Remote OS Installation

In Windows 2000, Remote OS Installation is part of change and configuration management. Remote
OS Installation simplifies the task of installing the Windows 2000 Professional operating system on
PXE-based remote boot–enabled client computers throughout the organization. It allows computers
to connect to a networked server during initial start-up, and then it allows the server to perform a
local installation of Windows 2000 Professional.
Remote Installation Services (RIS) is the technology that is used during initial start-up before the
resident operating system loads. RIS supports clients without an initial operating system or failed
computers that need to have the operating system restored. RIS allows computer hardware
connected through a LAN to find a networked RIS server and request installation of a new copy of
Windows 2000 Professional appropriately configured for the user and computer. Remote OS
Installation cannot be used to upgrade an existing operating system.
Remote OS Installation uses these key technologies to install Windows 2000 Professional on a
computer:

• Active Directory

• Group Policy

• Dynamic Host Configuration Protocol (DHCP)

• Domain Name System (DNS)

• PXE-based remote boot technology

• Remote Installation Services

Using RIS servers to deploy and upgrade operating systems throughout a company reduces the
costs incurred by either preinstalling the client computer or physically visiting each client to install
the operating system. Automatically installing the operating system by using Remote OS Installation
and Group Policy can reduce the IT staff support overhead in adding new computers to a network
and reinstalling operating systems.
You use a RIS server as a remote source, to install the network equivalent of a CD-based installation
of either Windows 2000 Professional or a preconfigured Windows 2000 Professional desktop image.
The following are descriptions of these two methods.
CD-Equivalent Installation This is similar to setting up a client computer that directly uses the
unattended installation options available on the Windows 2000 Professional operating system CD.
The source files, however, reside across the network on available Windows 2000–based servers
rather than on a local CD.
Preconfigured Desktop Image Installation This allows you to reproduce a working copy of a
corporate desktop configuration, including operating system configurations, desktop customizations,
and locally installed software. After the reproduced image is configured, it is stored on
Windows 2000 RIS servers. On request, the server downloads these images to new computers. The
new computer does not need to have identical hardware to the computer on which the image was
created. Windows 2000 Professional support for Plug and Play can adjust for hardware differences.
It is important that your DHCP, DNS, and Active Directory servers are configured appropriately to
work with Remote OS Installation. These services can be installed either on individual servers or the
same server, and these services must be active and available in order to use RIS. RIS uses these
components in several ways to detect client computer requests for service.
For more information about DHCP technology and its use, see "Determining Network Connectivity
Strategies" in the Deployment Planning Guide and "Dynamic Host Configuration Protocol" in the
Microsoft ® Windows ® 2000 Server Resource Kit TCP/IP Core Networking Guide . For more
information about DNS technology, see "Introduction to DNS" in the TCP/IP Core Networking Guide .
For more information about Remote OS Installation, see "Remote OS Installation" in this book.

Remote OS Installation Overview

Remote OS Installation and the IntelliMirrorSUP>™technologies are combined to form the change
and configuration management features included in Microsoft® Windows® 2000 Server. Using
Remote OS Installation you can customize and enable automated installation of Microsoft®
Windows® 2000 Professional on new or replacement computers. You can experience better disaster
recovery with easier operating system and application management by combining Remote OS
Installation with the user data management, software installation and maintenance, and user
settings management features that make up IntelliMirror. For more information about IntelliMirror,
see "Introduction to Desktop Management" in this book.
This chapter focuses on implementation of Remote OS Installation by using Remote Installation
Services (RIS) technology for the installation of Windows 2000 Professional on remote boot–enabled
clients. RIS supports clients without an operating system or failed computers that need to have the
operating system restored. When using Remote OS Installation with the default settings, everything
is deleted from the hard disk and a new operating system is installed. Previous user profile and
configuration settings are also removed when installing the operating system.
Note
Remote OS Installation cannot be used to upgrade an existing operating system on computers
currently running Microsoft® Windows® 95, Microsoft® Windows® 98, Microsoft® Windows NT®
Workstation version 3.51, or Microsoft® Windows NT® Workstation version 4.0.
If you want to maintain your existing user profiles, there are a few additional methods that
Windows 2000 supports for installing and upgrading an operating system on clients. These include
the following:

• Performing disk duplication with the System Preparation (SysPrep.exe) tool

• Using Microsoft® Systems Management Server

• Using a bootable CD
These methods are not discussed in detail in this chapter. For more information about installing and
upgrading an operating system by using these methods, see "Automating Server Installation and
Upgrade," "Automating Client Installation and Upgrade," and "Using Systems Management Server to
Deploy Windows 2000" in the Microsoft ® Windows ® 2000 Server Resource Kit Deployment
Planning Guide . For more information about upgrading Windows 2000 on an existing Windows 2000
Professional client, see "Software Installation and Maintenance" in this book.

Remote OS Installation Requirements

Remote OS Installation requires other services and capabilities on both the server and client to run.
Figure 24.1 shows the Remote OS Installation requirements.

Figure 24.1 Remote OS Installation Server and Client Requirements

Server Software Requirements

Remote OS Installation requires you to install these server technologies included with
Windows 2000 Server. You can install these services on individual servers or all on one server:
Remote Installation Services (RIS) RIS is an optional component of Windows 2000 Server
that provides the services that allow you to install Windows 2000 Professional from a RIS server.
Domain Name System (DNS) RIS servers rely on DNS for locating Active Directory directory
services and for completing domain operations. You can use Windows 2000 DNS and receive the
benefit of dynamic updates for your DNS server. However, using the Windows 2000 version of DNS
is not required for RIS to function. The DNS server you use must support the SRV RR (RFC 2052)
and needs to support the dynamic update protocol (RFC 2136). For more information about DNS,
see "Introduction to DNS" and "Windows 2000 DNS" in the Microsoft ® Windows ® 2000 Server
Resource Kit TCP/IP Core Networking Guide .
Dynamic Host Configuration Protocol (DHCP) Server RIS servers require a DHCP server to
be present and active on the network. Remote boot-enabled clients receive an IP address from the
DHCP server prior to contacting a RIS server. You can install the version of DHCP that is included
with Windows 2000 Server, or you can use an existing version of DHCP running on Microsoft®
Windows NT® Server version 4.0. You can also use a third-party DHCP. For more information about
DHCP, see "DHCP Options" and "DHCP Message Formats" in the TCP/IP Core Networking Guide .
Active Directory RIS servers must be installed on a Windows 2000 Server that has access to
Active Directory. This can be a domain controller or a server that is a member of a domain with
access to Active Directory. RIS uses Active Directory to locate existing clients and other RIS servers.
You can administer RIS by using extension property pages that reside on specific computer objects
within Active Directory. For more information about Active Directory, see "Active Directory Logical
Structure" in this book.
For more information about installing and configuring a RIS server, installing and configuring the
DNS service, and installing the DHCP service, see Windows 2000 Server Help.

Hardware Requirements
Ensure that both your server and client hardware meet the minimum installation hardware
requirements for Windows 2000. For more information about Remote OS Installation hardware
requirements and compatible computers or network adapters, see the Hardware Compatibility List
link on the Web Resources page at
http://windows.microsoft.com/windows2000/reskit/webresources .
In addition, be sure that your server and client hardware meet the requirements in the following
sections.

Server Hardware Requirements

Windows 2000 Remote OS Installation requires the following server hardware:

• Pentium or Pentium II 200 megahertz (MHz) or faster processor (Pentium 166 MHz minimum).
96 to 128 megabytes (MB) of random access memory (RAM) needed to run when services such
•
as Active Directory, DHCP, and DNS are installed.
• 2-gigabyte (GB) disk drive for the Remote Installation Services servers folder tree.

• 10 megabits per second (Mbps) network adapter (100 Mbps recommended).

• CD-ROM drive or access to a network share containing Windows 2000 Professional.

RIS requires a significant amount of disk space to store operating system images. Dedicate an
entire hard disk drive partition specifically to the directory tree of the RIS server. Small computer
system interface (SCSI)–based disk controllers or disks are preferred. Format the drive where you
want to install RIS with NTFS. You cannot install RIS on the same drive as the system volume. RIS
does not support the installation of images on to Encrypting File System (EFS) or the Distributed file
system (Dfs) volumes.

Remote Installation Services

RIS provides software services that allow an administrator to set up new clients remotely, without
having to visit each client.
There are several administrative options that you can control to configure how the RIS server
services clients. You can accept the default configuration settings and begin offering users operating
system installation images. You can also customize the settings to define your automatic computer
naming policy, to define the Active Directory container in which computer accounts are created, and
to define the operating system images to which users have access.
RIS servers can be set to respond only to service requests from clients that have already had their
computer account objects created in Active Directory for a forest, or have been prestaged in Active
Directory. RIS technology allows the coexistence of RIS servers from multiple vendors on the same
physical network. When set to ignore boot requests from unknown clients, RIS servers can be
introduced into a network without interfering with pre-existing RIS servers that use the same
remote boot protocols.
Important
The entire ROM sequence is not secure with packet type encryption, client, or server spoofing, or
wire sniffer–based mechanisms. Use caution when using RIS on your corporate network. Ensure
that you only allow authorized RIS servers on your network and that the number of administrators
allowed to install or configure RIS servers is controlled.

RIS Components
The following are the various components that you use to install, configure, and implement RIS
within your organization:
Remote Installation Services Setup (RISetup.exe) You can install RIS at the same time or
after you install Windows 2000 Server by using Add/Remove Programs in Control Panel .
Remote Installation Preparation Wizard (RIPrep.exe) RIPrep allows you to create a
customized image of a Windows 2000 Professional computer. Imaging Windows 2000 Professional
means creating a replica of a hard disk that you can then install on other computers in your
organization. You can use this wizard to prepare an existing Windows 2000 Professional installation
image and to replicate that image to an available RIS server on the network. The image can include
the operating system alone or it can be a preconfigured desktop image, including the operating
system and standard locally-installed desktop applications.
Client Installation Wizard (OSChooser) OSChooser is the client-side (the part that is
downloaded to the client) text-based program that communicates with the RIS server. The Client
Installation Wizard is a default set of screens that the Boot Information Negotiation Layer (BINL),
the server-side service, sends to the client to guide the user through the remote installation
process. Users of remote boot–enabled clients use the Client Installation Wizard to log on and select
from operating system installation options. You can customize the setup screens to meet the needs
of your organization.

RIS Services
RIS comprises individual services that have been combined to enable the remote installation of
Windows 2000 Professional. The Remote Installation Setup Wizard (RISetup) configures and starts
the following services:
Boot Information Negotiation Layer (BINL) This service listens for and answers DHCP (PXE)
requests. It also services Client Installation Wizard requests. BINL directs the client to the files
needed to start the installation process. This service also checks Active Directory to verify
credentials, determine whether a client needs service, and whether to create a new or to reset an
existing computer account object on behalf of the client.
Trivial File Transfer Protocol Daemon (TFTPD) A RIS server uses TFTP to download the initial
files needed to begin the remote installation process to the client. This includes the Client
Installation Wizard and all files needed to start Windows 2000 Setup. The first file downloaded to
the client using TFTP is Startrom.com. Startrom is a small bootstrap program that displays the
Press F12 for Network Service Boot prompt. If F12 is pressed within three seconds, the Client
Installation Wizard (OSChooser) is downloaded to begin the remote installation process. When it
resides on the server side, it is called the Trivial File Transfer Protocol Daemon (TFTPD), and when it
resides on the client, it is called Trivial File Transfer Protocol (TFTP).
Single Instance Store (SIS) SIS services consist of an NTFS file system filter and a service that
acts on the volume on which the RIS images are kept. SIS services reduce the storage requirements
needed to store these images by combining duplicate files.

Installing RIS
You can install Remote Installation Services either on a Windows 2000 server that is already on a
network or on a stand-alone server that you want to add to the network.
To install the RIS component
1. From the Start menu, point to Settings , and then point to Control Panel .
2. Double-click Add/Remove Programs, and then click Add/Remove Components.
3. Check the box for Remote Installation Services .
4. Click Next .
5. Click Finish , and then Restart your server. After the server has restarted, complete the
Configure Remote Installation Services wizard.
RISetup locates the first NTFS volume that does not contain the system volume (boot.ini file) or the
boot volume (%windir%). You then define image properties such as directory name, friendly
description, and Help text for the end user. None of these properties can contain any non-ASCII
characters. For more information about the Client Installation Wizard variables, see "OSCML and
Client Installation Wizard Variables" in this book. This process also creates the RIS directory
structure and copies the files required for a CD-based "flat" installation image of Windows 2000
Professional. This process also copies the default Client Installation Wizard screens and configures
and starts all of the services required for RIS (BINL, SIS filter, SIS Groveler, and TFTP).
For more information about installing and configuring RIS servers and DNS, see Windows 2000
Server Help. Windows 2000 Server Help also provides instructions for promoting a stand-alone
server to a domain controller and installing and configuring the DHCP service.
For more information about the Client Installation Wizard, see "Client Installation Wizard" later in
this chapter.

Deploying RIS Servers

RIS servers are dependent on your network configuration. The way you deploy and manage your
RIS servers on the corporate network determines how your RIS servers perform. By using RIS
servers, you can have one operating system image that supports multiple sites, domains, and
organizational units, or you can customize each image to meet the needs of the users and
computers being served.
You might need multiple RIS servers to support your corporation, or only one RIS server if you are
deploying Windows 2000 on a small localized network or network segment. As a general guideline,
place a RIS server near the client computers that it services.
The amount of traffic the RIS server produces is similar to that of other servers performing as
software distribution points on your network. Generally, the traffic for RIS servers is predictable.
RIS-generated traffic is higher when many users are installing their initial operating system image,
for example, during a deployment of new operating system images or when a group of new
computers is being added to the network. After the operating systems are installed, the daily RIS
server traffic will be lower.
Depending on the size of your network, you might need to adjust the distribution and management
of client access to RIS servers to streamline access or support multiple operating system
requirements. Determine your corporate needs before deploying automated customized versions of
Windows 2000 and prior to imaging a standard desktop–configured computer. The number of RIS
servers that you need to deploy is determined by the demand for new, upgraded, and customized
operating system installations; the speed of your network; and the hardware you use to support
your RIS images. Figure 24.2 shows one way to place your RIS servers and optional referral servers
in relation to clients for a large organization deployment strategy.

Figure 24.2 Sample RIS Server Layout Within a Large Organization

As illustrated in Figure 24.2, a new remote boot–enabled client requests a remote operating system
installation. This request is passed to the RIS referral server, which has the Do not respond to
unknown client computers option enabled. Clients that have been prestaged in Active Directory
ahead of client servicing can access this RIS server. A prestaged client is a client that already has its
computer account object created in Active Directory within a forest. The referral RIS server checks
Active Directory to verify whether a computer account object exists for this client. In this example,
the client was prestaged by the administrator, therefore it has a corresponding computer account
object in Active Directory, and it is assigned to be serviced by RIS Server 3. The RIS referral server
passes the request on to RIS server 3, from where the client then begins installing the operating
system.
Figure 24.2 shows how one RIS server layout works in a large corporate setting. For this scenario
there is close control on which clients can access which RIS servers. When the computer account
object is created, the computer account object is assigned to a specific RIS server. Depending on
your corporate environment, you can configure your RIS servers so that all RIS servers can respond
to all clients. In the network design in Figure 24.2, the only purpose of RIS servers 1, 2, and 3 is to
provide images of the operating system. These servers do not respond to initial client service
requests. The referral RIS server does not provide image support, however, it does answer client
service requests, checks Active Directory for the existence of a prestaged computer account object,
and then refers the client to the specified RIS server.
By pre-staging clients to Active Directory and distributing various image files over different
distribution points, you can control network traffic and speed up the installation process. Slow
connections to your RIS servers can slow down the entire network if they are not designed and
distributed appropriately or if the hardware utilized by the RIS server cannot support network
demands. If your organization has branch offices, it is best to place a RIS server in each branch
location and not attempt to install software over a slow network connection.
Note
RIS does not detect slow links. RIS times out only if it does not receive a DHCP packet from the
server.
For more information about optimizing performance of RIS servers, see "Automating Client
Installation and Upgrade" in the Deployment Planning Guide.

Authorizing RIS Servers in Active Directory

To manage and control the way a RIS server interacts with existing and potential clients, you can
configure the server properties, which allow you to determine how this RIS server responds to
clients requesting service. You can administer the majority of the RIS configuration settings from a
Windows 2000 Professional client by installing the Administrative Tools (Adminpak.msi) package
that is included with Windows 2000 Server.
Note
The Administrative Tools package (adminpak.msi), can be installed from the directory % Windir
%\System32 where % Windir % is equal to the WINNT directory created during Windows 2000
Server installation. To install the Administrative Tools package on a workstation, run the file
adminpak.msi that is located on the Windows 2000 Server operating system CD.
By using RIS you can designate which RIS servers can accept and process requests and designate
which RIS servers can only service clients on the network. Before a RIS server can accept requests,
it must be authorized to run in Active Directory.
Before a RIS server can accept requests, it must be authorized to run. To authorize a RIS server in
Active Directory, you must log on with an account that is a member of the Enterprise Admins
group in the forest where you want the RIS server to be authorized. By default, members of the
Enterprise Admins group are the only users who can authorize DHCP/RIS servers. You can
perform the procedure in this section on a domain controller, member server of the domain, or a
Windows 2000 Professional–based computer that has the Administrative Tools package installed.
If the RIS server is not authorized in Active Directory, the RIS server cannot respond to clients
requesting service. If you install RIS on a server that is not an authorized DHCP server, or if you add
it to a DHCP server that is not authorized in Active Directory, perform the following procedure.
Note
If RIS is installed on a DHCP server that is already authorized in Active Directory, you do not need
to perform the following procedure.
To authorize a RIS server in Active Directory
1. Log on to the domain where the RIS server resides. (The account used must be a member of
the Enterprise Admins group.)
2. From the Start menu, point to Programs and Administrative Tools , click DHCP from the
list. This starts the DHCP Management snap-in.
3. Right-click the DHCP root node in the scope pane, and then click Manage Authorized Servers
.
4. Click Authorize , enter the IP address or name of the RIS server, and then click OK . When
prompted, to ensure that this is the correct RIS server to authorize, click Yes .
Now your RIS server is authorized in Active Directory and can respond to clients requesting service.
If your server is not responding to requests, the changes to Active Directory might not have taken
effect. For these rights to apply immediately, on the domain controller on which you set the user
rights, from the Start menu, click Run , type CMD, and at the command prompt, type:
secedit /refreshpolicy /MACHINE_POLICY
Or, if applicable in your network environment, you can restart the server so that Active Directory
and Group Policy settings take effect.

Configuring RIS Servers

With RIS, you can designate which RIS servers can accept and process requests and also designate
which RIS servers will only service clients on the network
After you have successfully installed RIS and authorized it in Active Directory, configure your RIS
settings. These settings are required to service clients on your network. From within the Active
Directory Users and Computers snap-in, use the RIS Administrative Tools to do the following:

• Reset and create computer account objects.

• Browse Active Directory.

Search for computer accounts by name, globally unique identifiers (GUIDs), and dedicated
•
servers.
• Configure the server.
These settings allow clients to locally install Windows 2000 Professional from RIS servers. RIS does
not provide a mechanism for replicating operating system images from one RIS server to another,
such as from RIS server 2 to RIS server 3 in Figure 24.2. However, you can use third-party
replication tools for operating system image replication. Make sure that the replication mechanism
supports the file maintenance attributes, extended attributes, and security settings of the source
images.

Restricting Client Installation Options by Using Group Policy

Group Policy applies to sites, domains, and organizational units. It is important that you understand
the effects of Group Policy in your organization before setting specific policies for your users or
computers. You can determine which choices the Client Installation Wizard displays to a particular
user or user group by using the Group Policy snap-in. For more information about Group Policy, see
"Group Policy" in this book.
To restrict the Client Installation Wizard options for users of RIS in your organization, set the
desired Group Policy settings for the RIS servers on your network by using the following procedure.
To set RIS policy to restrict the installation options for a particular user or security group
1. Locate the Active Directory container where you want to set the RIS policy settings. By default,
the RIS policy settings are applied in the Default Domain Policy Object , which is located at
the root of your domain.
2. Right-click your domain root name, click Properties , and then click the Group Policy tab.
3. In the Group Policy Object Links window, select your Default Domain Policy object, and then
click Edit .
4. Click User Configuration , double-click Windows Settings , and then click Remote
Installation Services .
5. Double-click Choice Options in the right pane.
6. On the Policy tab, set the Automatic Setup , Custom Setup , Restart Setup , and Tools
settings. Set the policy for the options available to users in the Client Installation Wizard from
the following choices:
Allow Users who are affected by this policy are allowed to access that installation option in
•
the Client Installation Wizard.
Don ' t Care Users receive the policy settings of the parent container. For example, if the
•
administrator for the entire domain sets a RIS-specific policy, and the administrator of this
container chooses the Don't Care option, the policy that is set on the domain is applied to all
users who are affected by that policy.
Deny Users who are affected by this policy are not allowed to access that installation option
•
in the Client Installation Wizard.
For more information about the Client Installation Wizard, see "Using Client Installation Wizard to
Install Clients" later in this chapter.
Top of page

Defining a Computer Naming Policy

The computer naming policy that is used during operating system installation provides the computer
with a unique name. The computer name identifies the client on the network, similar to the NetBIOS
name used in Microsoft® Windows NT® version 4.0. If you have an existing computer naming
policy, you can set this format prior to users turning on their computer and requesting an operating
system installation.
You can determine the computer naming format and the Active Directory container in which client
accounts are created. In a large organization where multiple RIS servers are available, it is
beneficial to define a computer naming policy to use to prestage clients and define which RIS
servers that a client can access.
To define computer naming policy
1. Start the Active Directory Users and Computers snap-in.
2. Right-click the RIS server.
3. Click Properties , and then click the Remote Install tab.
4. Click Advanced Settings .
5. Click New Clients .
6. Define computer naming and where the computer account object is created for new clients.
The New Clients page of the Advanced Settings property sheet allows you to control the name that
the client is assigned when a user selects the Automatic Setup option within the Client Installation
Wizard and where the computer account object is created in Active Directory. The naming format
defaults to the user name of the account entered in the Client Installation Wizard with an
incremental number (#) appended. You can customize this format. Table 24.1 lists the RIS
computer naming options.
Table 24.1 RIS Computer Naming Options

Naming Options Property

%first User's first name

%last User's last name

%Username (Default) User's logon name

%MAC Media access control (MAC) address of the network adapter

%# Incremental number

%nField Number of characters to be used in indicated field

Note
You cannot use all Active Directory object attributes to create a naming format for use with the RIS
automatic computer naming feature.
For example, if you create a name with the following format:
%5Username%3#
Where Username = JoeUser, %nField = %5, and %# = %3.
This yields the name: JoeUs123
For %5, it uses the first five characters of "JoeUser", which results in the "JoeUs" characters in the
account. The "123" is determined by scanning Active Directory for existing computer account
objects. The %3# specifies to use a three-digit number for the number. In this case, it had to go up
to 123 to find a number opening, hence "JoeUs123". By changing the number in "#3", you can
restrict or broaden the search from 0-9 to 0-999999999. It is best to keep your incremental number
to as few digits as possible. The default is 2 if no specification is given.
Using the New Client page, you can also control the organizational unit in which the computer
account objects are created. The default is the default account creation location as set in Active
Directory. The following are your options:
Default directory service location This creates the computer account object for the client in an
Active Directory location where all computer accounts are created by default during the domain join
operation. The default Active Directory location is set to the Computers container in Active
Directory. The client becomes a member of the same domain as the RIS server installing the client.
Same location as the user setting up the computer This creates the computer account object
in the same Active Directory container as the user who is setting up the computer. For example, if
you log on in the Client Installation Wizard and your user account currently resides in the Users
Active Directory container, the client computer account object is created in the Users container in
Active Directory.
A specific directory service location This creates the computer account object in a specific
Active Directory container that you predetermine. It is assumed that most administrators will select
this option to specify a container for all remote installation client computer account objects.
Top of page
Client Response Options
The RIS settings on the Properties page control how the RIS server responds to remote boot–
enabled clients requesting service. You can set the RIS server to Respond to client
computersrequesting service or only respond to known clients. When the RIS server is set to Do
not respond to unknown client computers , it only responds to clients with a prestaged
computer account object in Active Directory. This setting allows you to limit access to authorized
clients that are prestaged in Active Directory, thereby increasing the security on your network. The
Do not respond to unknown client computers setting also provides support for multiple third-
party remote boot or installation servers on one physical network. For example, if your company
already uses another vendor's remote boot or installation server, you cannot control which vendor's
server answers the client's request. By setting the Do not respond to unknown clientcomputers
option in conjunction with pre-staging clients, you make sure that only those prestaged clients are
serviced by authorized RIS servers.
Note
If a user sets up the client, the user needs to have the appropriate rights to create the computer
account in the domain or organizational unit chosen. For more information about granting computer
account creation permissions to users, see Windows 2000 Server Help.
Top of page

Pre-staging Clients in Active Directory Using GUID

You can also use the computer's GUID for pre-staging clients and making sure that each computer
is uniquely identified. This unique ID is stored with the computer account object that is created
when pre-staging the client. In most cases you can find the GUID for clients that are PC98 or Net
PC–compliant in the system BIOS of the computer or on the outside of the computer case.
Top of page

GUID Format
Valid characters for the client GUID are restricted to the hexadecimal characters 0-9 and A-F
(uppercase or lowercase). You can enter the GUID in either "pretty print" or "raw byte order"
format. However, combining the two formats causes RIS to not recognize the client.
Top of page

Pretty Print
Pretty print format is as follows:
{dddddddd-dddd-dddd-dddd-dddddddddddd}
where d is a hexadecimal character. For example, {921FB974-ED42-11BE-BACD-00AA0057B223}.
The dashes are optional and spaces are ignored.
Top of page

Raw Byte Order

You can also enter GUIDs in raw byte order, such as the byte order you get from a packet sniffer. In
this case, do not include the curly brace and enter only the hexadecimal characters. The following
GUIDs have exactly the same value:
Pretty print:
•
{12345678-1234-1234-1234-1234567890AB}
 Raw byte order:
•
78563412341234112341234567890AB
Notice the first three parts of the pretty print GUID are in a different order than the raw byte
format. This is how the computer stores the information internally and how it is sent on the
network.
If you are having trouble with a prestaged client not being answered by a RIS server, make sure the
GUID entered is either in pretty print format or raw byte order.
Top of page

Clients Installing Operating System Images

Clients can also be granted permission to create their own computer account (non-prestaged) and
install an image. This allows users to turn on their system, connect to the RIS sever, log on with
their domain account, and be able to install an operating system image without assistance. To do
this, the user needs the following permissions to the organizational unit that you have specified to
hold the newly-created computer account:

• Read permissions
Create computer
•
objects
Users can also install an operating system image on their prestaged client if they have been granted
the ability to read and write all properties on the specific computer object (not the container) that
was created when the client was prestaged. The user also requires the ability to reset and change
password rights on the computer object. (An administrator might need to reset the user account.)

Preboot Execution Environment

RIS uses the new Preboot Execution Environment (PXE) extensions to DHCP to initiate the
installation of an operating system from a remote source to a client's local hard disk.
The PXE environment is built on a foundation of Internet protocols and services that are widely used
in the computer industry. These include TCP/IP, DHCP, and TFTP. The PXE extensions to the DHCP
protocol allows for information to be sent to network-bootable systems and allow these systems to
find RIS servers.

RIS Server PXE Environment

RIS uses DHCP as part of what is defined in the PXE architecture to initiate the process of remotely
installing an operating system on a client. In other words, because PXE uses DHCP, so does RIS.
When a new DHCP PXE-based remote boot client is turned on for the first time, the client requests
an IP address and the IP address of an active RIS server through the DHCP protocol and the PXE
extensions to the DHCP protocol. As part of the initial request, as a DHCP option, the client sends
out its GUID, which is used to identify the client in Active Directory. The client receives an IP
address from the DHCP server and the IP address of the RIS server that services the client. In the
RIS server's response, the client is given the name of a boot image that it must request when
contacting the RIS server for initial service.
When the client makes its initial request for service, TFTP is used to download the boot image file to
the client. In the case of RIS, this file is Startrom.com. Startrom.com prompts user to press the F12
key. If the user presses the F12 key, Startrom.com uses TFTP to download OSChooser, and presents
the user with the Client Installation Wizard.
The process of initial communication between PXE clients and RIS servers can differ depending on
how RIS is deployed in relation to DHCP services.

DHCP and RIS on Separate Servers

If you have DHCP and RIS on separate servers, the initial interaction between PXE clients and
RIS/DHCP servers proceeds as follows:
1. DHCP discover from client (asking for IP address and PXE boot server).
2. DHCP offer from DHCP server (offers IP address and other network configuration settings).
3. DHCP offer from RIS server (offers PXE boot server).
4. DHCP request from client to DHCP server (requesting IP address).
5. DHCP acknowledge message from DHCP server (you can have this IP address).
6. DHCP request from client to RIS server (requesting the boot server).
7. DHCP acknowledge message from RIS server (this acknowledgment contains the address to the
RIS server and the first file that the client needs to send a TFTP request to start the boot
process).
Note
If you configure the RIS server to respond only to known clients — that is, clients prestaged in
Active Directory or previously installed computers — and the computer object is not located in
Active Directory, the RIS server fails to respond to the client's DHCP request. If the RIS server is not
on the same server as the DHCP server, and the server does not respond because the client is
unknown, then the DHCP offer from the RIS server (in step 3 in the previous process) is not sent
and therefore step 6 and step 7 do not occur.
Top of page

DHCP and RIS on the Same Server

If the RIS server and the DHCP server are on the same computer, the conversation is as follows:
1. DHCP discover from client (asking for IP address and PXE boot server).
2. DHCP offer from DHCP/RIS server (offers IP address and PXE boot server).
3. DHCP request from client to DHCP server (requesting IP address, network configuration
settings, and PXE boot server).
4. DHCP acknowledge from DHCP server (contains IP address and the RIS server IP and the first
file to download).
Note
If you configure the RIS server to respond only to known clients, and the computer object is not
located in Active Directory, the RIS server fails to respond to the client's DHCP request. If the RIS
server and DHCP server are on the same computer, the DHCP offer from the DHCP/RIS server (in
step 2 in the previous process) only contains IP information and no information about any available
servers to support the client's network boot process.

Verifying the Correct PXE ROM Version

When your Net PC or client containing a remote boot ROM starts, you see the PXE ROM message
appear on the screen. The version of the PXE ROM code is displayed during the boot sequence of
the client. RIS supports version .99c or later PXE ROMs. You might need to obtain a newer version
of the PXE-based ROM code from your original equipment manufacturer (OEM) in case you do not
succeed by using the existing ROM version.

Creating Operating System Images

Remote OS Installation allows the installation of operating system images on clients. You can create
two types of images using RIS:
CD-based images (using RISetup). CD-based images are similar to setting up a workstation
•
directly from the Windows 2000 Professional compact disc; however, the source files reside
across the network on available RIS servers.
Remote Installation Preparation Wizard (RIPrep) images using RIPrep. RIPrep images allow a
•
network administrator to clone a standard corporate desktop configuration, complete with
operating system configurations, desktop customizations, and locally installed applications.
These two types of images are suitable for use in different situations. The benefits and limitations,
as well as considerations and how to use RISetup and RIPrep are discussed in the following
sections.
Note
RIS only supports Windows 2000 Professional images, it does not support Windows 2000 Server or
previous operating systems, including Windows 95 and Windows 98. RIS also does not support
remote installation of the CD or RIPrep operating system images of Windows 2000 Server.

Using CD-based Images

A CD-based image is a copy of the contents of the Windows 2000 Professional operating system CD
on the RIS server. Creating CD-based images is similar to creating a distribution share on a server
that can be used to install the operating system over the network.
The benefits of using CD-based images are as follows:

• Easy to use.

• Enables standard, automated installation over a network.

• Can be customized by using answer files.

• Multiple answer files can be associated with a single CD-based image.

Can be used for installation of all Windows 2000–compatible systems, regardless of hardware
•
configurations.
The limitations of using RISetup are as follows:

• Images cannot contain preinstalled standard desktop applications.

• Takes longer to install on equivalent hardware than RIPrep images.

Creating New CD-Based Images

An initial CD-based image for Windows 2000 is created during the installation of RIS on a RIS
server.
To add a new CD-based image to a RIS server
1. You must be on the RIS server, where you want to add the CD-based image. In Active
Directory Users and Computers , locate your RIS server by selecting the appropriate
 container, like the Domain Controller container.
2. In the right pane, right-click your RIS server, click properties, and then click the Remote
Install tab.
3. Click the Advanced Settings button.
4. Click the Images tab, and then click Add .
5. Click Add new installation image . This option copies a Windows 2000 Professional CD-based
image. Click Next.
6. In the Remote Installation Services Setup Wizard , click Next , then enter the installation
source files location and proceed through the Wizard.
Or you can run the risetup -add command.
Figure 24.3 shows the directory structure where CD-based images are stored. You can define the
name of the root folder ( imagename ) where the CD-based images are stored.

Figure 24.3 CD-based Image Directory Structure

Note
CD-based images support additional directories. For example, you can add an \i386\$OEM$
directory so that you can locate additional device driver files if you add additional hardware to a RIS
client. For more information about creating an $OEM$ subfolder, see "Automating Client Installation
and Upgrade" in the Deployment Planning Guide.
For more information about creating a CD-based image, see Windows 2000 Server Help.
The Templates folder under each image contains the answer files for that image. By default, RIS
creates a standard unattended answer file called Ristndrd.sif for each CD-based image, but multiple
answer files can be associated with a single CD-based image. The default answer file can also be
customized. For more information about working with answer files for CD-based images, see
"Working with Answer Files" later in this chapter.
Note
The \i386\lang directory is not copied to the RIS server as part of a CD-based image. This directory
is needed by any client system that attempts to add the ability to read or write files in a language
that is different than the default language that is installed. To allow client systems to be able to
install language packs, copy \i386\lang and all subdirectories from the Windows 2000 Professional
operating system CD to \\ RISServername \Reminst\setup\ clientlanguage \images\ imagename \
i386 \ lang
Top of page

Modifying Properties of a CD-based Image

You can associate one or more answer files (.sif) to an existing CD-based image on the RIS server.
This allows you to offer a variety of unattended Windows 2000 installation types from the same
source image on the RIS server. You can also modify the settings within the answer file by using the
setupmgr.exe tool. For example, you can change regional settings, video resolution, and network
settings with answer files. For more information about modifying answer files, see "Working with
Answer Files" later in this chapter.
Important
If you purchased Windows 2000 from an authorized reseller, you must automate the process of
entering the CD key. See "Specifying a CD Key in the Answer File" later in this chapter.

Using RIPrep Images

RIPrep images allow a network administrator to clone a standard corporate desktop configuration,
complete with operating system configurations, desktop customizations, and locally-installed
applications. After installing and configuring the Windows 2000 Professional operating system, its
services, and any standard applications on a computer, the network administrator runs a wizard that
prepares the installation image, and replicates it to an available RIS server on the network for
installation on other clients.
The benefits of using RIPrep.exe are as follows:
Allows for the creation of standard environment images including the operating system, standard
•
desktop applications, and settings.
• Faster overall install times than CD-based images.
The limitations of using RIPrep.exe are as follows:
Does not support multiple disks or multiple partitions on the source computer used to create the
•
RIPrep image.
• Works only with the Windows 2000 Professional operating system.
The destination client must have a hard disk that is the same size or larger than the system
•
partition on the hard disk of the source computer used to create the RIPrep image.
• Target system must also have the same hardware abstraction layer (HAL).
A CD-based image of the same version and language as the RIPrep source computer must also
•
be installed on the RIS server.

RIPrep Considerations
If you plan to use RIPrep to create operating systems in your organization, keep the following
considerations in mind:
RIPrep supports replication of a single disk, single partition (the boot partition, which is usually
•
drive C) of Windows 2000 Professional. Because of this, the operating system and all of the
applications that make up the standard installation must reside on the boot partition prior to
running the RIPrep wizard. By creating a RIPrep image, you can install and configure the
operating system, locally-installed applications and configuration settings once for deployment to
many clients.
RIPrep-based images generally use more hard disk space than CD-based images because they
•
contain an uncompressed copy of the client system's hard disk stored on the server. CD-based
flat images still contain the compressed installation files that the CD contains.
To store a RIPrep image on a server, you must also have a CD-based image that is the same
•
version and default language stored on the same RIS server. This is because the answer file used
for the RIPrep image also refers the client to the CD-based image for access to network adapter
and text-mode boot drivers, in case the drivers required for the client installing the RIPrep image
are different from those in the system used to create the RIPrep image. The text-mode setup
then does an advanced Xcopy of the client's image to the client's hard disk drive. (Text-mode
setup is the normal blue screen you see when installing Windows 2000 Professional that moves or
 copies all the files over before the graphical user interface setup begins.)
One of the beneficial features of the RIPrep wizard is that the destination client, that is, the
•
computer that is installing the RIPrep image, does not need to contain identical hardware as that
of the source computer used to create the image. However, the hardware abstraction layer (HAL)
drivers must be the same. The RIPrep wizard uses the new Plug and Play support that is included
with Windows 2000 for detecting any differences between the source and the client hardware
during image installation.
To create a RIPrep image, a source computer is required. The source computer contains the
•
Windows 2000 Professional operating system, locally-installed applications, and any configured
system settings that represent a standard client configuration you want to deploy to the specific
clients. Carefully configure and test this image before running the RIPrep wizard to create the
RIPrep image. After the image is replicated to the RIS server, you cannot alter its configuration
without rerunning the RIPrep wizard against the existing image.
Top of page

Configuring a RIPrep Source Computer

To prepare and configure a source computer for a RIPrep image, use the following general steps:
1. Install Windows 2000 Professional on the boot drive of a newly formatted computer. Any of the
common methods of performing a standard installation can be used.
2. During setup, create a single partition, and then set the partition to the minimum size required
for support of the base operating system and any required applications. The size of the partition
used on the RIPrep source computer determines the minimum disk size required on computers
installing the resulting RIPrep image.
3. Configure all components and settings that represent the standard client configuration for this
image, including:

• Network settings

• Security settings

• User settings

• Desktop settings

Configure the source computer to adhere to any company configuration policies. For example,
you might choose to define specific screen colors, set the background bitmap to a company-
based logo, and set intranet proxy server settings in Microsoft® Internet Explorer 5.
4. Install all applications that you want to be a part of this image. If you have applications that are
Windows Installer (.msi) packages and you want the applications to be installed in a managed
state, see the following section. Install all the applications from the location that should be used
when looking for updates or additional files, rather than a temporary location such as a local
CD-ROM drive that is not available on clients installing the RIPrep image. For example, you can
install Microsoft® Office 2000 and virus protection software for all users who require these
applications on the computer.
5. Test the source computer to ensure that the configuration is exactly how you want it to be for
the group of users who will access this image. RIPrep images cannot be modified after they are
created, so if your image fails your test process, you must recreate the image or restore the
existing RIPrep image, make the necessary adjustments, and run the RIPrep wizard again to
create a new image that contains the additional changes. If it is appropriate, you can overwrite
the existing image on the RIS server when you create the new image
6. Run the RIPrep wizard to create the RIPrep image on the server.
7. Configure user access to the image by setting permissions in the ristnrd.sif file in the Templates
folder of the new RIPrep image. For more information, see "Setting Security Permissions in
Answer Files" later in this chapter.
Top of page

Using Software Installation and Maintenance with RIPrep

By using the Windows 2000 Software Installation and Maintenance features, you can install and
manage key software in a RIPrep image by using the same methods you use to install the software
on other computers in the organization.
Consider an organization that wants to bring in new computers and customize both the
Windows 2000 operating system and the Office 2000 suite of applications. The organization has
existing Group Policy objects to manage the computers in the organization, and the administrator
has assigned Office 2000 to the computers in the appropriate Group Policy objects.
Note
Be sure you configure the RIPrep source computer with applications from the same Group Policy
objects that apply to the destination computers (those that install the RIPrep image) when they are
deployed. The applications might be removed, or removed and reinstalled, if a different policy is
applied to the computer when it is deployed.
The administrator installs the Windows 2000 operating system on a computer (that has the same
HAL as the wanted target systems), and then configures the operating system the way that they
want it. When Windows 2000 is installed and configured, the administrator adds it to the same
Active Directory container where it stays after it is deployed. This container has a Group Policy
object with Office 2000 assigned to the computer.
Note
When you install Office 2000 as part of an RIPrep image, you must turn off 8.3 name creation.
Change the value of the NtfsDisable8dot3NameCreation registry entry from 0 (default) to 1 in
order to turn off 8.3 name creation. NtfsDisable8dot3NameCreation is located in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem. See the following
procedure.
To turn off 8.3 name creation
1. From the Start menu, click Run .
2. Type regedt32.exe or regedit.exe , and then click OK .
3. In the registry editor, navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
4. Select the NtfsDisable8dot3NameCreation entry.
5. To turn off 8.3 name creation, change the value of the NtfsDisable8dot3NameCreation
registry entry from 0 (default) to 1. In Regedit.exe, right-click the entry, and then click Modify .

-Or-
In Regedt32.exe, click the entry, click Edit , and then click the appropriate menu choice.
Caution
Do not use a registry editor to edit the registry directly unless you have no alternative. The registry
editors bypass the standard safeguards provided by administrative tools. These safeguards prevent
you from entering conflicting settings or settings that are likely to degrade performance or damage
your system. Editing the registry directly can have serious, unexpected consequences that can
prevent the system from starting and require that you reinstall Windows 2000. To configure or
customize Windows 2000, use the programs in Control Panel or Microsoft Management Console
(MMC) whenever possible.
The administrator restarts the computer, and Software Installation and Maintenance installs
Office 2000 (applications assigned to a computer install when the computer starts). After
Office 2000 installation is complete, the administrator can take the computer running Windows 2000
with Office 2000 installed, and use RIPrep to build a Remote OS Installation image and put the
image on a RIS server.
When the resulting RIPrep image is installed on destination clients, as long as the same Group
Policy objects are applied to the destination computers, the applications remain in a managed state
and can be managed, updated, or patched using the Software Installation and Maintenance
features. It is recommended that you use Software Installation and Maintenance to install, update,
and manage all applications that you install in RIPrep images.
For more information about software installation, see "Software Installation and Maintenance" in this
book.
Top of page

RIPrep and User Profiles

When creating RIPrep images, it is important to understand the relationship of user profiles, the
changes made to a RIPrep source computer, and the wanted result for users who log on to
computers that are installed by using the RIPrep image. Windows 2000 Logo–compliant applications
properly separate user-specific and computer-specific configuration settings and data. Installing
such applications for all users of the computer as part of a RIPrep source computer allows the
applications to then be available to all users of clients that have the resulting RIPrep image installed
later. Non-Windows 2000–compliant applications might perform or rely on per-user configurations
that are specific to the profile of the user actually installing the application prior to running RIPrep
(typically a local administrator), rather than to all users of the client. Such configurations remain
specific to that user, which can result in the application or configuration setting not being available
or not functioning properly for users of computers installed with the RIPrep image. In addition,
some non-application configuration changes, such as the wallpaper specified for the user desktop,
are applied only to the current user's profile by default, and are not applied to users of systems
installed with the RIPrep image.
Thoroughly test any applications or configuration settings that you want to use in a RIPrep image to
ensure that they will work properly with your organization's implementation of user profiles. To
perform the test, make the change as one user (typically a local administrator of the computer), log
off, and log on as a user account that is representative of your organization. If the changes you
made are applied to the second user, the changes should also apply to users who log on to systems
installed with an RIPrep image that contains the same change. To complete the test, create an
RIPrep image, restore it to a different computer, and log on as a different representative user. Verify
that the changes are applied and fully functional.
Some configuration settings can be copied directly from the profile to which they were applied (the
local administrator in the previous example, for instance) to the All Users profile (such as the
desktop wallpaper) some Start menu options, and shortcuts. However, all such changes must be
tested carefully to verify that the profile copy process does not affect their functionality.
To copy the Administrator ' s profile to the Default User profile on the source computer
1. Log on to the source computer as Administrator. Right-click My Computer , and then click
 Properties .
2. In the System Properties property page, click the User Profiles tab, select the local
Administrator profile from the list of profiles on the computer, and then click Copy To .
3. In the Copy To dialog box, enter the path to the All Users profile folder (typically C:\Documents
and Settings\All Users), and then click Change .
4. Select the appropriate group from the User or Group dialog box, typically the Everyone
group, and then click OK .
5. Click OK , and then click OK again to exit the System Properties property page.
Top of page

Running the RIPrep Wizard

After the client source computer is configured and fully tested, you are ready to run the Remote
Installation Preparation Wizard (RIPrep.exe) from the RIS server that you want to receive this
RIPrep image.
To run the RIPrep wizard, from the source client computer's Start menu, click Run , and then type:
\\<RISservername >\Reminst\Admin\i386\RIPrep.exe
Then click OK .
The RIPrep wizard does the following:
Asks for the name of the RIS server on which to store the image. If none is selected, it defaults
•
to the server name from which RIPrep.exe was run. If RIPrep.exe is run from \\ Server
\Reminst\Admin\i386\Riprep, server becomes the default location.
Prompts for a subdirectory name to which the new image is created. The directory specified is
•
created under the \RemoteInstall\Setup\ OS Language \Images directory on the specified RIS
server.
Prompts for a description and Help display text. These values are written to the answer file for
•
the RIPrep image and used for display to users in the Client Installation Wizard.
Prompts you to stop services and close applications on the client that RIPrep does not recognize.
•
(This page does not prevent you from continuing, but you need to attempt to stop any services
that RIPrep does not recognize as well as close any open applications.)
Removes unique security identifier and other unique registry settings to prevent conflict between
•
clients.
• Replicates the source client's system partition to a folder on the RIS server.
Creates a default answer file named Riprep.sif. This associates a specialized unattended answer
•
file with the image to ensure that the user is not prompted during image installation.
To create an image on the server, you must be logged on to the source client with an account that
has backup privileges on the source computer. (If you are a member of the domain administrators
group, you have this privilege.) Otherwise you need to log on as the local administrator.
Figure 24.4 shows the directory structure that exists after the RIPrep image is copied to the server.
You can define the name of the root folder ( imagename ) where the RIPrep images are stored.
Figure 24.4 RIPrep Image Directory Structure
After creating the new image, the important files to note are RIPrep.log, Bootcode.dat, and
Imirror.dat. These files contain the following information about the RIPrep image:
RIPrep.log This file contains log information about RIPrep.exe. RIPrep.log contains any errors
that occur, such as encrypted files encountered or files in use. It also notes other information such
as server name and description. This file resides in the \i386 directory on the server.
Bootcode.dat This file contains the boot sector for the system. Bootcode.dat resides in the
\i386\Mirror1 directory.
Imirror.dat This file contains information, such as the drive letter, installation directory, and
hardware abstraction layer (HAL) type, about the system that was cloned by using RIPrep.
Imirror.dat resides in the \i386\Mirror1 directory.
These files contain some binary data, and therefore cannot be completely read by using a simple
text editor or word processing application. After RIPrep is run, the source computer is shut down. If
the source client is restarted, a mini-wizard runs and prompts the user for the unique configuration
items that were removed when RIPrep was run.
After the replication of the image is complete, any DHCP PXE–based remote boot–enabled client,
including those clients using the RIS boot floppy disk, can be used to access this image through RIS.

Relationship of SysPrep to Remote OS Installation

The System Preparation (SysPrep) tool works in conjunction with a third-party disk imaging process
to prepare a source computer's hard disk for duplication to other computers. SysPrep is used to
remove configurations unique to the computer, such as its computer name and security identifier
(SID), so that the resulting computer image can be safely reused for installation on other
computers.
SysPrep cannot be used with Remote OS Installation. However, the Remote OS Installation RIPrep
wizard performs similar functions as SysPrep, which are combined with the other Remote OS
Installation features to provide a full desktop imaging solution.
A comparison of using Remote OS Installation and SysPrep for creating system images follows.

TheBenefits of Using Remote OS Installation with RIPrep

• Supports use of different hardware between the source and destination computers (both
computers must have the same hardware abstraction layer).
• Does not require additional imaging software.
 Provides full support for replicating the source image to a server and restoring it onto destination
•
computers.
Top of page

Limitations of Using Remote OS Installation with RIPrep

• Does not support replication of RIPrep images to sources other than RIS servers, such as
removable media.
• Does not support creating Windows 2000 Server images.
Top of page

Benefits of Using SysPrep

• Supports creating both Windows 2000 Professional and Windows 2000 Server images.
• Supports use of third-party disk imaging and replication products.
Top of page

Limitations of Using SysPrep

• Requires the same hardware abstraction layer and mass storage controller on both the source
and destination computers.
Does not provide support for drive imaging, additional third-party tools are required for the
•
imaging and replication processes.

Removing RIS Server Operating System Images

The Remove option, found on the Images tab of the Advanced Settings property page, only
removes the unattended setup answer file (.sif) that is associated with the operating system image.
To completely remove the operating system image from the RIS server, use Windows Explorer to
delete the directory and subdirectories containing the image that you want to remove. You can do
this from the console of the server or by browsing the Reminst share on the RIS server.
Note
Do not remove the physical operating system image completely until all clients have upgraded to
the new version of the operating system. Be sure that you back up the unattended setup answer file
(.sif) prior to removing any setup answer files.