For a higher degree of functionality, you will probably want to create images to be distributed via RIS that also include applications and related settings, similar to the binary images created with tools like Ghost. RIS provides a similar functionality, using a tool called Riprep.exe. After installing Windows 2000 Professional and associated applications on a system, you would run Riprep.exe (which is again a wizard-based tool) to copy the image to the RIS server. The Riprep tool is found at \\servername\REMINST\Admin\I386\riprep.exe. A couple of quick notes with respect to Riprep:
- The systems to which you choose to deploy this image must have the same HAL (for example, an image created on a single-processor system could not be used for a dual-processor system)
- The target system need not have the same hardware configuration as the system on which the image was created, since Plug and Play will detect hardware differences.
- Similar to when you run sysprep, riprep will remove all system SIDs from the image created, ensuring that a new and unique SID is generated on the client computers.
One of the potential problem areas with RIS is that in theory anyone with a PXE-compliant system could attach it to the network and install an image. As such, you need to be concerned with configuring security properly. RIS supports 3 main security features:
- Requiring that RIS server be authorized prior to receiving an image – much like DHCP, a RIS server must be authorized in Active Directory by a member of Enterprise Admins. RIS server authorization is done using the DHCP tool, following the same steps as authorizing a DHCP server.
- Using Active Directory Users and Computers – Use this tool to control who can install an image, whether the RIS server responds to requests, defining a naming convention for client computers, and pre-staging client computers. By accessing the properties of the computer object acting as the RIS server, all of these settings can be controlled. For example, to use the client installation wizard that will start when a RIS image is requested, the user must have read access to the OU where the computer account will be created, as well as permission to create user accounts (unless the account had been pre-staged in advance)
- Using group policy to manage client installation options – these options allow the administrator to control the level of access that a user has over the installation wizard that runs as part of the image installation process. The four options available:
- Automatic Setup: if chosen, this option uses the administrator-supplied settings, and the user is not given any client installation wizard choices.
- Custom Setup: if chosen, allows the user to define a computer name and specify where the computer account will be created in AD.
- Restart Setup: if chosen, this option will restart a setup if it fails before completion.
- Tools: if chosen, this option provides access to maintenance tools such as disk utilities for example.