May 14, 2011, 4:42 p.m.
posted by nil
Get Started with RIS
Remote Installation Services (RIS) is a complex but powerful tool for deploying Windows images. Here's a guide to getting started with it.
In the past, with the many flavors of Windows, there were many ways of configuring and deploying Windows to client machines. Such automated and customized methods included imaging with a tool such as GHOST or scripting with answer files and VBScript or other automation tools to deploy silently and without user intervention. Or, you could make one image on a hard drive and use a hard-drive-cloning device to copy the image to multiple hard disks at once. The technology and methodologies for deploying a customized Windows operating system to client workstations has matured over the years, but not quite to the plug and play capability we would all like to see.
As part of Microsoft's change and configuration-management initiative, they developed a service included with Windows 2000 called Remote Installation Service (RIS). RIS supports deploying both automated and customized versions of Windows 2000 and XP Professional to clients that support the PXE/DHCP-based remote technology for remotely installing the operating system on the client computer over the network. The intention that Microsoft was communicating to the corporate technologists when they were developing Windows 2000 was that you could basically plug a new computer into the network, start the computer, authenticate, and the operating system would be installed and configured for the user within a short matter of time.
With a little bit of work, it actually does just that.
Not only can you deploy images of Windows 2000 and XP through RIS, but with a tool developed by 3Com (http://www.3com.com/en_US/lanworks/index.html) you also can deploy BIOS updates, other applications, Windows 2000 Server images, and so on. RIS is customizable and flexible; you can modify the Client Installation Wizard to prompt users for information, pass information to setup answer files, and populate environment variables with information. You can deploy disk images with RIS, but I recommend the scripted, silent-installation approach, because it is more customizable. I successfully use RIS in my office to deploy a customized Windows XP Professional image, and it saves me a lot of time.
Think of RIS as a network-based boot disk. The client workstation boots onto the network and obtains an IP address from a DHCP server and the location of the RIS server, RIS verifies the client is a known client, and then the Client Installation Wizard appears. It is similar to using a boot disk with NDIS drivers, a custom menu, and prompts via autoexec.bat or some other script called on the disk.
Requirements for RIS
So, what do you need to get started with RIS? First, you need a PXE-compliant (PXE stands for Pre-Boot Execution Environment) network card and system BIOS that supports setting the LAN as a bootup device. Most network cards today—such as ones from Intel, 3Com, SMC, and RealTek—support PXE. For those workstations that are not compliant, you can create a bootable disk with a PXE emulator by using a tool that accompanies RIS. Next, you need a Windows 2000 server that is a member of an Active Directory-enabled domain. Active Directory is required, because it provides client authentication and configuration information for the RIS server and RIS also stores its configuration information within Active Directory. Obviously, you need TCP/IP, because it is the basic networking protocol required for a Windows 2000 network. Finally, you need a Windows 2000-compliant DNS server, so that an RIS server can locate an Active Directory controller, and a DHCP server to assign TCP/IP addresses to clients, allowing them to communicate with a RIS server.
The hardware requirements for your RIS server are dependent on how many clients will be supported within your environment. How well RIS performs when deploying Windows to clients depends on the hardware configuration of your RIS server—in particular, the disk subsystem, memory, and networking components of your RIS server. Let's consider each of these briefly:
- Disk subsystem
Storage space for each operating system image you want to deploy must be taken into account, because the size will vary depending on the level of customization, size of images and applications included with each image, and so on. The RIS installation point cannot be on the same volume that the operating system and/or boot files are on. It must be installed on a separate dedicated volume.
In addition to the memory allocated to the operating system, allocate additional memory for the RIS service. Microsoft recommends a minimum of 128 MB for Windows 2000 Server, but I recommend 512 MB for the services and functions this server will be providing, as well as the number of clients it might be supporting.
- Networking components
A network adapter running at 100 Mbps full duplex is best. If you are supporting a large client base, you might want to have two 10/100 adapters. Solid network connectivity between client and server is important, and you must consider your network topology when planning a RIS implementation.
As with other Microsoft services you provide on your network, proper planning will help you to determine the configuration of your RIS server, how many you may need, and the placement of them. RIS can run on a member server that provides other services on your network; you just need to determine the impact and whether additional hardware is required to support the additional services.
Services associated with RIS
RIS relies on three services to provide the capabilities it offers:
- Boot Information Negotiation Layer (BINL)
The BINL service listens for and answers client DHCP requests (PXE). It also services Client Installation Wizard requests. BINL directs the client to the files needed to start the installation process. This service also checks Active Directory to verify credentials, determine whether a client needs a service, and determines whether to create a new computer account object or reset an existing one on behalf of the client.
- Trivial File Transfer Protocol Daemon (TFTPD)
An RIS server uses Trivial File Transfer Protocol (TFTP) to download the initial files needed to begin the remote installation process to the client. These files include the Client Installation Wizard and all files needed to start Windows 2000 setup. The first file downloaded to the client using TFTP is Startrom.com, a small bootstrap program that displays the Press F12 for Network Service Boot prompt. If F12 is pressed within three seconds, the Client Installation Wizard (OSChooser) is downloaded to begin the remote installation process. When it resides on the server side, this service is called the Trivial File Transfer Protocol Daemon (TFTPD). When it resides on the client, it is simply called TFTP.
- Single Instance Store (SIS) or Groveler
The SIS services consist of an NTFS filesystem filter and a service that acts on the volume on which the RIS images are kept. SIS services reduce the storage requirements needed to store these images by combining duplicate files.
On Windows 2000 Server, go to StartSettingsControl Panel. Double-click Add/Remove Programs, and then double-click Add/Remove Windows Components. Scroll down, choose Remote Installation Services, and then click Next. Insert the Windows 2000 Server CD-ROM into the CD-ROM drive and click OK. The necessary files are copied to the server. Click Finish to end the wizard. When you are prompted to restart your computer, click Yes. When the server has restarted, log on to the computer with an account that has administrative privilege.
I recommend you always apply the latest service pack for Windows 2000, because it might have fixes or enhancements to RIS. For example, Service Pack 3 includes support for deploying Windows 2000 Server and Windows XP Professional (the original RIS supported deploying Windows 2000 Professional only) and resolves networking issues with RIS clients and installation issues (such as RIS clients hanging during setup). There are also specific hotfixes for RIS, but these are available only if you are experiencing the specific issue and they require a call into Microsoft support to obtain the update.
The directory structure of RIS is flexible; it is designed to support many different languages and hardware platforms. The following directories are created for the RIS service during installation.
This directory contains all of the files needed by the client installation wizard. As noted, the OSChooser directory supports many different types of hardware platforms and languages. However, only the x86 platform is supported for RIS in Windows 2000.
This directory contains the images that have been installed on the RIS server. Notice that the existing operating system images also contain a corresponding Templates directory, which contains the SIF file used for unattended installation of the operating system on the client computer. The SIF file also contains the friendly description string and specific image details that are displayed to end users of the client installation wizard and in the Tools tab within the administrative UI. Note that for an image to be displayed in both the administrative UI and the client-installation-wizard UI, it must contain an associated *.sif file template.
This directory contains tools that are designed to support deployment through RIS, such as BIOS updates, virus tools, and so on.
To set up RIS after installation, go to the command prompt or StartRun and type RISETUP.EXE to start the Remote Installation Service Setup Wizard. Follow the instructions on the screen. It will guide you through configuring RIS, and the last step will be to create an image of your Windows 2000 Server/Professional or Windows XP Professional from the CD. I won't get into detail here, because it is a straightforward process, but see Microsoft Knowledge Base article Q298750 (http://support.microsoft.com/default.aspx?scid=kb;en-us;298750) for any assistance you might need.
Once you complete the process of configuring RIS, the server must be authorized in Active Directory. This ensures that rogue servers with those services installed (either by accident or intentionally), will not impact or disrupt network operations. Log onto a domain controller in the root domain with Domain Administrator or Enterprise Administrator rights. Go to StartProgramsAdministrative Tools and click on the DHCP snap-in. Right-click DHCP in the upper-left corner of the screen, and then click Manage Authorized Servers. If the RIS server does not appear in the list, click Authorize and enter the IP address of the server.
Once you're finished setting up RIS, you can customize it to the needs of your own networking environment [Hack #63].