Best practices for Remote Installation Services
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Follow best practices for network security in any network that includes PXE-enabled client computers.
- For more information, see PXE architecture, RIS, and security considerations.
Use the appropriate number of Remote Installation Services (RIS) servers on your network.
In a small local area network (LAN)--for example, one physical subnet without a router--a single RIS server can serve all Pre-Boot eXecution Environment (PXE) remote boot-enabled client computers up to the network bandwidth or server resource limitations.
In a routed environment, use the settings that are available when you prestage clients to direct each client to be serviced by the RIS server that is in closest proximity to it. Also, set the Dynamic Host Configuration Protocol (DHCP) forwarding option to allow your routers to forward client requests to the RIS servers. In branch offices, if the only links to the branch site are low-speed links, use a RIS server at the branch site. Do not use RIS over low-speed links on a wide area network (WAN).
Install RIS on a physical disk separate from the one on which the operating system is installed.
- Installing RIS on a disk separate from the one on which the operating system is installed will help ensure optimal performance.
Learn how to control the number of installation options and operating system choices a user can access within the Client Installation Wizard.
Restricting installation options increases the number of successful operating system installations that can be completed without assistance from technical support or administrative staff. By default, RIS presents one installation option and operating system option to the user. For more information about other installation options, see Installation options available through RIS.
To maintain appropriate security and simplify the client installation process for users, review information in the Windows Server 2003 Deployment Kit regarding settings in .osc and .sif files. For details, see "Designing RIS Installations" at the Microsoft Windows Resource Kits Web site.
For information about the Setup Manager tool and .sif files, see deploy.chm in \Support\Tools\deploy.cab on the Windows CD.
Use the Remote Installation Preparation Wizard (RIPrep) image format to deploy a standard corporate desktop configuration across different types of client hardware throughout your organization.
- With the Remote Installation Preparation image format, administrators can replicate the installation image of an existing client computer, including locally installed applications and operating system configuration changes, to an available RIS server on the network. After the installation image is replicated, it can be installed remotely by any supported client computer. When you create new images using RIPrep, the image is available only to clients that have the same type of Hardware Abstraction Layer (HAL). Images that were created using RIPrep are available to all clients that are authorized to view them. For more information, see Creating an installation image with RIPrep.
Use RIS with computers that contain the PXE-based remote boot ROM.
- For computers that do not contain the PXE-based remote boot ROM, use the remote boot floppy generator (Rbfg.exe) to create a floppy disk. You can then use the RIS feature for these computers. For more information on the PXE-based remote boot ROM, see PXE architecture.
When using the Client Installation Wizard, use standard ASCII characters for user name, password, and domain name information.
- The Client Installation Wizard does not support extended ASCII character sets (such as those containing ü é and other non-standard characters). You should therefore limit the characters used for user name, password, and domain name information to standard ASCII characters (OEM characters 32-126).
- This topic does not apply to Windows Server 2003, Web Edition.