Nichewares & Consulting, LLC

Overview
This document is aimed at detailing the process of setting up a Windows 2003 server to provide Remote Installation Services (RIS) on a network to allow a given workstation to boot from a network resource and install a fresh copy of Windows XP. Additionally, this setup will include how to provide OEM drivers to the client workstation when the base Windows XP source does not contain all necessary drivers for the client.

The process
Initial Setup
Install Windows Server 2003, preferably on a server that has a gigabit network interface. Once the OS is installed, install RIS via the Add/Remove Programs control panel. Be sure to use a drive with plenty of space to store RIS images.

Once RIS is installed, further configuration can be done by opening Active Directory Users and Computers snap-in, find the machine account for the server hosting RIS, right-click on it, and click Properties. Click the Remote Install tab, and you'll find more configuration options. Check the box for “Respond to client computers requesting service”. Next, click the “Advanced Settings” button at the bottom. Here, the client computer naming format can be set. Click the Customize button. In this scenario, a custom format is preferred and the variable used is RIS%#-%MAC. Thus, each client computer name will start with RIS, then have and incremental number, a -, and finally the MAC address of it's network interface card. Another post-install configuration option that should be set is the security on the images. On the Images tab is a list of all images available on the server. Each image can have its own permissions, and this can be set manually as well on each *.sif file in the templates directory (more on this later). In our setup, we have a domain group, ris-installers, that has access to read these files. We don't want just anyone coming along and installing from our RIS server, so we have a specific group to manage access. Of course Domain Admins and/or Enterprise Admins have full control as does SYSTEM.

The ris-installer domain group needs to be setup to be able to join computers to the domain. Microsoft provided the Delegate tool, but unfortunately it only does a partial job. The delegate tool sets up a user or group to be able to create computer objects within a given OU or container, but it doesn't allow that user or group to be able to delete machine accounts, set or reset machine passwords, all of which are actually required to be able to fully join machines to domains (think of the case where there's a preexisting machine account...?). We haven't modified the default location to where machine accounts are created when joined to the domain, so we can add an ACL to the Computers container to allow our domain group to join machines to our domain. The permissions for our ris-installers group are all special permissions.

1. Open Active Directory Users and Computers snap-in, right-click on the Computers container, click properties, click the security tab, and click the advanced button.
2. Click the Add button, select the group, ris-installers, and click OK.
3. Make sure the Apply Onto dropdown is “This object and all child objects”. Check “Write All Properties” and “Create/Delete Computer Objects” under the Allow column. Click OK.
4. Click the Add button, select the group and click OK.
5. Make sure the Apply Onto dropdown is “Computer Objects”. Check “Reset Password”, “Change Password”, and “Write All Properties”. Click OK.
6. Click OK again.

Within RIS, different types of 'images' can be created and used to deploy an operating system. The first and most flexible type of image is known as a 'flat' image. This is basically a copy of an installation CD, that can be deployed through RIS. The second type of image is called a 'riprep' or 'sysprep' image. This image is specific to the machine from which it was generated, and more importantly, this image is specific to the hardware access layer (HAL) components on the given machine. Thus, even among the same models of machines, an image for one unit might not work on all units, since there can be variations at the hardware level among same-model machines. Ultimately, this makes the sysprep image the least useful.

To create a flat image, launch the Remote Installation Services setup tool from the Administrative Tools menu and follow the prompts as below:

Here, H: drive is the Windows XP CD.



A descriptive name for the image folder.



A descriptive name for the RIS image.

The F: drive is listed here because this drive was designated during the RIS installation as the image storage location.

The base flat image is now built, but is still limited in terms of how automated it can be deployed and in what defaults were set for it. The next step is to modify the answer file to provide our custom settings like whether or not to set a local admin password, disable the local admin account, join machine to a domain, etc. In the above example, the image was copied to F:\REmoteInstall. The directory tree within here looks like:
F:\RemoteInstall
------| \Admin
---------| \i386
------| \OSChooser
---------| \English
---------| \i386
------| \Setup
---------\English
------------ \Images
--------------- \WinXP-SP2
------------------ | \$OEM$
--------------------- | \$1
------------------------ | \OEM-Drivers
--------------------------- | \e2300
------------------------------ | \Audio
------------------------------ | \Nic
------------------------------ | \Video
--------------------------- | \e4100
------------------------------ | \Audio
------------------------------ | \Nic
------------------------------ | \Video
--------------------------- | \e4300
------------------------------ | \Audio
------------------------------ | \Nic
------------------------------ | \Video
------------------ | \i386
--------------------- \asms
--------------------- \lang
--------------------- \system32
--------------------- \templates


The items in blue will be manually added later, so ignore them for now. We need to modify the answer file, ristndrd.sif, which lives in F:\RemoteInstall\Setup\English\Images\WinXP-SP2\i386\templates. A copy of modified ristndrd.sif file is below, and the changes are in blue:

--------cut--------
[data]
floppyless = "1"
msdosinitiated = "1"
OriSrc = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
OriTyp = "4"
LocalSourceOnCD = 1
DisableAdminAccountOnDomainJoin = 1 – DELETE THIS LINE

[SetupData]
OsLoadOptions = "/noguiboot /fastdetect"
SetupSourceDevice = "\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%"

[Unattended]
OemPreinstall = No
FileSystem = LeaveAlone
ExtendOEMPartition = 0
TargetPath = \WINDOWS
OemSkipEula = yes
InstallFilesPath = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
LegacyNIC = 1

[UserData]
FullName = "%USERFIRSTNAME% %USERLASTNAME%"
OrgName = "%ORGNAME%"
ComputerName = %MACHINENAME%
ProductKey = "_your_volume_license_key"

[GuiUnattended]
OemSkipWelcome = 1
OemSkipRegional = 1
TimeZone = %TIMEZONE%
AdminPassword = "secretpassword"

[Display]
ConfigureAtLogon = 1
BitsPerPel = 16
XResolution = 1024
YResolution = 768
VRefresh = 72
AutoConfirm = 1

[Networking]

[NetServices]
MS_Server=params.MS_PSched

[Identification]
JoinDomain = %MACHINEDOMAIN%
DoOldStyleDomainJoin = Yes

[RemoteInstall]
Repartition = Yes
UseWholeDisk = Yes

[Components]
Solitaire=Off
Minesweeper=Off
Pinball=Off

[OSChooser]
Description ="Microsoft Windows XP Professional – SP2"
Help ="Automatically installs Microsoft Windows XP Professional without prompting the user for input."
LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates\startrom.com"
ImageType =Flat
Version="5.1 (2600)"
--------end-------------

This answer file can be used as a generic starting point for a machine if a more specific image has not been built for that machine. As long as the Windows XP installation CD contains all necessary drivers for a machine, this image will function just fine. However, depending on the credentials used to access the RIS images, the install process may or may not prompt for credentials to join the machine to the domain.

Adding OEM Drivers
Many machines have hardware that's considered OEM (original equipment manufacturer). An example is an Intel graphics card. Intel builds the basic configuration, but Gateway takes that base configuration and changes it slightly. Thus, Gateway now needs to provide specific drivers for this graphics card, which are called OEM drivers.

The process outlined here is based on Microsoft knowledgebase article 246184 and various newsgroup postings. The RIS directory tree components in blue listed previously now need to be created. Create the $OEM$ directory and all subdirectories. OEM-Drivers was chosen since we plan on providing OEM drivers for multiple models, and this directory will be copied to the system drive of the client during installation. Inside this directory will be drivers for the various models we support.

In this example, I'll use a gateway E-4300 as an example. This model (at least the lot that we received) has three hardware components that require OEM drivers that are not supplied on the Windows XP CD. The video card, NIC, and the sound card all require custom drivers from Gateway, and these drivers can be copied from the driver disk that came with the computer or they can be downloaded from Gateway's website (NOTE: Not all drivers can be accessed via Gateway's website). I downloaded the Intel Video driver, the Realtek audio driver and the Marvell Yukon NIC driver. I extracted these to expose the inf and sys driver files. Each will be somewhat unique, but what's important for RIS is that you have the *.inf, *.sys, and *.cat files available. The Realtek audio driver requires a hotfix before it will install, and this option will also be covered.

After downloading and extracting the NIC driver, we have a directory named Marvell827. Copy *.inf, *.sys, and *.cat files to F:\RemoteInstall\setup\English\Images\WinXP-SP2\$OEM$\$1\OEM-Drivers\e4300\Nic. And to be functional for the actual install, the drivers must also be copied to F:\RemoteInstall\setup\English\Images\WinXP-SP2\i386.

After downloading and extracting the video driver, we have a directory named IntelVideo3971. Inside this directory is another directory named Win2000, which contains the actual driver files. Copy all of the files in the Win2000 directory to F:\RemoteInstall\setup\English\Images\WinXP-SP2\$OEM$\$1\OEM-Drivers\e4300\Video.

After downloading and extracting the Audio drivers, we have a directory named HDReadTek5136. Inside here are two directories of interest. First, all driver files are located in WDM, so copy all of these to F:\RemoteInstall\setup\English\Images\WinXP-SP2\$OEM$\$1\OEM-Drivers\e4300\Audio. The next directory of interest is MSHDQFE, in which is found an MS hotfix that needs to be installed prior to installing the driver. In this example, we need to copy MSHDQFE\Win2k_xp\us\kb888111xpsp2.exe (the CD contained a different version of the hotfix, but the process is the same for automatically installing any hotfix) to F:\RemoteInstall\setup\English\Images\WinXP-SP2\$OEM$\. Additionally required in this directory (i.e. $OEM$ directory) is qchain.exe (available from download.microsoft.com) and a file named cmdlines.txt. Qchain.exe is a tool for chaining installs of multiple hotfixes with only one reboot required. The cmdline.txt file directs RIS to install any hotfixes listed. And here is the contents of cmdlines.txt:

[Commands]
“kb888111xpsp2.exe -q -u -z”
“qchain c:\qchain.txt”

Lastly, a new answer file needs to be created which contains information about the new OEM drivers. By copying and modifying the ristndrd.sif, we'll be simulating the creation of an entirely new RIS image. By simply having multiple answer files for one flat image, it will appear to the end user that there are multiple customized RIS images. So in F:\RemoteInstall\setup\English\Images\WinXP-SP2\i386\templates, make a copy of ristndrd.sif and name it e4300.sif. Below is a copy of the e4300.sif with appropriate changes in blue:

[data]
floppyless = "1"
msdosinitiated = "1"
OriSrc = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
OriTyp = "4"
LocalSourceOnCD = 1

[SetupData]
OsLoadOptions = "/noguiboot /fastdetect"
SetupSourceDevice = "\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%"

[Unattended]
OemPreinstall = Yes
FileSystem = LeaveAlone
ExtendOEMPartition = 0
TargetPath = \WINDOWS
OemSkipEula = yes
InstallFilesPath = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
DriverSigningPolicy = Ignore
OEMPnPDriversPath = OEM-Drivers\e4300\Nic;OEM-Drivers\e4300\Video;OEM-Drivers\e4300\Audio
LegacyNIC = 1

[UserData]
FullName = "%USERFIRSTNAME% %USERLASTNAME%"
OrgName = "%ORGNAME%"
ComputerName = %MACHINENAME%
ProductKey = "_your_volume_license_key"

[GuiUnattended]
OemSkipWelcome = 1
OemSkipRegional = 1
TimeZone = %TIMEZONE%
AdminPassword = "secretpassword"

[Display]
ConfigureAtLogon = 1
BitsPerPel = 16
XResolution = 1024
YResolution = 768
VRefresh = 72
AutoConfirm = 1

[Networking]

[NetServices]
MS_Server=params.MS_PSched

[Identification]
JoinDomain = %MACHINEDOMAIN%
DoOldStyleDomainJoin = Yes

[RemoteInstall]
Repartition = Yes
UseWholeDisk = Yes

[Components]
Solitaire=Off
Minesweeper=Off
Pinball=Off


[OSChooser]
Description ="XP Professional - SP2 - For E4300"
Help ="Automatically installs Microsoft Windows XP Professional without prompting the user for input."
LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates\startrom.com"
ImageType =Flat
Version="5.1 (2600)"


Lastly, restart the “Remote Installation Services” service to activate all of these changes. A new image of Windows XP – SP2 with OEM drivers for a Gateway e4300 is now ready to deploy.