Efficiently deploy secure servers

Microsoft failed to meet their promised deadline for the release of SP3 for Windows 2000 Server. This has left system managers juggling the dozens of post SP2 hotfixes whenever they deploy a new system. The process of installing each hotfix individually can take hours, primarily due to the need to reboot after each hotfix.

Fortunately, there is an easier solution for deploying systems with all the latest hotfixes applied. Just think, wouldn't you love to turn on the power to a new system, make a few quick menu selections and then walk away to return later to a complexly installed, ready-for-deployment system? We all would.

To accomplish this seemingly Herculean task, all you need is a RIS server, the SP and hot fix files and a few utilities. One of the utilities is the Microsoft QCHAIN tool. QCHAIN is used to install multiple hotfixes with a single reboot (see

Requires Free Membership to View

Knowledge Base Document Q296861). You need to write a short script using QCHAIN to install the hotfixes as part of an automated install through RIS. The other utility is the RIS Menu Editor from 3Com. This tool is used to create an image file for RIS from a bootable installation disk. With these items at hand, you'll create a RIS image of Windows 2000 Server, add in your scripts, and you'll be ready to deploy a fully up-to-date Windows 2000 Server with little more effort than switching on the power supply.

But wait, you say RIS won't install Server product? Well, by design and right out of the box it can't. However, RIS can be easily fooled into installing just about any Microsoft OS using the right utilities -- the RIS Menu Editor for instance -- and a few configuration changes.

I wish I could take credit for this outstanding manipulation of RIS to offer functionality administrators have been screaming for. But I can't. However, I can sing the praises of the technical author who expounded upon this excellent exploitation of Microsoft technologies in his own online article. Mark Minasi's article "Roll Out Secure Servers" discusses the details of this activity. I highly recommend you take a few moments to read his material, especially if you want to learn the nitty-gritty details of how to accomplish this feat.

In addition to the primary article by Mark Minasi, you'll need to review three articles by Douglas Toombs that detail how to exploit RIS. Those articles are:

Superior RIS: Deploying Alternative OSs
Superior RIS: Automating Application Setups
Superior RIS: Customizing Win2K Installs

I hope this new capability will help save your time and your sanity. It sure has for me!

About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.

This was first published in July 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.