Using RIPrep Images

RIPrep images allow a network administrator to clone a standard corporate desktop configuration, complete with operating system configurations, desktop customizations, and locally-installed applications. After installing and configuring the Windows 2000 Professional operating system, its services, and any standard applications on a computer, the network administrator runs a wizard that prepares the installation image, and replicates it to an available RIS server on the network for installation on other clients.

The benefits of using RIPrep.exe are as follows:

• Allows for the creation of standard environment images including the operating system, standard desktop applications, and settings.
• Faster overall install times than CD-based images.

The limitations of using RIPrep.exe are as follows:

• Does not support multiple disks or multiple partitions on the source computer used to create the RIPrep image.
• Works only with the Windows 2000 Professional operating system.
• The destination client must have a hard disk that is the same size or larger than the system partition on the hard disk of the source computer used to create the RIPrep image.
• Target system must also have the same hardware abstraction layer (HAL).
• A CD-based image of the same version and language as the RIPrep source computer must also be installed on the RIS server.

RIPrep Considerations

If you plan to use RIPrep to create operating systems in your organization, keep the following considerations in mind:

• RIPrep supports replication of a single disk, single partition (the boot partition, which is usually drive C) of Windows 2000 Professional. Because of this, the operating system and all of the applications that make up the standard installation must reside on the boot partition prior to running the RIPrep wizard. By creating a RIPrep image, you can install and configure the operating system, locally-installed applications and configuration settings once for deployment to many clients.
• RIPrep-based images generally use more hard disk space than CD-based images because they contain an uncompressed copy of the client system's hard disk stored on the server. CD-based flat images still contain the compressed installation files that the CD contains.
• To store a RIPrep image on a server, you must also have a CD-based image that is the same version and default language stored on the same RIS server. This is because the answer file used for the RIPrep image also refers the client to the CD-based image for access to network adapter and text-mode boot drivers, in case the drivers required for the client installing the RIPrep image are different from those in the system used to create the RIPrep image. The text-mode setup then does an advanced Xcopy of the client's image to the client's hard disk drive. (Text-mode setup is the normal blue screen you see when installing Windows 2000 Professional that moves or copies all the files over before the graphical user interface setup begins.)
• One of the beneficial features of the RIPrep wizard is that the destination client, that is, the computer that is installing the RIPrep image, does not need to contain identical hardware as that of the source computer used to create the image. However, the hardware abstraction layer (HAL) drivers must be the same. The RIPrep wizard uses the new Plug and Play support that is included with Windows 2000 for detecting any differences between the source and the client hardware during image installation.
• To create a RIPrep image, a source computer is required. The source computer contains the Windows 2000 Professional operating system, locally-installed applications, and any configured system settings that represent a standard client configuration you want to deploy to the specific clients. Carefully configure and test this image before running the RIPrep wizard to create the RIPrep image. After the image is replicated to the RIS server, you cannot alter its configuration without rerunning the RIPrep wizard against the existing image.

Configuring a RIPrep Source Computer

To prepare and configure a source computer for a RIPrep image, use the following general steps:

1. Install Windows 2000 Professional on the boot drive of a newly formatted computer. Any of the common methods of performing a standard installation can be used.
2. During setup, create a single partition, and then set the partition to the minimum size required for support of the base operating system and any required applications. The size of the partition used on the RIPrep source computer determines the minimum disk size required on computers installing the resulting RIPrep image.
3. Configure all components and settings that represent the standard client configuration for this image, including:
   • Network settings
   • Security settings
   • User settings
   • Desktop settings

   Configure the source computer to adhere to any company configuration policies. For example, you might choose to define specific screen colors, set the background bitmap to a company-based logo, and set intranet proxy server settings in Microsoft® Internet Explorer 5.

4. Install all applications that you want to be a part of this image. If you have applications that are Windows Installer (.msi) packages and you want the applications to be installed in a managed state, see the following section. Install all the applications from the location that should be used when looking for updates or additional files, rather than a temporary location such as a local CD-ROM drive that is not available on clients installing the RIPrep image. For example, you can install Microsoft® Office 2000 and virus protection software for all users who require these applications on the computer.
5. Test the source computer to ensure that the configuration is exactly how you want it to be for the group of users who will access this image. RIPrep images cannot be modified after they are created, so if your image fails your test process, you must recreate the image or restore the existing RIPrep image, make the necessary adjustments, and run the RIPrep wizard again to create a new image that contains the additional changes. If it is appropriate, you can overwrite the existing image on the RIS server when you create the new image
6. Run the RIPrep wizard to create the RIPrep image on the server.
7. Configure user access to the image by setting permissions in the ristnrd.sif file in the Templates folder of the new RIPrep image. For more information, see "Setting Security Permissions in Answer Files" later in this chapter.

Using Software Installation and Maintenance with RIPrep

By using the Windows 2000 Software Installation and Maintenance features, you can install and manage key software in a RIPrep image by using the same methods you use to install the software on other computers in the organization.

Consider an organization that wants to bring in new computers and customize both the Windows 2000 operating system and the Office 2000 suite of applications. The organization has existing Group Policy objects to manage the computers in the organization, and the administrator has assigned Office 2000 to the computers in the appropriate Group Policy objects.

Note

Be sure you configure the RIPrep source computer with applications from the same Group Policy objects that apply to the destination computers (those that install the RIPrep image) when they are deployed. The applications might be removed, or removed and reinstalled, if a different policy is applied to the computer when it is deployed.

The administrator installs the Windows 2000 operating system on a computer (that has the same HAL as the wanted target systems), and then configures the operating system the way that they want it. When Windows 2000 is installed and configured, the administrator adds it to the same Active Directory container where it stays after it is deployed. This container has a Group Policy object with Office 2000 assigned to the computer.

Note

When you install Office 2000 as part of an RIPrep image, you must turn off 8.3 name creation. Change the value of the NtfsDisable8dot3NameCreation registry entry from 0 (default) to 1 in order to turn off 8.3 name creation. NtfsDisable8dot3NameCreation is located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem. See the following procedure.

To turn off 8.3 name creation

1. From the Start menu, click Run.
2. Type regedt32.exe or regedit.exe, and then click OK.
3. In the registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
4. Select the NtfsDisable8dot3NameCreation entry.
5. To turn off 8.3 name creation, change the value of the NtfsDisable8dot3NameCreation registry entry from 0 (default) to 1. In Regedit.exe, right-click the entry, and then click Modify.

   -Or-

   In Regedt32.exe, click the entry, click Edit, and then click the appropriate menu choice.

Caution

Do not use a registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall Windows 2000. To configure or customize Windows 2000, use the programs in Control Panel or Microsoft Management Console (MMC) whenever possible.

The administrator restarts the computer, and Software Installation and Maintenance installs Office 2000 (applications assigned to a computer install when the computer starts). After Office 2000 installation is complete, the administrator can take the computer running Windows 2000 with Office 2000 installed, and use RIPrep to build a Remote OS Installation image and put the image on a RIS server.

When the resulting RIPrep image is installed on destination clients, as long as the same Group Policy objects are applied to the destination computers, the applications remain in a managed state and can be managed, updated, or patched using the Software Installation and Maintenance features. It is recommended that you use Software Installation and Maintenance to install, update, and manage all applications that you install in RIPrep images.

For more information about software installation, see "Software Installation and Maintenance" in this book.

RIPrep and User Profiles

When creating RIPrep images, it is important to understand the relationship of user profiles, the changes made to a RIPrep source computer, and the wanted result for users who log on to computers that are installed by using the RIPrep image. Windows 2000 Logo–compliant applications properly separate user-specific and computer-specific configuration settings and data. Installing such applications for all users of the computer as part of a RIPrep source computer allows the applications to then be available to all users of clients that have the resulting RIPrep image installed later. Non-Windows 2000–compliant applications might perform or rely on per-user configurations that are specific to the profile of the user actually installing the application prior to running RIPrep (typically a local administrator), rather than to all users of the client. Such configurations remain specific to that user, which can result in the application or configuration setting not being available or not functioning properly for users of computers installed with the RIPrep image. In addition, some non-application configuration changes, such as the wallpaper specified for the user desktop, are applied only to the current user's profile by default, and are not applied to users of systems installed with the RIPrep image.

Thoroughly test any applications or configuration settings that you want to use in a RIPrep image to ensure that they will work properly with your organization's implementation of user profiles. To perform the test, make the change as one user (typically a local administrator of the computer), log off, and log on as a user account that is representative of your organization. If the changes you made are applied to the second user, the changes should also apply to users who log on to systems installed with an RIPrep image that contains the same change. To complete the test, create an RIPrep image, restore it to a different computer, and log on as a different representative user. Verify that the changes are applied and fully functional.

Some configuration settings can be copied directly from the profile to which they were applied (the local administrator in the previous example, for instance) to the All Users profile (such as the desktop wallpaper) some Start menu options, and shortcuts. However, all such changes must be tested carefully to verify that the profile copy process does not affect their functionality.

To copy the Administrator's profile to the Default User profile on the source computer

1. Log on to the source computer as Administrator. Right-click My Computer, and then click Properties.
2. In the System Properties property page, click the User Profiles tab, select the local Administrator profile from the list of profiles on the computer, and then click Copy To.
3. In the Copy To dialog box, enter the path to the All Users profile folder (typically C:\Documents and Settings\All Users), and then click Change.
4. Select the appropriate group from the User or Group dialog box, typically the Everyone group, and then click OK.
5. Click OK, and then click OK again to exit the System Properties property page.

Running the RIPrep Wizard

After the client source computer is configured and fully tested, you are ready to run the Remote Installation Preparation Wizard (RIPrep.exe) from the RIS server that you want to receive this RIPrep image.

To run the RIPrep wizard, from the source client computer's Start menu, click Run, and then type:

\\<RISservername>\Reminst\Admin\i386\RIPrep.exe

Then click OK.

The RIPrep wizard does the following:

• Asks for the name of the RIS server on which to store the image. If none is selected, it defaults to the server name from which RIPrep.exe was run. If RIPrep.exe is run from \\Server\Reminst\Admin\i386\Riprep, server becomes the default location.
• Prompts for a subdirectory name to which the new image is created. The directory specified is created under the \RemoteInstall\Setup\OS Language\Images directory on the specified RIS server.
• Prompts for a description and Help display text. These values are written to the answer file for the RIPrep image and used for display to users in the Client Installation Wizard.
• Prompts you to stop services and close applications on the client that RIPrep does not recognize. (This page does not prevent you from continuing, but you need to attempt to stop any services that RIPrep does not recognize as well as close any open applications.)
• Removes unique security identifier and other unique registry settings to prevent conflict between clients.
• Replicates the source client's system partition to a folder on the RIS server.
• Creates a default answer file named Riprep.sif. This associates a specialized unattended answer file with the image to ensure that the user is not prompted during image installation.

To create an image on the server, you must be logged on to the source client with an account that has backup privileges on the source computer. (If you are a member of the domain administrators group, you have this privilege.) Otherwise you need to log on as the local administrator.

Figure 24.4 shows the directory structure that exists after the RIPrep image is copied to the server. You can define the name of the root folder (imagename) where the RIPrep images are stored.

Enlarge figure

Figure 24.4 RIPrep Image Directory Structure

After creating the new image, the important files to note are RIPrep.log, Bootcode.dat, and Imirror.dat. These files contain the following information about the RIPrep image:

RIPrep.log   This file contains log information about RIPrep.exe. RIPrep.log contains any errors that occur, such as encrypted files encountered or files in use. It also notes other information such as server name and description. This file resides in the \i386 directory on the server.

Bootcode.dat   This file contains the boot sector for the system. Bootcode.dat resides in the \i386\Mirror1 directory.

Imirror.dat   This file contains information, such as the drive letter, installation directory, and hardware abstraction layer (HAL) type, about the system that was cloned by using RIPrep. Imirror.dat resides in the \i386\Mirror1 directory.

These files contain some binary data, and therefore cannot be completely read by using a simple text editor or word processing application. After RIPrep is run, the source computer is shut down. If the source client is restarted, a mini-wizard runs and prompts the user for the unique configuration items that were removed when RIPrep was run.

After the replication of the image is complete, any DHCP PXE–based remote boot–enabled client, including those clients using the RIS boot floppy disk, can be used to access this image through RIS.

© 1985-2000 Microsoft Corporation. All rights reserved.