Windows Server Hack [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Windows Server Hack [Electronic resources] - نسخه متنی

Mitch Tulloch

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید










Hack 62 Get Started with RIS

Remote Installation Services (RIS) is a complex
but powerful tool for deploying Windows images.
Here's a guide to getting started with
it.

In the past, with the many
flavors of Windows, there were many ways of configuring and deploying
Windows to client machines. Such automated and customized methods
included imaging with a tool such as GHOST or scripting with answer
files and VBScript or other automation tools to deploy silently and
without user intervention. Or, you could make one image on a hard
drive and use a hard-drive-cloning device to copy the image to
multiple hard disks at once. The technology and methodologies for
deploying a customized Windows operating system to client
workstations has matured over the years, but not quite to the
plug and play capability we would all like to
see.

As part of Microsoft's change and
configuration-management initiative, they developed a service
included with Windows 2000 called Remote Installation Service (RIS).
RIS supports deploying both automated and customized versions of
Windows 2000 and XP Professional to clients that support the
PXE/DHCP-based remote technology for remotely installing the
operating system on the client computer over the network. The
intention that Microsoft was communicating to the corporate
technologists when they were developing Windows 2000 was that you
could basically plug a new computer into the network, start the
computer, authenticate, and the operating system would be installed
and configured for the user within a short matter of time.

With a little bit of work, it actually does just that.

Not only can you deploy images of Windows 2000 and XP through RIS,
but with a tool developed by 3Com (http://www.3com.com/en_US/lanworks/indexl)
you also can deploy BIOS updates, other applications, Windows 2000
Server images, and so on. RIS is customizable and flexible; you can
modify the Client Installation Wizard to prompt users for
information, pass information to setup answer files, and populate
environment variables with information. You can deploy disk images
with RIS, but I recommend the scripted, silent-installation approach,
because it is more customizable. I successfully use RIS in my office
to deploy a customized Windows XP Professional image, and it saves me
a lot of time.

Think of RIS as a network-based boot disk. The client workstation
boots onto the network and obtains an IP address from a DHCP server
and the location of the RIS server, RIS verifies the client is a
known client, and then the Client Installation Wizard appears. It is
similar to using a boot disk with NDIS drivers, a custom menu, and
prompts via autoexec.bat or some other script
called on the disk.


Requirements for RIS


So, what do you need to get started with RIS? First,
you need a PXE-compliant (PXE stands for
Pre-Boot Execution Environment) network card and system BIOS that
supports setting the LAN as a bootup device. Most network cards
todaysuch as ones from Intel, 3Com, SMC, and
RealTeksupport PXE. For those workstations that are not
compliant, you can create a bootable disk with a PXE emulator by
using a tool that accompanies RIS. Next, you need a Windows 2000
server that is a member of an Active Directory-enabled domain. Active
Directory is required, because it provides client authentication and
configuration information for the RIS server and RIS also stores its
configuration information within Active Directory. Obviously, you
need TCP/IP, because it is the basic networking protocol required for
a Windows 2000 network. Finally, you need a Windows 2000-compliant
DNS server, so that an RIS server can locate an Active Directory
controller, and a DHCP server to assign TCP/IP addresses to clients,
allowing them to communicate with a RIS server.

Hardware requirements


The hardware requirements for your RIS server are dependent on how
many clients will be supported within your environment. How well RIS
performs when deploying Windows to clients depends on the hardware
configuration of your RIS serverin particular, the disk
subsystem, memory, and networking components of your RIS server.
Let's consider each of these briefly:

Disk subsystem


Storage space for each operating system image you want to deploy must
be taken into account, because the size will vary depending on the
level of customization, size of images and applications included with
each image, and so on. The RIS installation point cannot be on the
same volume that the operating system and/or boot files are on. It
must be installed on a separate dedicated volume.


Memory


In addition to the memory allocated to the operating system, allocate
additional memory for the RIS service. Microsoft recommends a minimum
of 128 MB for Windows 2000 Server, but I recommend 512 MB for the
services and functions this server will be providing, as well as the
number of clients it might be supporting.


Networking components


A network adapter running at 100 Mbps full duplex is best. If you are
supporting a large client base, you might want to have two 10/100
adapters. Solid network connectivity between client and server is
important, and you must consider your network topology when planning
a RIS implementation.



As with other Microsoft services you provide on your network, proper
planning will help you to determine the configuration of your RIS
server, how many you may need, and the placement of them. RIS can run
on a member server that provides other services on your network; you
just need to determine the impact and whether additional hardware is
required to support the additional services.

Services associated with RIS


RIS relies on three services to provide the capabilities it offers:

Boot Information Negotiation Layer (BINL)


The BINL service listens for and answers client DHCP requests (PXE).
It also services Client Installation Wizard requests. BINL directs
the client to the files needed to start the installation process.
This service also checks Active Directory to verify credentials,
determine whether a client needs a service, and determines whether to
create a new computer account object or reset an existing one on
behalf of the client.


Trivial File Transfer Protocol Daemon (TFTPD)


An RIS server uses Trivial File Transfer Protocol (TFTP) to download
the initial files needed to begin the remote installation process to
the client. These files include the Client Installation Wizard and
all files needed to start Windows 2000 setup. The first file
downloaded to the client using TFTP is
Startrom.com, a small bootstrap program that
displays the Press F12 for Network Service Boot prompt. If F12 is
pressed within three seconds, the Client Installation Wizard
(OSChooser) is downloaded to begin the remote installation process.
When it resides on the server side, this service is called the
Trivial File Transfer Protocol Daemon (TFTPD). When it resides on the
client, it is simply called TFTP.


Single Instance Store (SIS) or Groveler


The SIS services consist of an NTFS filesystem filter and a service
that acts on the volume on which the RIS images are kept. SIS
services reduce the storage requirements needed to store these images
by combining duplicate files.




Installing RIS


On Windows 2000 Server, go to
StartSettingsControl Panel.
Double-click Add/Remove Programs, and then double-click Add/Remove
Windows Components. Scroll down, choose Remote Installation Services,
and then click Next. Insert the Windows 2000 Server CD-ROM into the
CD-ROM drive and click OK. The necessary files are copied to the
server. Click Finish to end the wizard. When you are prompted to
restart your computer, click Yes. When the server has restarted, log
on to the computer with an account that has administrative privilege.

I recommend you always apply the latest service pack for Windows
2000, because it might have fixes or enhancements to RIS. For
example, Service Pack 3 includes support for deploying Windows 2000
Server and Windows XP Professional (the original RIS supported
deploying Windows 2000 Professional only) and resolves networking
issues with RIS clients and installation issues (such as RIS clients
hanging during setup). There are also specific hotfixes for RIS, but
these are available only if you are experiencing the specific issue
and they require a call into Microsoft support to obtain the update.

The directory structure of RIS is flexible; it is designed to support
many different languages and hardware platforms. The following
directories are created for the RIS service during installation.

OSChooser


This directory contains all of the files needed by the client
installation wizard. As noted, the OSChooser
directory supports many different types of hardware
platforms and languages. However, only the x86 platform is supported
for RIS in Windows 2000.


Setup


This directory contains the images that have been installed on the
RIS server. Notice that the existing operating system images also
contain a corresponding Templates directory,
which contains the SIF file used for unattended installation of the
operating system on the client computer. The SIF file also contains
the friendly description string and specific image details that are
displayed to end users of the client installation wizard and in the
Tools tab within the administrative UI. Note that for an image to be
displayed in both the administrative UI and the
client-installation-wizard UI, it must contain an associated
*.sif file template.


Tools


This directory contains tools that are designed to support deployment
through RIS, such as BIOS updates, virus tools, and so on.



To set up RIS after installation, go to the command prompt or
StartRun and type RISETUP.EXE to
start the Remote Installation Service Setup Wizard. Follow the
instructions on the screen. It will guide you through configuring
RIS, and the last step will be to create an image of your Windows
2000 Server/Professional or Windows XP Professional from the CD. I
won't get into detail here, because it is a
straightforward process, but see Microsoft Knowledge Base article
Q298750 (http://support.microsoft.com/default.aspx?scid=kb;en-us;298750)
for any assistance you might need.

Once you complete the process of configuring RIS, the server must be
authorized in Active Directory. This ensures that rogue servers with
those services installed (either by accident or intentionally), will
not impact or disrupt network operations. Log onto a domain
controller in the root domain with Domain Administrator or Enterprise
Administrator rights. Go to
StartProgramsAdministrative Tools
and click on the DHCP snap-in. Right-click DHCP in the upper-left
corner of the screen, and then click Manage Authorized Servers. If
the RIS server does not appear in the list, click Authorize and enter
the IP address of the server.

Once you're finished setting up RIS, you can
customize it to the needs of your own networking
environment[Hack #63].

Matt Goedtel


/ 163