Using RIS to PXE boot non-Windows images

I’ve written a few posts previously for this blog about Microsoft Remote Installation Services (RIS), but today I needed to do something I knew was possible in theory but had never done before – using RIS to serve a boot image of something that’s not an unattended Windows setup.

Although slightly complicated by the need to use Active Directory for security, RIS is, at its most basic, a PXE server, capable of serving boot images via TFTP to suitable client PCs (before an operating system is loaded). In theory, any bootable floppy can be converted into a RIS boot image file but Microsoft doesn’t provide the tools – for that you will need the 3Com RIS Menu Editor (RISME). The original version of this is a free download from 3Com – later versions (e.g. emBoot RIS Menu Editor 2.0) are available for a small price (with a free trial period) but I found the 3Com version to be perfectly adequate (although it only runs locally on a Windows 2000 RIS server, whereas v2.0 of the emBoot product allows remote creation and editing of RIS menus and boot images, and supports Windows Server 2003).

After running RISME to capture an image from boot media, an additional folder structure will have been created on the RIS server, either in \\servername\RemInst\Setup\English\Images\3com\i386\ or in \\servername\RemInst\Setup\English\Tools\3com\i386\, depending on whether or not the image was created via the Automatic Setup or the Maintenance and Troubleshooting tabs.

Along with the image (.IMG) file (which can be edited directly using a utility such as WinImage), is an appropriate boot loader (.LDR) file and a RIS setup information (.SIF) file containing something similar to the following text:

[OSChooser]
Description = "<em>description</em>"
Help = "<em>helptext</em>"
LaunchFile = "Setup\English\Images\3Com\i386\tool1.ldr"
Version = "1.00"
ImageType=Flat

RIS should automatically pick up the new .SIF file and offer it as a menu choice in the OS Choices menu although it may be necessary to edit the User Configuration | Remote Installation Services | Choice Options within the Default Domain Policy group policy object in Active Directory to allow access to some of the RIS menus (e.g. Maintenance and Troubleshooting).

I now plan to use this method to deploy Ghost images (via an MS-DOS boot disk, captured as an image) and a PXE boot to a RIS server but for more information (including links to enable PXE booting of Linux), check out Google’s cached version of an article on how to use RIS to bootstrap other operating systems (unfortunately the original is no longer available online).

7 Comments

  • Rob D.
    Tuesday 13 December 2005 - 21:18 | Permalink


    Thanks for the RIS tip. I was playing around with this, as I run the Ghost Solution Suite 1.0 on Windows 2003 Server with SP1…which is not supported by Symantec. Ghost Console won’t run correctly. So I’m thinking I’ll trash the console and setup RIS to image PCs. Right now I use WinPE, with an auto-ghost disk, but the session has to be setup with a certain number of clients each time. I like the idea of using RIS to enable any-time imaging.

  • Anonymous
    Thursday 25 May 2006 - 7:39 | Permalink


    This is the exact information i was looking for, thank you very much :)

  • Pingback: Mark’s (we)Blog » Using RIS as a TFTP server

  • Thursday 17 July 2008 - 13:49 | Permalink


    Anyone saved the refered page on google cache? It seems to be gone now and I would be very happy to receive some sort of pdf or saved html copy of it.

  • Friday 18 July 2008 - 7:41 | Permalink


    As it happens, I did save a copy. I didn’t publish it here originally because I’m not sure of the copyright status of this, but it’s useful information and it’s been missing for a couple of years now.

    Microsoft Windows 2000 Remote Installation Services

    How to use RIS to bootstrap other operating systems using PXELinux
    Read Microsoft’s official RIS documentation here:
    http://www.microsoft.com/windows2000/techinfo/administration/management/remosadmin.asp

    Read about PXELinux here:
    http://syslinux.zytor.com/pxe.php

    Why use RIS?
    In an enterprise environment there is a clear need for PXE booting as a convenient method to access backup and diagnostic tools, and to deploy operating systems and applications to new machines. UNDI to NDIS2, and UNDI to packet wrappers are available from Intel, 3Com and Symantec – effectively removing reliance on a diverse set of MSClient network drivers. Also laptops and indeed many desktops are no longer equipped with a floppy drive as standard.

    Using PXELinux allows both Linux and MS-DOS to be bootstrapped but there is no user authentication. Typically this must be built into the disk images via a network logon. RIS requires authentication immediately the client contacts the server so curious users are unable to cause damage.

    Installation
    These notes are from memory and take a certain knowledge of RIS for granted.

    Install RIS using the Windows Components section of Add/Remove Programs.

    You need to install it on a partition other than the system partition.

    You also need to be running in a user context that has permission to write to the server’s machine account object in Active Directory.

    Run through the wizard and point it at a Windows 2000 i386 folder to create a first installation.

    Once the wizard has finished, set your DHCP server to direct PXE requests to the RIS server if you don’t use Windows 2000 DHCP in your enterprise. The clients need to be told to get the file ‘OSChooser/i386/startrom.com’. By sniffing network traffic we were able to notice that the ntldr file (the second file the client requests) needs to be manually copied to the root of the REMINST share. This is presumably not an issue if you use Windows 2000 DHCP server.

    You will need to authorize your RIS server in Active Directory if you are using Windows 2000 DHCP (see MS documentation).

    Edit your default domain policy Group Policy Object and navigate to User Configuration -> Windows Settings -> Remote Installation Services. In here you need to enable the Tools menu. I disabled all the other options because I want to use unattended installations of Windows 2000 and XP rather than classic RIS ones.

    Customization
    Now install either 3Com’s RIS Menu Editor (ftp://ftp.3com.com/pub/lanworks/) or emBoot’s version which is basically the same but possibly more mature (http://www.emboot.com/RISME.htm).

    With this you can add entries to the Tools menu on the RIS server (which will be the root menu if the others are disabled) and associate them with a floppy image. I suggest you have such an image ready, even if you intend to boot Linux so that you can familiarize yourself with the layout of the template .SIF files and so on.

    It seems that even if you follow the file layout and add new options manually the RIS server will be unaware of them unless you use the RIS Menu Editor Tool. Since I was unable to snapshot any registry changes during the addition of a new option, I’m assuming that they are stored in Active Directory.

    You will notice that RISME bootstraps the floppy images using its own 3K bootloader called toolx.ldr. This only seems to boot MS-DOS, but we can substitute toolx.ldr for pxelinux.0 in our .SIF template. There is one pitfall however – if you subsequently edit that option in RISME you’ll see a cross icon next to it. If you browse it and then exit, pxelinux.0 will be overwritten with the 3K loader, which can get pretty confusing.

    The RISME program is very useful for editing DOS floppy images and, like PXELinux, it features the ability to keep the PXE/UNDI stacks in memory so you can use the universal network drivers. For simplicity I have avoided using PXELinux to display menu choices, instead calling several different instances of it from the RIS menu for each Linux image I use.

    The text that the RIS client displays is all customizable and the MS document explains this in detail.

    Security
    To secure your RIS server I recommend removing all except read permissions from the System account throughout the REMINST share’s file permissions (forcing child objects to inherit). This is because the tftpd service runs as the System account. It does not work if you run it as another account. If you remove write access in this way you won’t be able to use the ‘resume’ feature, but at least people won’t be able upload files to your server.

    Where the RIS method really pays off is that you can control which menu items users are able to see simply by adjusting the file permissions on the relevant .SIF file in Setup\English\Tools\emBoot\i386\templates.

    Conclusion
    Using RIS seems to cover most aspects that I was looking for an enterprise-wide solution. The only gripe so far is that during the domain logon the keyboard is set to US and there doesn’t seem to be a way of changing this. As a result, users with certain symbols in their passwords may well encounter difficulties.”

    I certainly can’t offer this up as my own work (so it’s not covered by the creative commons license I use) but I’m hoping the original author won’t mind me republishing it here.

  • mike foster
    Sunday 28 March 2010 - 11:54 | Permalink


    hi im having difficulty installing a basic xp image from RIS, which i initially ran from the xp cd on the RIS server.

    everytime i boot the pxeclient, the separatr DC server with DHCP does allocate an IP address and I can select F12, but when Im prompted to logon it just says: Logon error.

    DNS is working correctly – showing both DC and RIS Server
    Logon as batch is done etc
    Delegate control is done – to join domain
    the remote tab on RIS has appeared and by default is set to respond auto to clients
    Ive set logon administrator details on the DC\dhcp Server
    only one issue of Event id 1030!!
    pxeclient 060 – has been added in dhcp
    3 WEEKS STILL STUCK!!
    STILL SAME ISSUE – LOGON ERROR

    Can anyone assist?

  • Pingback: Memtest86 hálózati bootolása RIS vagy WDS használatával | Sanyika blog

  • Leave a Reply

    %d bloggers like this: