Partager via


How Remote Installation Services Work

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

How Remote Installation Services Works

In this section

  • Remote Installation Services Architecture

  • Remote Installation Services Physical Structures

  • Remote Installation Services Dependencies

  • Remote Boot and Installation Setup Processes

  • Network Ports Used by Remote Installation Services

  • Related Information

Remote Installation Services (RIS) is a Windows component that you can install with Windows Server 2003 or add at any time after the operating system is installed. RIS is an automated installation technology that you can use to create installation images of operating systems or of complete computer configurations, including desktop settings and applications. These installation images can then be made available to users at client computers. RIS is typically used during large-scale deployments when it would be too slow and costly to have administrators or end users interactively install the operating system on individual computers.

These sections provide a detailed view of how RIS works in an optimal environment. You can create an optimal environment for RIS by doing the following:

  • RIS requires a significant amount of disk space. You should dedicate an entire partition or preferably an entire physical disk to store the RIS installation images.

  • Use the appropriate number of Remote Installation Services (RIS) servers on your network.

  • Use RIS with computers that use the Pre-Boot eXecution Environment (PXE) architecture. PXE is a remote-boot technology that allows the client computer to begin a boot sequence from the network adapter. When a PXE-enabled client computer starts for the first time, it uses the Dynamic Host Configuration Protocol (DHCP) to request an Internet Protocol (IP) address and the IP address of an active RIS server. As part of the initial request, the client computer sends out its globally unique identifier (GUID), which identifies the client computer within Active Directory.

  • Dedicate an entire partition to the RIS folder tree. RIS requires a significant amount of disk space.

Remote Installation Services Architecture

RIS consists of several components that facilitate the remote installation of client operating systems. The Remote Installation service (Binlsvc) is the boot service that interacts with directory services to remotely boot a client computer. Trivial File Transfer Protocol Daemon (TFTPD) is a service protocol used to transfer the files needed to remotely boot, maintain, and troubleshoot a client computer. These and other RIS components are described in detail in this section.

The Setup program in Windows Server 2003 provides the basis for creating installation images using RIS. For background information about how Setup works, see Setup Technical Reference.

The following figure shows how a client that requests an installation image interacts with the RIS server to verify the client account and server settings, and then finally receives the downloaded Client Installation Wizard.

Remote Installation Services Architecture

Remote Installation Services Architecture

Remote Installation Service (Binlsvc)

This service is part of the Remote Installation Services component. It detects PXE-initiated DHCP requests from RIS clients and facilitates a response to those requests. The Remote Installation service also directs clients to files on the RIS server that initiate the installation process and then responds to Client Installation Wizard requests. In addition, the Remote Installation service checks Active Directory to verify client credentials, determines if a client can be serviced, and confirms whether to create a new computer account object or reset an existing account on behalf of the client. Also, if a client that is prestaged in Active Directory has settings specifying that a particular RIS server must answer the client, then the Remote Installation service facilitates the response to that client from the specified RIS server.

The Remote Installation service was formerly known as the Boot Information Negotiation Layer (BINL) service in Windows 2000 and Windows XP Professional.

Trivial File Transfer Protocol Daemon (TFTPD)

This service is used by a RIS server to download the Client Installation Wizard and the initial files that are required to start the remote installation process on the client computer.

On a RIS server, TFTP is called a daemon or service (TFTPD), while on the client, it is referred to as a protocol (TFTP).

The first file that downloads is Startrom.com, which is a small startup program that displays the Press F12 for Network Boot prompt to the client. If the user presses F12 within 3 seconds, the Client Installation Wizard downloads to the client so the installation process can begin. The file Startrom.com is located on your RIS server in the directory path \\ServerName\RemoteInstall\OSChooser\i386\.

Note

  • For installations of Windows XP 64-Bit Edition Version 2003, the first file downloaded is Oschoice.efi. It is not necessary to press F12 for these installations.
Single Instance Store Service

This service consists of an NTFS file-system filter driver and a groveler agent that interacts with RIS images. The Single Instance Store (SIS) service reduces the hard-disk storage requirements for RIS images. The SIS service does this by monitoring the RIS server partition for duplicate files. To reduce the amount of disk space used by the installation folders, SIS “grovels” through the partition containing the RIS installation directory using the groveler agent. Whenever the groveler agent finds a duplicate file, the SIS service copies the original file into a directory and copies an NTFS reparse point that contains the current location, size, and attributes of the original file. (Reparse points are NTFS file system objects that have a definable attribute containing user-controlled data and that are used to extend functionality in the input/output (I/O) subsystem.) By doing this, the SIS service retains only a single instance of the file, while replacing duplicate files with links to the single instance. The SIS service then can store the duplicate files it finds in RIS images and reduce the amount of disk space that is used on your RIS server.

RIS Components

With the following RIS components, you can install, configure, and implement RIS in your organization.

Remote Installation Services

RIS is a Windows component that you can install with Windows Server 2003 or add at any time after the operating system is installed. Services that install with RIS include the Remote Installation service, TFTPD, and the SIS service.

Remote Installation Services Setup (Risetup.exe)

You can use Risetup.exe to initially set up the RIS server and create at least one CD-based operating system image. You can initiate the setup process from the Start menu of your RIS server. If you click Remote Installation Services Setup from the Administrative Tools menu, the Remote Installation Services Setup Wizard starts. The wizard performs the following actions:

  • Requests preliminary information, including the installation folder name and the path to the operating system installation files.

  • Copies Windows installation files.

  • Updates the Client Installation Wizard screens.

  • Creates a default answer file (Ristndrd.sif).

  • Starts the RIS services, which include the Remote Installation service, TFTPD, and the SIS service.

  • Authorizes the DHCP server.

  • Risetup is also used to create any additional CD-based operating system images after the initial installation is created.

Remote Installation Preparation Wizard (Riprep.exe)

You can use Riprep.exe to create a customized image of an operating system such as Windows XP Professional. To create an image means that you create a replica of a hard disk that you can install on other computers in your organization. You use Riprep to create an image of an existing operating system installation on a master computer and then replicate that image onto an available RIS server on your network. The image can include the operating system with default parameters applied by the administrator, or the operating system with a preconfigured desktop, locally-installed applications, and drivers.

A 64-bit version of the Remote Installation Preparation (RIPrep) Wizard is included with the 64-bit versions of Windows Server 2003. For more information about using the RIPrep Wizard to create an installation image of a 64-bit operating system, see article 891128, "Updated Remote Installation Service (RIS) functionality in Windows Server 2003 Service Pack 1," in the Microsoft Knowledge Base.

Remote Boot Floppy Generator (Rbfg.exe)

You can use Rbfg.exe to create remote-boot floppy disks for RIS client computers that are not PXE-enabled, so that these clients can emulate the remote boot process and install an operating system over the network using RIS. However, for RIS clients that are not PXE-enabled to use the remote-boot floppy disk, they must each have a supported Peripheral Component Interconnect (PCI)–based network adapter supported by the Rbfg.exe utility. PC Card adapters, CardBus adapters, and adapters that are not PCI-based are not supported. You can view the list of supported network adapters by starting the Rbfg.exe utility and clicking Adapter List. The client computer’s basic input/output system (BIOS) must be configured to use the network adapter as its primary boot device.

Client Installation Wizard (OSChooser)

OSChooser is a service of the Client Installation Wizard that is run by the client computer. It is a text-based program downloaded by the RIS server to the client that allows the client to communicate with the RIS server during the installation process. Remote Installation service is the server component that sends a default set of Client Installation Wizard screens to guide the client through the remote installation process. Clients that can remote boot use this wizard to log on and select from operating system installation options. You can customize these setup screens to meet the needs of your organization.

Active Directory Users and Computers Extension for RIS (Dsa.msc)

When you create the RIS server, the Active Directory Users and Computers extension installs on the RIS server. The extension provides a Remote Install tab within the computer account Properties dialog box of each RIS server that you can use to manage the RIS server. You can start this extension by specifying the Microsoft Management Console (MMC) snap-in Dsa.msc in the Run dialog box or you can start it from the command line.

You can use the Active Directory Users and Computers extension to manage RIS locally or through a Terminal Services session on another network computer. You can also administer RIS from a computer running Windows XP Professional if you install the Adminpak.msi on that computer.

Remote Installation Services Physical Structures

The physical structure of RIS depends on whether you are using a CD-based or an image-based installation and whether you are also using an answer file.

CD-based RIS installations

Using Risetup.exe, you can create a CD-type image, also called a flat image, to be used with RIS installations on client computers. Using a flat image is similar to setting up a client directly from the installation CD, except that the operating system image source files reside on an available RIS server.

Use an installation image created by Risetup if you want to distribute the network equivalent of CD-based installation functionality. A Risetup image is a replica of an operating system CD file structure, located across the network on a remote server using RIS.

You create Risetup images by running the Risetup Wizard on a RIS server, while using an operating system CD to create the image. When using Risetup images, you cannot provide a fully-configured clone of an operating system with applications and desktop customizations, as you can with Riprep images. However, you can add applications and drivers to the distribution folder where the Risetup images are located and use answer files to install the applications and specify the location of drivers.

Installing a Risetup image is similar to setting up a workstation directly from a CD. However, the source files are located across the network on a RIS server. The following figure shows the directory structure of your RIS server under the RemoteInstall folder where Risetup images are stored. You can define the name of the folder <imagename> where the images are located.

Directory Structure of a RIS Server

Directory Structure of a RIS Server

When you install remote installation services on your RIS server, it automatically creates one Risetup image of the server operating system and stores it under the Images folder within the RIS directory structure, as shown in the figure. This image is available to remote boot–enabled clients. Clients that request installation of an operating system can access Risetup images on a remote RIS server, if you configure them to do so.

You can make additional Risetup images using operating system CDs for Windows 2000 Professional, Windows 2000 Server, and Windows 2000 Advanced Server, in addition to Windows XP Professional and Windows Server 2003. To create a Risetup image, place the CD in the CD drive of your RIS server and run the Risetup Wizard from the Images tab of RIS server Properties. You can also specify the following command string at the command-line interface to start the Risetup Wizard:

risetup -add

You can create and associate multiple answer files with Risetup images, which allows you to customize the applications and drivers that you want to install with each image. However, you cannot include preconfigured application or desktop configurations with a Risetup image. Also, Risetup images take longer to install than an equivalent size Riprep image.

Image-based RIS installations

Use an image created by Riprep if you want to distribute an image of a fully-configured workstation complete with applications. A Riprep image is essentially a file system image that is located on a remote RIS server. It is similar to the hard disk-images you create using a non-Microsoft disk-imaging tool and the Windows System Preparation tool (Sysprep).

You create Riprep images by running the Riprep Wizard (Riprep.exe) on a master computer which has the operating system configuration, applications and settings, and desktop customizations that you want to deploy to client computers in your organization.

Riprep images are most useful for cloning a standard operating system configuration to clients. Riprep images generally require more disk space on your RIS server than Risetup images because they usually include preconfigured applications and tools. However, they install faster than equivalent size Risetup images.

To create a Riprep-based installation, you must first set up a master installation. This is the reference computer that contains the operating system, software applications, and configuration settings you plan to install on destination computers in your organization. After you configure the master installation, you run Riprep.exe, which is on the server at the following location: \\servername\reminst\admin\i386\riprep. This converts the master installation into a remote installation image, which is a functionally identical replica of the master computer disk that you can install on multiple destination computers. Riprep also replicates the image to a RIS server where it is available for installation on remote boot–enabled client computers. Clients who request installation of an operating system can access Riprep-based images on a remote RIS server if you configure them to do so.

The best way to install the operating system on your master computer is to use RIS with an unattended installation. However, you can also install the operating system locally using the appropriate operating system CD. If you do this, use the disk-partitioning utility on the Windows Server 2003 installation CD and use the text-mode Setup to clear the disk partition and ensure a clean installation.

Riprep configures various operating system settings on the master computer to ensure that every copy of the master computer’s disk image is unique when you install it on destination computers. This includes resetting the security identifiers (SIDs) and access control lists (ACLs). Riprep also configures the master installation image so that, after the initial installation of the image, every destination computer starts in a special setup mode known as Mini-Setup.

RIS Client HAL Types

If you want to create an image-based RIS installation using the tool Riprep.exe, you first need to determine if your RIS clients have a Hardware Abstraction Layer (HAL) that is compatible with the master computer from which you create your image. For example, if the master computer where you run Riprep.exe has an Advanced Configuration and Power Interface (ACPI) HAL, then the client computers you designate to receive operating system images that are generated from that master computer must also have an ACPI HAL. The HAL type is indicated by the original file name of the file Hal.dll.

You need to verify how many different HAL types exist in your organization. This determines how many different master installations you will need with HALs that are compatible with the client HALs in your organization. To verify the type of HAL on your client computers, you can do one of the following:

  • Use a management tool such as Systems Management Server (SMS) to obtain your client inventory, from which you can determine the HAL types.

  • View the properties of Hal.dll to determine the HAL types.

You can install RIS-based operating system images if any of the following conditions are true regarding HALs:

  • The master and destination computer HALs are identical.

  • The master and destination computers both have either uniprocessor or multiprocessor Advanced Programmable Interrupt Controller (APIC) HALs.

  • The master and destination computers both have either uniprocessor or multiprocessor Advanced Configuration and Power Interface (ACPI) HALs.

Using answer files with a RIS installation

Using answer files with a RIS installation is similar to using an unattended answer file with RIS-specific sections and values. For a CD-based installation, the default answer file is Ristndrd.sif, and for an image-based installation, the default answer file is Riprep.sif. Multiple answer files can be associated with an installation. You can create the answer files by using Setup Manager (Setupmgr.exe) or you can create it manually by using a text editor, such as Notepad.

As with most answer files, Ristndrd.sif and Riprep.sif contain multiple predefined sections that you can modify. Section names are always enclosed in square brackets (for example, [Unattended]).

RIS-Specific Sections in an Answer File

Section Description

[RemoteInstall]

Contains entries Repartition and UseWholeDisk.

[Oschooser]

Contains entries for values which are displayed after the operating system is selected. For example, the image type and start file.

For additional information about unattended installation, see Unattended Installation Technical Reference.

Remote Installation Services Dependencies

Remote Installation Services (RIS) uses or depends upon a variety of technologies and components.

Network infrastructure

RIS depends on a network infrastructure that can identify computers on the network. RIS therefore requires that DHCP, DNS, and Active Directory be available on the network.

Remote-boot technology

RIS uses remote-boot technology to enable a computer with no operating system to begin a boot sequence from the network adapter, after which an operating system can be installed across the network. This remote-boot technology is called the Pre-Boot eXecution Environment (PXE). For client computers that are not PXE-enabled—that is, pre–Net PC/PC98 computers—you can use a special remote-boot disk, Rbfg.exe, if the client computer has a supported network adapter. Most computers that conform to the Net PC or PC98 specifications have a PXE remote boot–enabled network adapter and remote boot–enabled BIOS. A computer on which you use the remote boot disk must have a Peripheral Component Interconnect (PCI)–based network adapter supported by the Rbfg.exe utility. PC Card adapters, CardBus adapters, and adapters that are not PCI–based are not supported. You can view the list of supported network adapters by starting the Rbfg.exe utility and clicking Adapter List.

Technology to create an installation image

RIS includes a technology that you can use to create an image of an operating system that will be installed on client computers. You can create the image in one of two formats: a flat image or a Remote Installation Preparation Wizard (RIPrep) image format. Use the flat image option to create an image directly from a set of operating system files, for example, the files on a CD. Use the RIPrep image format to create an image that includes an operating system with specific settings and applications, such as an image that complies with a corporate desktop standard.

Technologies for communication between RIS client and server

RIS includes technologies that establish communication between a client computer that has begun a PXE boot sequence and the RIS server that contains installation images that are available to that client. For this process, RIS uses DHCP to provide the client with an Internet Protocol (IP) address. RIS then downloads the Client Installation Wizard, which prompts the user to log on and provides a menu of installation options that are customized for that user. You can control these images through Group Policy.

PXE architecture

Remote Installation Services (RIS) uses the Dynamic Host Configuration Protocol (DHCP) that follows the Pre-Boot eXecution Environment (PXE) architecture to start a client computer.

When a new PXE remote boot–enabled client computer starts for the first time, it uses DHCP to request an Internet Protocol (IP) address and the IP address of an active RIS server. As part of the initial request, the client computer sends out its globally unique identifier (GUID), which identifies the client computer within Active Directory.

After the client computer receives an IP address from the DHCP server, it then requests service from a RIS server. The request to the RIS server is a broadcast, which means all of the RIS servers on the network will receive the request. If the RIS server can answer, it queries its preferred domain controller for the client computer’s GUID. If the server fails to find the GUID, it queries the global catalog for the forest. If the GUID is found in either location, the client computer is considered “known”. If the GUID is not found, it is considered “unknown”. In this case —that is, the query by the RIS server found no computer account object in Active Directory with this computer’s GUID —only RIS servers that are configured to answer unknown clients will do so.

If the client is known, all the available RIS servers query the domain to determine whether the client computer account has been prestaged with settings that specify that the client computer is to be answered by a particular server. If so, only the designated server answers the service request. The other servers respond by telling the client which server will answer it. This is called a referral. If the client computer account settings do not require the client computer to be answered by a particular server, all RIS servers answer it if they are aware of this client and configured to answer it. Each RIS server then offers its own files to download.

After the client computer receives a reply to its service request, it initiates a Trivial File Transfer Protocol (TFTP) download of the boot program. The Remote Installation Services implementation of this program is called Startrom.com (located at \\RIS_server_name\REMINST\oschooser\i386\startrom.com).

After Startrom.com has been downloaded, the client computer runs it. The default version of Startrom.com then prompts the user to press F12 to initiate a network installation. If the user fails to press F12 within three seconds, the network boot is stopped, and the client computer attempts to start up from the next available boot device. When the user presses F12, the client computer uses TFTP to download the Client Installation Wizard. The wizard then requests the user to log on to the network.

Remote Installation Services directory service planning

The Remote Installation Services (RIS) environment relies on a well-designed and well-planned Active Directory architecture. Normally, determining the physical location of a server can be a challenge. This can become even more difficult when you must find and configure several servers that are located in different buildings, different offices, or on different floors. Using Active Directory, however, can simplify this process.

In a given domain, Active Directory provides organizational units or containers that you can use to organize users and resources into logical administrative groups. This makes it easier to locate and configure servers at multiple locations.

Remote Boot and Installation Setup Processes

RIS uses PXE technology to enable RIS client computers without an operating system to initiate the boot sequence from their network adapters, thus facilitating operating system installations from remote network locations. To initiate the remote boot process and set up a RIS-based operating system installation, PXE interacts with the Dynamic Host Configuration Protocol (DHCP), the Remote Installation services, and TFTPD, as shown in the following figure:

How RIS Works

How RIS Works

When you start a new PXE-enabled RIS client computer, the following sequence of events occurs:

  1. The client computer initiates the communication by sending a DHCP Discover broadcast on its subnet. A DHCP server with an active scope for that subnet will issue an IP address to the client.

  2. All Remote Installation servers that receive the client’s DHCP Discover broadcast extract (from the PXE data portion of the packet) the universally unique identifier (UUID) of the client that is requesting service. The RIS server then queries its preferred domain controller to search for this UUID in all prestaged computer accounts in Active Directory.

    If the domain controller does not find the UUID in the local domain, the RIS server queries the global catalog to locate the client computer account. If the UUID is found in either location, the client computer is recognized as a known client; otherwise, it is considered an unknown client. If the client is unknown, it will only receive an answer from a RIS server that is configured to answer unknown clients, provided that one exists on the network.

  3. If the client is known, all available RIS servers query the domain to determine whether the prestaged client computer account has a setting that specifies that only a particular RIS server can answer the client.

    If this is the case, then only the designated RIS server answers the service request, and other RIS servers simply notify the client of the particular RIS server that is configured to answer it. If the client computer account does not have a setting that requires it to be answered by a particular server, any RIS server can answer the request. However, the client only receives service from the first RIS server it contacts.

  4. The user receives a prompt to press the F12 key to initiate a network service boot request from the RIS server.

  5. Using TFTPD, the contacted RIS server downloads the Client Installation Wizard to the RIS client, along with all client dialog boxes contained within the wizard.

  6. The Client Installation Wizard prompts the user to log on with a valid user name, password, and domain name.

  7. The user receives a selection of operating system images that are hosted on the RIS server for installation on the client computer.

    The list of operating system images that are offered to the user is based on the user’s credentials or security group membership.

PXE Specification

The published PXE specification defines the remote-boot process and also establishes the PXE compliance standards for hardware manufacturers and other vendors. RIS uses PXE environment extensions to DHCP, an industry-supported technology, to allow workstations to do the following:

  • Boot remotely using their network adapters to access boot code from a network location.

  • Install an operating system from a remote source to a client’s local hard disk.

The PXE environment is built upon Internet protocols and services that are widely used in the computer industry. This includes TCP/IP, DHCP, and TFTP. The PXE extensions to the DHCP protocol enable information to be sent to systems that support remote network booting and also allow these systems to locate remote installation services.

Note

  • Network adapters that meet the PXE .99n specification will work correctly with RIS.

RIS Technology Limitations

You can use RIS technology to install operating systems, with or without software applications, to portable and desktop computers in your organization, which include member servers, stand-alone servers, and domain controllers. However, limitations to the scope of RIS-based operating system installations include the following:

Clean Installs

You can only use RIS to provide a clean version of an operating system, with or without software applications. You cannot use RIS to upgrade an operating system or software configuration.

Server Components

If you use RIS to install a server operating system, you might not be able to include all the server components that you want to provide with the RIS image. For example, some server components require that you install and configure them only after the RIS-based installation is complete. This can include components such as Certificate Services, Cluster service, or software that is dependent on Active Directory.

Domain controllers

You cannot install a preconfigured domain controller using a RIS image. However, you can use RIS to install a stand-alone server and then configure the server as a domain controller by running the Active Directory Installation Wizard.

Encryption and security settings

You cannot use RIS to deploy files that are encrypted with a system such as the Encrypting File System (EFS). Also, you cannot use RIS to deploy systems with preconfigured user-level security settings such as file and folder permissions. To configure these settings, you can run a script after completing your RIS-based installation.

Wireless networks

Wireless networks do not support remotely booting computers using PXE technology.

Multihomed computers

Multihomed RIS servers are supported if the network adapters use multiple separate subnets or if all network adapters service the same subnet. In both cases the RIS server must also be the DHCP server. The DHCP server must have active scopes for each subnet serviced and must be authorized for each IP address on the network adapters being serviced.

Supported operating systems

RIS has certain limitations depending on the operating system that you are installing. For more information about operating systems supported by RIS, see “Operating Systems Supported by Remote Installation Services” in Help and Support Center for Windows Server 2003.

Network Ports Used by Remote Installation Services

The following table lists the ports that are used by RIS.

Port Assignments for Remote Installation Services

Service Name UDP TCP

Dynamic Host Configuration Protocol (DHCP)

67

N/A

Boot Information Negotiation Layer (BINL)

4011

N/A

Trivial File Transfer Protocol Daemon (TFTPD)

69

N/A

The following resources contain additional information that is relevant to this section.