Main menu

SmartFeed by FeedBurner Subscribe to the site feed.


If you find the information here useful, then please consider a small donation, or linking to this site.

Recent Contributions

Calendar

December 2005
M T W T F S S
« Nov   Jan »
 1234
567891011
12131415161718
19202122232425
262728293031  

Archive

Using RIS to PXE boot non-Windows images

I’ve written a few posts previously for this blog about Microsoft Remote Installation Services (RIS), but today I needed to do something I knew was possible in theory but had never done before - using RIS to serve a boot image of something that’s not an unattended Windows setup.

Although slightly complicated by the need to use Active Directory for security, RIS is, at its most basic, a PXE server, capable of serving boot images via TFTP to suitable client PCs (before an operating system is loaded). In theory, any bootable floppy can be converted into a RIS boot image file but Microsoft doesn’t provide the tools - for that you will need the 3Com RIS Menu Editor (RISME). The original version of this is a free download from 3Com - later versions (e.g. emBoot RIS Menu Editor 2.0) are available for a small price (with a free trial period) but I found the 3Com version to be perfectly adequate (although it only runs locally on a Windows 2000 RIS server, whereas v2.0 of the emBoot product allows remote creation and editing of RIS menus and boot images, and supports Windows Server 2003).

After running RISME to capture an image from boot media, an additional folder structure will have been created on the RIS server, either in \\servername\RemInst\Setup\English\Images\3com\i386\ or in \\servername\RemInst\Setup\English\Tools\3com\i386\, depending on whether or not the image was created via the Automatic Setup or the Maintenance and Troubleshooting tabs.

Along with the image (.IMG) file (which can be edited directly using a utility such as WinImage), is an appropriate boot loader (.LDR) file and a RIS setup information (.SIF) file containing something similar to the following text:

[OSChooser]
Description = "description
Help = “helptext
LaunchFile = “Setup\English\Images\3Com\i386\tool1.ldr”
Version = “1.00″
ImageType=Flat

RIS should automatically pick up the new .SIF file and offer it as a menu choice in the OS Choices menu although it may be necessary to edit the User Configuration | Remote Installation Services | Choice Options within the Default Domain Policy group policy object in Active Directory to allow access to some of the RIS menus (e.g. Maintenance and Troubleshooting).

I now plan to use this method to deploy Ghost images (via an MS-DOS boot disk, captured as an image) and a PXE boot to a RIS server but for more information (including links to enable PXE booting of Linux), check out Google’s cached version of an article on how to use RIS to bootstrap other operating systems (unfortunately the original is no longer available online).

Posted: 23:10 on Thursday 1 December 2005 under Windows Server 2003, Windows 2000, OS deployment, Useful software.
Comments: 5
RSS RSS (for comments on this post only)Share This

Comments

1

Comment from Rob D.
Time: Tuesday 13 December 2005, 21:18

Thanks for the RIS tip. I was playing around with this, as I run the Ghost Solution Suite 1.0 on Windows 2003 Server with SP1…which is not supported by Symantec. Ghost Console won’t run correctly. So I’m thinking I’ll trash the console and setup RIS to image PCs. Right now I use WinPE, with an auto-ghost disk, but the session has to be setup with a certain number of clients each time. I like the idea of using RIS to enable any-time imaging.

2

Comment from Anonymous
Time: Thursday 25 May 2006, 8:39

This is the exact information i was looking for, thank you very much :)

3

Pingback from Mark’s (we)Blog » Using RIS as a TFTP server
Time: Sunday 3 December 2006, 22:54

[…] I found that this can be used to serve files to any TFTP client (I’ve written before about using RIS to PXE boot non-Windows images and this was a effectively a variation on the same […]

4

Comment from xAyiDe
Time: Thursday 17 July 2008, 14:49

Anyone saved the refered page on google cache? It seems to be gone now and I would be very happy to receive some sort of pdf or saved html copy of it.

5

Comment from Mark Wilson
Time: Friday 18 July 2008, 8:41

As it happens, I did save a copy. I didn’t publish it here originally because I’m not sure of the copyright status of this, but it’s useful information and it’s been missing for a couple of years now.

Microsoft Windows 2000 Remote Installation Services

How to use RIS to bootstrap other operating systems using PXELinux
Read Microsoft’s official RIS documentation here:
http://www.microsoft.com/windows2000/techinfo/administration/management/remosadmin.asp

Read about PXELinux here:
http://syslinux.zytor.com/pxe.php

Why use RIS?
In an enterprise environment there is a clear need for PXE booting as a convenient method to access backup and diagnostic tools, and to deploy operating systems and applications to new machines. UNDI to NDIS2, and UNDI to packet wrappers are available from Intel, 3Com and Symantec - effectively removing reliance on a diverse set of MSClient network drivers. Also laptops and indeed many desktops are no longer equipped with a floppy drive as standard.

Using PXELinux allows both Linux and MS-DOS to be bootstrapped but there is no user authentication. Typically this must be built into the disk images via a network logon. RIS requires authentication immediately the client contacts the server so curious users are unable to cause damage.

Installation
These notes are from memory and take a certain knowledge of RIS for granted.

Install RIS using the Windows Components section of Add/Remove Programs.

You need to install it on a partition other than the system partition.

You also need to be running in a user context that has permission to write to the server’s machine account object in Active Directory.

Run through the wizard and point it at a Windows 2000 i386 folder to create a first installation.

Once the wizard has finished, set your DHCP server to direct PXE requests to the RIS server if you don’t use Windows 2000 DHCP in your enterprise. The clients need to be told to get the file ‘OSChooser/i386/startrom.com’. By sniffing network traffic we were able to notice that the ntldr file (the second file the client requests) needs to be manually copied to the root of the REMINST share. This is presumably not an issue if you use Windows 2000 DHCP server.

You will need to authorize your RIS server in Active Directory if you are using Windows 2000 DHCP (see MS documentation).

Edit your default domain policy Group Policy Object and navigate to User Configuration -> Windows Settings -> Remote Installation Services. In here you need to enable the Tools menu. I disabled all the other options because I want to use unattended installations of Windows 2000 and XP rather than classic RIS ones.

Customization
Now install either 3Com’s RIS Menu Editor (ftp://ftp.3com.com/pub/lanworks/) or emBoot’s version which is basically the same but possibly more mature (http://www.emboot.com/RISME.htm).

With this you can add entries to the Tools menu on the RIS server (which will be the root menu if the others are disabled) and associate them with a floppy image. I suggest you have such an image ready, even if you intend to boot Linux so that you can familiarize yourself with the layout of the template .SIF files and so on.

It seems that even if you follow the file layout and add new options manually the RIS server will be unaware of them unless you use the RIS Menu Editor Tool. Since I was unable to snapshot any registry changes during the addition of a new option, I’m assuming that they are stored in Active Directory.

You will notice that RISME bootstraps the floppy images using its own 3K bootloader called toolx.ldr. This only seems to boot MS-DOS, but we can substitute toolx.ldr for pxelinux.0 in our .SIF template. There is one pitfall however – if you subsequently edit that option in RISME you’ll see a cross icon next to it. If you browse it and then exit, pxelinux.0 will be overwritten with the 3K loader, which can get pretty confusing.

The RISME program is very useful for editing DOS floppy images and, like PXELinux, it features the ability to keep the PXE/UNDI stacks in memory so you can use the universal network drivers. For simplicity I have avoided using PXELinux to display menu choices, instead calling several different instances of it from the RIS menu for each Linux image I use.

The text that the RIS client displays is all customizable and the MS document explains this in detail.

Security
To secure your RIS server I recommend removing all except read permissions from the System account throughout the REMINST share’s file permissions (forcing child objects to inherit). This is because the tftpd service runs as the System account. It does not work if you run it as another account. If you remove write access in this way you won’t be able to use the ‘resume’ feature, but at least people won’t be able upload files to your server.

Where the RIS method really pays off is that you can control which menu items users are able to see simply by adjusting the file permissions on the relevant .SIF file in Setup\English\Tools\emBoot\i386\templates.

Conclusion
Using RIS seems to cover most aspects that I was looking for an enterprise-wide solution. The only gripe so far is that during the domain logon the keyboard is set to US and there doesn’t seem to be a way of changing this. As a result, users with certain symbols in their passwords may well encounter difficulties.”

I certainly can’t offer this up as my own work (so it’s not covered by the creative commons license I use) but I’m hoping the original author won’t mind me republishing it here.

Write a comment

Please note the rules for comments and the privacy policy and data protection notice. I'm sorry but, because not everyone sticks to the rules, I've had to implement some spam prevention measures - if you're experiencing difficulties leaving a comment, please let me know.





The following XHTML tags may be used: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>