Choosing Automated Deployment Options

41

FIGURE 2.2

Remote Installation Services (RIS) uses a RIS server and RIS clients.

The RIS clients access RIS servers through Dynamic Host Configuration Protocol (DHCP) to
remotely install the operating system from the RIS server. The network must have a DHCP
server, a Domain Name System (DNS) server, and Active Directory to connect to the RIS server.
No other client software is required to connect to the RIS server. Remote installation is a good
choice for automatic deployment when you need to deploy to large numbers of computers
and your clients are PXE compliant.
The RIS server can be configured with either of two types of images:


A CD-based image that contains only the Windows XP Professional operating system.
You can create answer files for CD-based images to respond to the Setup program’s
configuration prompts.


A Remote Installation Preparation (RIPrep) image that can contain the Windows XP
operating system and applications. This type of image is based on a preconfigured computer.

RIS installation is discussed in the “Using Remote Installation Services (RIS)”

section later in this chapter.

Advantages of RIS

supports PXE, or
• Net PC computer
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com

42

Chapter 2


Automating the Windows XP Installation

Disadvantages of RIS

The disadvantages of using RIS as a method for automating Windows XP Professional
installations include:


Can only be used if your network is running Windows 2000 Server or Windows Server
2003 with Active Directory installed.


The clients that use RIS must have a PXE-compliant network adapter or have a remote boot
disk that can be used with a PCI-compliant network adapter.


RIS images can be created only from the C: partition of a hard disk.


To perform an unattended install, the System Preparation Tool prepares the reference computer
by stripping away the

security identifier (SID)

, which is used to uniquely identify each com-
puter on the network. The System Preparation Tool also detects any Plug and Play devices that
are installed and can adjust dynamically for any computers that have different hardware installed.
If you are using disk-duplicator hardware, you create a reference computer, then use the System
Preparation Tool to create the image. You would then remove the drive that has the disk image
and insert it into a special piece of hardware, called a disk duplicator, to copy the image. The
copied disks are inserted into the target computers. After you add the hard drive that contains
the disk image to the target computers, you can complete the installation from those computers.
Figure 2.3 illustrates the disk-imaging process. You can also copy disk images by using special
third-party software.
When the client computer starts an installation using a disk image, a Mini-Setup Wizard will
execute. You can customize what is displayed on the Windows Welcome screen and the options
that are displayed through the Mini-Setup Wizard process, which query for information such as
username or time zone selection. You can also create fully automated deployments with disk
imaging through the use of answer files.
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com

Choosing Automated Deployment Options

43

FIGURE 2.3

Reference images can be copied across a network connection or through CDs that are
physically distributed to client computers.


By default, it does not perform full Plug and Play re-detection, which means that the Plug
and Play process that is run at the destination computer is greatly reduced (therefore, is
faster) compared to the standard Plug and Play detection process.

Disadvantages of the System Preparation Tool

The disadvantages of using the System Preparation Tool as a method for automating Windows
XP Professional installations include:


You must use either third-party imaging software or hardware disk-duplicator devices.
Duplicated
disk
Windows XP
Professional computer
Source
Windows XP
Professional computer
Target
Disk Duplicator
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com

44

Attended
Installation
Unattended
Installation RIS
System
Preparation Tool
Required Client Hardware

PC that meets Win-
dows XP Professional
requirements
PC that meets Win-
dows XP Professional
requirements, access
to the network
PC that meets the
Windows XP Profes-
sional requirements
that is PXE-compliant
or uses a remote
boot disk with a PCI-
compliant network
adapter
Reference computer
with Windows XP
installed and config-
ured, PC that meets
the Windows XP
Professional require-
ments, third-party

www.sybex.com

Accessing the Windows XP Professional Deployment Tools

45

Table 2.2 summarizes the unattended installation tools and files that are used with automated
installations of Windows XP Professional, the associated installation method, and a description
of each tool.

Accessing the Windows XP Professional
Deployment Tools

The Windows XP Professional installation utilities and resources relating to automated
deployment are located in a variety of locations. Table 2.3 provides a quick reference for each
utility or resource and its location.
TABLE 2.2 Summary of Windows XP Professional Unattended Deployment Utilities
Tool or File Automated Installation Option Description
Winnt32.exe or
Winnt.exe
Unattended installation Program used to initiate the unattended
installation process
Unattend.txt Unattended installation Answer file used to customize
installation queries
Setupmgr.exe Unattended installation
RIS (Remote Installation Services)
Sysprep (Disk Duplication)
Setup Manager utility, used to create
and modify answer files and distribution
folders

Setupmgr.exe Windows XP Professional distribution CD, \Support\Tools;
Setupmgr.exe must be extracted from the Deploy.cab file
RIS Server Included with Windows 2000 Server and Windows
Server 2003
Risetup.exe RIS Server
Riprep.exe RIS Server
Rbfg.exe \\RIS_Server\Reminst\Admin\I386\Rbfg.exe
EXERCISE 2.1
Extracting the Windows XP Deployment Tools
1. Log onto your Windows XP computer as Administrator.
2. Use Windows Explorer to create a folder named Deployment Tools on the root folder of
your C: drive.
3. Insert the Windows XP Professional CD. Using Windows Explorer, copy the \Support\
Tools\Deploy file (the .cab extension is hidden by default) to the C:\Deployment Tools
folder.
4. Double-click the Deploy.cab file to display its contents.
5. In Windows Explorer, select Edit  Select All. Then select File  Extract.
6. The Select a Destination dialog box appears. Select My Computer, Local Disk (C:), and then
Deployment Tools. Click the Extract button to extract the files to the specified folder.
7. Verify that the Deployment Tools were extracted to C:\Deployment Tools. There should
be 11 items (including the Deploy.cab file).
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com
Deploying Unattended Installations
47
Deploying Unattended Installations
You can deploy Windows XP Professional installations or upgrades through the Window XP
Professional distribution CD or a distribution server that has a network share of the \I386

/cmdcons Used to support the Recovery Console for repair of failed
installations.
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com
48
Chapter 2

Automating the Windows XP Installation
/copydir:folder name Used to create customized subfolders that can be used with
the Windows XP Professional installation. For example, if your
computer contains hardware that does not have drivers on the
Windows XP distribution CD, you can create a custom folder
called \Custom Drivers that contains the custom driver files.
/copysource:folder name Used to create a temporary subfolder for Windows XP Professional
files to be used during the installation process. Once the installa-
tion process is complete, the folders created with this process are
deleted. If you use the \copydir option, the folder is not deleted.
/debug:[level ]
[filename]
Used to create debugging files, which are used in troubleshooting.
Level specifies the amount of detail that will be included in the
log file, and file name specifies the filename that will be created.
/dudisable Used to prevent dynamic update from running during the
installation process.
/duprepare:pathname Used to prepare a network share that will be used to provide
dynamic update files to clients installing Windows XP Professional.
/dushare:pathname Specifies the installation share to be used with dynamic update
files that have been downloaded from the Windows Update

files in a shared image folder, and clients that can access the RIS server. Depending on the type
of image you will distribute, you may also want to configure answer files so that users need
not respond to any Windows XP Professional installation prompts. (Answer files are described
in the “Using Setup Manager to Create Answer Files” section of this chapter.)
Following are some of the advantages of using RIS for automated installation:

You can remotely install Windows XP Professional.
/syspart:drive letter Used to copy the Setup startup files to a hard disk and mark
the disk as active for installation into another computer. When
you start the computer that the disk has been moved to, Setup
will automatically start at the next phase. This option must be
used with the /tempdrive option, and both the /syspart and
the /tempdrive options must specify the same partition on the
secondary hard disk.
/tempdrive:drive letter Specifies the location that will be used to store the temporary
files for Windows XP Professional and the installation partition
for Windows XP Professional. This option must be used with the
/syspart option.
/udf:ID, UDB file Used by the Setup program to specify how a Uniqueness
Database file (UDB) will be used to modify an answer file. UDF
settings override any conflicting settings specified through an
answer file.
/unattend Used to upgrade a previous version of Windows using unat-
tended installation. This option automatically uses Windows
Update and preserves all user settings from the previous instal-
lation. When this option is specified, an upgrade requires no
user intervention.
/unattend:seconds
:answerfile
Specifies that you will be using an unattended installation for

as an object within the Active Directory.
3. If the DHCP server and the RIS server are on the same computer, the information requested
in the discovery packet is returned. If the DHCP server and the RIS server are on separate
networks, the DHCP server will return the client information for IP configuration. Then the
client will send out another broadcast to contact the RIS server.
4. The client contacts the RIS server using the Boot Information Negotiation Layer (BINL)
protocol. The RIS server contacts Active Directory to see if the client is a “known client”
and whether it has already been authorized (also called pre-staged) through Active
Directory. The authorization process is discussed later in this section.
5. If the client is authorized to access the RIS server, BINL provides to the client the location
of the RIS server and the name of the bootstrap image (enough software to get the client
to the correct RIS server).
6. The RIS client accesses the bootstrap image via the Trivial File Transfer Protocol (TFTP),
and the Windows XP Client Installation Wizard (CIW) is started.
7. The RIS client is prompted for a username and password that can be used to log onto the
Windows 2000 or Windows 2003 domain that contains the RIS server.
8. Depending on the user or group credentials, the user sees a menu offering the operating
systems (images) that can be installed. The user sees only the options for the installs
determined by the parameters defined on the RIS server.
The following sections describe how to set up the RIS server and the RIS clients, and how to
install Windows XP Professional through RIS.
RIS Client Options
RIS offers several client installation options. This allows administrators to customize remote
installations based on organizational needs. When the client accesses the Windows XP Client
Installation Wizard (CIW), they see the installation options that have been defined by the
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com
Using Remote Installation Services (RIS)

permissions.

Define an automatic client-computer naming format, which bases the computer name on
a custom naming format. For example, the computer names might be a combination of
location and username.

Specify the default Active Directory location for client computers that are installed through
remote installation.

Pre-stage client computers through Active Directory so that only authorized computers can
access the RIS server. This option requires a specified computer name, a default Active
Directory location, and identification of RIS servers and the RIS clients they will service.

Authorize RIS servers so that unauthorized RIS servers can’t offer RIS services to clients.

Create and modify the RIS answer file.
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com
52
Chapter 2

Automating the Windows XP Installation
The following steps for preparing the RIS server are discussed in the sections coming up:
1. Make sure that the server meets the requirements for running RIS.
2. Install RIS.
3. Configure and start RIS, using either a CD-based image or a RIPrep image.
4. Authorize the RIS server through DHCP Manager.
5. Grant users who will perform RIS installations the user right to create computer accounts.

A Dynamic Host Configuration Protocol (DHCP) server, which is used to assign DHCP
addresses to RIS clients. (Make sure that your DHCP scope has enough addresses to
accommodate all the RIS clients that will need IP addresses.)
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com
Using Remote Installation Services (RIS)
53

A Domain Name System (DNS) server, which is used to locate the Active Directory controller.

Active Directory, which is used to locate RIS servers and RIS clients, as well as to authorize
RIS clients and manage RIS configuration settings and client installation options.
Installing the RIS Server
You add the RIS server components through the Add/Remove Programs icon in Control Panel.
To install the components on a RIS server running Windows 2000 Server, take the following steps:
1. Select Start  Programs  Administrative Tools  Configure Your Server.
2. The Windows 2000 Configure Your Server dialog box appears. Click the Advanced option
in the panel on the left, and select Optional Components.
3. Click the Start the Windows Components Wizard option.
4. When the wizard starts, select the Remote Installation Services option and click the Next button.
5. The Insert Disk dialog box prompts you to insert the Windows 2000 Server CD so that the
proper files can be copied. Insert the CD and click the OK button.
6. After the process is complete, you’ll see the Completing the Windows Components Wizard
dialog box. Click the Finish button.
7. When you see the System Settings Change dialog box, click the Yes button to restart your
computer.
As part of the RIS installation, the following services are loaded on the server (these services
are required for the RIS server to function properly):


Starts the services that are required by RIS, which include BINL, TFTP, and the SIS Groveler
service

Creates a share named Reminist that provides the share for the root of the RIS directory
structure

Creates the appropriate IntelliMirror management Service Control Point (SCP) object that
is used within Active Directory to support RIS

Creates the SIS common store directory and the related files that are required to support SIS
on the RIS server
With RIS installed, you can configure the RIS server through the following steps:
1. Select Start  Run, type Risetup in the Run dialog box, and click the OK button.
2. When the Remote Installation Services Setup Wizard starts, click the Next button to continue.
3. The Remote Installation Folder Location dialog box appears next. The remote installation
folder must be on an NTFS version 3.0 (or later) partition and must not reside on the same
partition as the system or boot partition. Specify the path of the remote installation folder
and click the Next button.
4. Next up is the Initial Settings dialog box. Here you configure client support during server
configuration. You can specify that the server should respond to client computers requesting
service, and that the server should not respond to unknown client computers. You can
select one or both options, or leave them both unchecked and configure client support later.
Make your selection(s) and click the Next button.
5. In the Installation Source Files Location dialog box that appears next, specify the location
of the Windows XP Professional distribution files and click the Next button.
6. In the Windows Installation Image Folder Name dialog box, specify the name of the folder
to be used for the Windows XP Professional distribution files and click the Next button.
7. The Friendly Description and Help Text dialog box appears next. Here you specify a
friendly name and help text to help users select the Windows installation image. Enter

Authorizing the RIS Server through DHCP Manager
For a RIS server to respond to client requests, the DHCP server must be authorized through the
Active Directory. By authorizing DHCP servers, you ensure that rogue DHCP servers do not
assign client IP addresses.
You’ll learn more about DHCP in Chapter 10, “Managing Network Connections.”
To authorize the DHCP server on Windows 2000 Server, take the following steps:
1. Select Start  Programs  Administrative Tools  DHCP.
2. In the left pane of the DHCP window, right-click your DHCP server. From the pop-up
menu, select Authorize, as shown in Figure 2.4.
FIGURE 2.4 Authorizing a DHCP server
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com
56
Chapter 2

Automating the Windows XP Installation
3.
Close the DHCP console.
To authorize a RIS server, use this same process.
Granting the User Right to Create Computer Accounts
To install an image using RIS, users must have the user right to create a computer account in
the Active Directory. You can specify that users can create accounts anywhere in the domain,
or that users can create computer accounts only in specific organizational units.
To grant the user right to create computer accounts, take the following steps on a Win-
dows 2000 Server:
1. Select Start  Programs  Administrative Tools  Active Directory Users and
Computers.
2. The Active Directory Users and Computers window appears, as shown in Figure 2.5.

Active Directory is covered in detail in MCSE: Windows 2000 Directory Ser-
vices Administration Study Guide, 2nd ed., by Anil Desai with James Chellis
(Sybex, 2001).
Granting the User Right to Log On as a Batch Job
The user account that will perform the remote installation must have the user right that
allows logging on as a batch job. By default, the Administrators group does not have this user
right. To assign the Log On as a Batch Job user right on a Windows 2000 Server, take the
following steps:
1. Log on as Administrator and add the Group Policy snap-in to the MMC administrator
console. (The MMC and snap-ins are covered in Chapter 4, “Configuring the Windows XP
Environment.” Adding the Group Policy snap-in and assigning user rights are covered in
Chapter 7, “Managing Security.”)
2. Select Local Computer Policy  Computer Configuration  Windows Settings  Security
Settings  Local Policies  User Rights Assignment.
3. Double-click the Log On as a Batch Job user right.
4. The Local Security Policy Setting dialog box appears. Click the Add button.
5. The Select Users or Groups dialog box appears. Click the user or group to which you want
to assign this permission, click the Add button, and then click the OK button.
6. You will return to the Local Security Policy Setting dialog box. Click the OK
button.
Configuring the RIS Server to Respond to Client Requests
The RIS server must be configured to respond to client requests. You can configure the server
response as a part of the RIS server installation or do it later, after the RIS server is installed and
ready for client requests. Take the following steps to configure the RIS server on a Windows 2000
Server to respond to client requests:
1. Select Start  Programs  Administrative Tools  Active Directory Users and
Computers.
2. The Active Directory Users and Computers window appears. Expand your domain and
select Computers or Domain Controllers to access the computer that acts as your RIS
server. Right-click the RIS server, and select Properties from the pop-up menu.

opposed to booting from the hard disk).
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com
60
Chapter 2

Automating the Windows XP Installation

Follow the Net PC/PC 98 standard for PCs, which uses industry-standard components
for the computer. This includes processor, memory, hard disk, video, audio, and an inte-
grated network adapter and modem, in a locked case with limited expansion capabilities.
The primary advantages of Net PCs are that they are less expensive to purchase and to
manage.

Have a network adapter that supports PXE and that can be used with a RIS boot disk. The
only network adapters that can be used with RIS boot disks are the network adapters that
are displayed when running the RBFG.exe utility. If your network adapter is not on the list,
ensure that you have the most current RBFG.exe utility, since Microsoft makes updates
and adds drivers to this utility periodically. You can obtain updates through Windows
Update or Service Packs.
If the client computer does not have a network adapter that contains a PXE-based boot ROM,
then you can use a RIS boot disk to simulate the PXE startup process. The PXE-based boot
disk is used to provide network connectivity to the RIS server. In order to use a RIS boot disk,
the client computer must use a PCI-compliant network adapter.
If your client uses PCMCIA or ISA network adapters, there is no support to use
RIS boot disks.
To create a RIS boot disk, take the following steps:
1. On a Windows XP Professional computer that is connected to the same network as the RIS

images, the user will see a menu of RIS images. After you select a RIS image, the remote
installation process will start. What happens next depends on the image type and whether you
have configured answer files.
Using the System Preparation Tool
to Create Disk Images
You can use disk images to install Windows XP Professional on several computers that have
the same configuration. Also, if a computer is having technical difficulties, you can use a disk
image to quickly restore it to a baseline configuration.
To create a disk image, you install Windows XP Professional on the source computer with
the configuration that you want to copy. The source computer’s configuration should also
include any applications that should be installed.
Once you have your source computer configured, you use the System Preparation Tool
(Sysprep.exe) to prepare the disk image for disk duplication. After you’ve created the disk
image, you can copy the image to destination computers through third-party software or
through hardware disk duplication.
Preparing for Disk Duplication
To use a disk image, the source and target computers must meet the following requirements:

Both the source and destination computers must be able to use the same hard-drive
controller driver.

Both the source and destination computers must have the same HAL (Hardware Abstraction
Layer). For example, both use an ACPI HAL. If the source computer is ACPI-compatible
and the target computer is non-ACPI-compatible, Windows XP Professional will not load
properly.

The size of the installation partition must be as large as the smallest space the image
program will install the image to.

Plug and Play devices on the source and destination computers do not need to match, as

cloning)
-activated Prevents Windows Product Activation from resetting
-factory Allows you to add additional drivers and applications to the
image after the computer has restarted
-reseal Reseals an image and prepares the computer for delivery
after modifications have been made to an image using the
factory mode
-bmsd Used to build a list of all available mass storage devices in
sysprep.inf.
-forceshutdown If you have used the -reseal switch, prepares the operating
system as specified, then immediately shuts down the computer
without any user intervention
-mini Specifies that you want to run the Mini-Setup Wizard on the next
restart of the computer
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com
Using the System Preparation Tool to Create Disk Images
63
After you run the System Preparation Tool on a computer, you need to run the
Mini-Setup Wizard. Then run the Setup Manager to create an answer file that
will answer the Mini-Setup Wizard’s questions when the computer (the imaged
computer or the original computer that has had the System Preparation Tool
run on it) is restarted.
In the following sections you will learn how to create a disk image and how to copy and
install from a disk image.
Creating a Disk Image
To run the System Preparation Tool and create a disk image, take the following steps:
1. Install Windows XP Professional on a source computer. The computer should have a similar

and then install it on the target computer.
If you are using special hardware (a disk duplicator) to duplicate the disk image, shut down the
source computer and remove the disk. Copy the disk and install the copied disk into the target com-
puter. If you are using special software, copy the disk image per the software vendor’s instructions.
After the image is copied, turn on the destination computer. The Mini-Setup Wizard runs
and prompts you as follows (if you have not configured an answer file):

Accept the End User License Agreement.

Specify regional settings.

Enter a name and organization.

Specify your product key.

Specify the computer name and Administrator password.

Specify dialing information (if a modem is detected).

Specify date and time settings.

Specify which networking protocols and services should be installed.

Join a workgroup or a domain.
If you have created an answer file for use with disk images, as described in the
section “Using Setup Manager to Create Answer Files” later in this chapter,
the installation will run without requiring any user input.
EXERCISE 2.2
Using the System Preparation Tool
1. Log onto the source computer as Administrator and, if desired, install and configure any

your dialing configuration and click the Next button.
8. In the Date and Time Settings dialog box, specify the date, time, and time zone. Then click
the Next button.
9. In the Network Settings dialog box, verify that Typical Settings is selected and click the
Next button.
10. In the Workgroup or Computer Domain dialog box, verify that the No, This Computer Is
Not on a Network, or Is on a Network without a Domain Controller option is selected and
click the Next button.
11. When the Completing the Windows XP Setup Wizard dialog box appears, click the Finish
button.
12. When the computer restarts, start Windows XP Professional.
13. When the Network Identification Wizard starts, click the Next button.
14. In the Users of This Computer dialog box, select the Users Must Enter a User Name and
Password to Use This Computer option and click the Next button.
15. When the Completing the Network Identification Wizard dialog box appears, click the
Finish button.
16. Log onto the computer as Administrator.
Simpo PDF Merge and Split Unregistered Version -
Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.
COPYING PROHIBITED
www.sybex.com