Setting Security Permissions in Answer Files

By setting explicit user or group security permissions on the answer file (.sif) for a particular operating system image, you can determine which operating system options are displayed to users in the Client Installation Wizard. You can allow a user of Remote Installation Services to choose from all of the operating system images available on a particular RIS server, or you can restrict the user to only the images appropriate for that user.

To restrict access to the available operating system images

1. Locate the Templates folder of the desired image on the RIS server, typically:

\\servername\RemInst\Setup\OSLanguage\Images\OSImageName\i386\Templates





Note

Each CD-based operating system image that you add to a RIS server has an associated Templates directory that contains the unattended setup answer file or files associated with that image.

Set specific access permissions on the individual unattended setup answer files that are contained in this directory. If you have not associated additional unattended answer files to the base operating system image, you only see the default answer file (Ristndrd.sif) in the \Templates directory.

2. Right-click the answer file, and then click Properties.
3. In the Properties window, click the Security tab.



Warning

The default security permissions allow the Everyone group (which includes all users) access to this operating system image from within the Client Installation Wizard. To restrict access to this operating system image, select the Everyone group, and then click Remove.

4. Click Add, and then select the security group or individual users who you want to receive access to the selected operating system image. Click Add, and then click OK twice. The default permissions that are set for each user or security group are sufficient for use with Remote Installation Services (the user requires only read permissions).

   Unless you specify users or groups of users to be given access, no users have access to the selected available operating system image.

Because selecting individual users for specific access can greatly increase the administrative workload, it is recommended that you group your users by security group and apply the security group to the answer file when restricting access to operation system images. If you add users to the security group, they will have access to the correct operating system image. For example, if all users in the sales department need access to the same list of operating system choices, you can group all sales staff users in a sales security group in Active Directory. You can then allow the sales security group read access to the operating system choices they need by granting the sales security group access to the appropriate answer files. When a new member of your company joins the sales department, add that user to the sales security group so that they can see the same operating system choice listings as the other members of the sales security group.

© 1985-2000 Microsoft Corporation. All rights reserved.