If you have a larger network for which you might have to deploy five or 10 new machines each week, completely reformat...
and reinstall some computers, or roll out new service packs, you want an installation procedure that's easier than using unattended scripts. Wouldn't it be nice to automatically install Windows Server 2003 Service Pack 1 (SP1) on all new machine deployments?
Microsoft, answering the call, has combined the convenience and features of unattended scripts with a tool that will allow your computers to boot from the network, select a preconfigured operating system image and transfer that image to the hard drive of the target computer, all with just a few short answers at the beginning of the process. It's called Remote Installation Services (RIS).
Here's a handy guide to using RIS for SP1.
|Checklist: Deploying Windows Server 2003 SP1 with Remote Installation Services|
|Create an integrated CD-based installation of SP1|
|You can use a special command-line function of the service pack executable to instruct the service pack to replace old files in a central distribution share with updated ones. This|
|process, known as slipstreaming, works very well with RIS images because you already have the requisite distribution share. You'll need the network/administrative (full) version|
|of the service pack for your respective platform, not the regular user version.|
|First, create a directory called c:\winsp, and copy the downloaded service pack file there. Then, extract the service pack to that directory by executing the following command from the|
|command line or from Start/Run: ws2k3sp1.exe –x (replace the filename as necessary). Finally, update the files from the regular Windows distribution CD with the new service pack|
|files by executing the following command from the command line or from Start/Run: D:\wins2k3sp3\i386\UPDATE\UPDATE.EXE -S:C:\windist. The files are then updated|
|and the process is complete. Slipstreaming is an easy way to make sure new systems are updated before they're ever put into production.|
|Use RIPrep to image a working SP1-based server for future use|
|If RIS is great for deploying operating systems and hotfixes to a varied hardware base, Remote Installation Preparation Wizard (RIPrep) and System Preparation Tool (Sysprep)|
|are wonderful helpers to deploy a complete image of a system, including the operating system, applications, customizations, settings and restrictions, to a base of hardware that|
|is identical in every respect. This is great for lab environments, and even better if your organization has a standard hardware base for all its new purchases within a year or two.|
|The process is simple, too.|
|First, create a prototype system with the operating system, any applications, any environmental customizations and anything else you want to pass on. Next, run RIPrep,|
|which gets rid of personal and security-related information and copies the image to the RIS server. You then deliver the image to the appropriate systems using the regular RIS|
|network boot process.|
|Here are a few restrictions:|
| Domain controllers: Security information is stripped out of any RIPrepped image|
| Dynamic Host Configuration Protocol (DHCP) server: Multiple rogue DHCP servers on a network can wreak havoc|
| RIS server: Each RIS server is authorized to be a DHCP server|
|For more information on RIPrep, check out Chapter 2 of my book Learning Windows Server 2003 from O'Reilly.|
Windows Security Checklists offer you step-by-step advice for planning, setting up and hardening your Windows security infrastructure. E-mail the editor to suggest additional checklist topics.
More information from SearchWindowsSecurity.com
|ABOUT THE AUTHOR: Go back to Checklists|
|Jonathan Hassell is an author, consultant and speaker residing in Charlotte, North Carolina. Jonathan's books include RADIUS and Learning Windows Server 2003 for O'Reilly Media and Hardening Windows for Apress. His work is seen regularly in popular periodicals such as Windows IT Pro Magazine, SecurityFocus, PC Pro and Microsoft TechNet Magazine. He speaks around the world on topics including networking, security and Windows administration.|