doesn't have to be identical to that of the computer on which the administrator created the image because Win2K Pro's support for Plug and Play (PnP) can adjust for hardware differences.

RIS. RIS is a mechanism that lets you deploy Win2K Pro on desktop computers by connecting machines to a RIS server after the initial boot and download of an image over the network. A RIS server is a Win2K server that is a domain controller or a member server in an Active Directory (AD) domain. A RIS client is a computer that can boot remotely. RIS clients must support industry-standard Preboot Execution Environment (PXE) DHCP-based boot ROM version .99c or later. The PXE standard lets computers receive OS images and installations over a network.

If your organization doesn't have PXE boot ROM computers, you can use PCI NICs that mimic PXE boot ROM. You use the Remote Boot Floppy Generator utility (rbfg.exe) to create a remote installation boot disk in Win2K. This utility is in the \RemoteInstall\Admin \i386 folder. (For more information about PXE, see the sidebar "Preboot Execution Environment," page 78.)

The RIS process is simple. The PXE-compliant RIS client boots up and obtains an IP address from the DHCP server. The client also obtains the RIS server's IP address. The PXE protocol includes an extension of DHCP and uses several new DHCP Option tags, which ensure that the normal DHCP services aren't disturbed. When a PXE client boots up, it uses the DHCP protocol to request an IP address for itself and an IP address for a RIS server. The user booting the PC must then log on. AD verifies the user's credentials and gives the user a list of OS images and installation options.

A RIS server needs access to DHCP, DNS, and AD. The DHCP server lets remote-boot clients obtain IP addresses, the DNS server locates an AD server, and AD locates RIS clients and servers.

You can install RIS when you install Win2K Server, or you can use the Control Panel Add/Remove Programs applet to install the service later. The RIS server must have at least two partitions because the remote installation folder to which you copy the files can't be on the same partition as the OS. Furthermore, the folder must reside on an NTFS 5.0 partition.

After you install RIS, you need to authorize the RIS server to respond to client requests. Authorizing a RIS server is similar to authorizing a DHCP server in AD. You must grant the Create Computer Objects right to users who will install images on the clients' computers. You use the Active Directory Users and Computers console to grant this right. In the window that opens, right-click the domain name or the organizational unit (OU) in which you want users to create computer accounts, and use the Delegation of Control wizard to assign the custom task Create Computer Objects. Although the Remote OS Installation walk-through says the Logon as a batch job user right is required, this step is unnecessary in beta 3 and will be unnecessary in the final product. Unfortunately, the modifications you make to user rights at a domain controller don't take effect immediately. To apply the changes immediately, use the Secedit command. Go to a command prompt and type

secedit /refreshpolicy machine_policy

To configure a default OS image on the RIS server, go to a command prompt and type

RISetup

to start the Remote Installation Services Setup Wizard, which Screen 1 shows. This wizard creates the remote installation folder structure, copies Win2K files, creates the unattended setup answer file, and updates the Registry.

At press time, you could install only Win2K Pro with RIS. Microsoft hopes to support RIS deployment of Win2K Server in the future. For more information about RIS, see Mark Minasi, "Using Win2K's Remote Installation Service," September 1999.

   Prev. page   [1] 2     next page