ALTE DOCUMENTE
|
|||||||||
How you configure your RIS server properties has an impact on RIS server performance and function. The properties you can set on a RIS server are located in the RIS server Properties dialog box. You can access this dialog box by using the Active Directory extension on your RIS server. To open the dialog box, right-click the RIS server computer account object in Active Directory and select Properties to access the Remote Install tab. From here you have access to RIS server properties, which includes the fo 22422p152w llowing options:
Client support. Consists of options that allow you to determine which clients the RIS server responds to.
Computer naming format. Consists of various options that determine how computer account objects will be named.
Computer account location. Consists of options that determine where the computer account objects will be placed in Active Directory.
To determine the most appropriate settings to use for RIS server properties in your organization, use Table . as a guide.
Table . RIS Server Property Settings
|
Use This Setting |
When |
|
Client support options |
You need to configure the way RIS servers respond to clients requesting installation service. For more information about client support options, see the discussion about designing RIS server security in "RIS Server Configuration Design Tasks" later in this chapter. |
|
Respond to client computers requesting service |
You want a RIS server to acknowledge all clients requesting service, including prestaged and non-prestaged clients, to whom the server makes its operating system images available. Use when maximum security is unnecessary or when you are setting up a RIS referral server. |
|
Do not respond to unknown client computers |
You want a RIS server to acknowledge only clients with prestaged computer accounts in Active Directory, to whom the server makes its operating system images available. Use when you want to maximize the security applied to RIS clients so unauthorized clients cannot receive an operating system installation. |
(continued)
Table 4.4 RIS Server Property Settings (continued)
|
Use This Setting |
When |
|
Client computer naming format options |
You configure the Automatic Setup option in Group Policy, so you can apply the computer naming format to non-prestaged clients and to Custom Setup clients that do not provide input for computer name and Active Directory location. |
|
User name |
You want to name the client computer requesting RIS service based on the user name of the operating system installer. This is the default setting. |
|
NP plus MAC address |
You want to name the client computer requesting RIS service based on the media access control (MAC) address of the client network adapter. |
|
Custom naming scheme |
You want to name the client computer requesting RIS service based on a custom naming format that you specify. |
|
Other name variations |
You want to name the client computer requesting RIS service based on name variations such as first name, last name, initial, and so on. |
|
Client account location options: |
You want to define the default Active Directory container for all client computer accounts prior to installation. |
|
Default directory service location |
You want to specify that the client computer account object is created in the Computers container by default when the client joins the domain. Use when you want the client computer to become a member of the same domain as the RIS server handling the client installation process. |
|
Same location as that of the user setting up the client computer |
You want to specify that the client computer account object is created within the same Active Directory container as the user account of the user setting up the computer, for example, in the Users container. |
|
The following directory service location |
You want to predetermine where client computer account objects are created in Active Directory. Use when you want to configure an account location for all client computers installed from a RIS server. |
|
|
|
Tip If a prestaged client exists in a forest separate from the RIS forest and RIS is configured to not respond to unknown clients, this client will not be answered by RIS. You can fix this by configuring RIS to answer unknown clients and specifying the directory service location in the correct forest where computer accounts are created. Do this using the New Clients tab of the Remote Install dialog box on the RIS server. |
For this part of your RIS server configuration design process, use the "RIS Server Properties" section of job aid "Designing the RIS Server Configuration" (ACIRIS_09.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Designing the RIS Server Configuration" on the Web at https://www.microsoft.com/reskit) to record the configuration settings you choose from Table . .
The Remote Install tab also provides you with access to other dialog boxes that allow you to do the following:
Associate new answer files with existing images.
Set security permissions on answer files.
Add new Risetup images to the RIS server.
Remove tools or view properties of tools provided by third parties.
Set security permissions on the RIS server computer account object in Active Directory.
From the Remote Install tab, you can also browse Active Directory to do such things as display the UUIDs of all your RIS clients along with the RIS servers designated to service them.
By clicking the Advanced Settings button in RIS server Properties, you can define answer file associations on your RIS server. For example, from the Images tab, you can associate answer files with existing operating system images. This allows you to provide custom operating system installations based on answer files that you create and tailor for specific user needs. After you associate the answer file with an image, you can set permissions on the answer file to enable specific users to access the image associated with it.
|
|
|
Note In Advanced Settings in RIS server Properties, setting permissions on an item under Descriptions on the Images tab sets permissions on answer files associated with images rather than on the images themselves. |
You should already have recorded the design decisions that specify which answer files you associate with RIS installation images and the user groups that you permit or deny access to these files. These tasks are part of designing the RIS deployment mode and the CIW process.
From the Image tab of RIS server Properties, you can add new Risetup images to your RIS server based on an operating system CD that you provide. If you click the Add button on the Images tab, a dialog box displays with an option that starts the Risetup Wizard. The design decisions about which Risetup images you intend to host on your RIS server(s), made in "Risetup Image Design Tasks" earlier in this chapter, were recorded using job aid "Defining Risetup Images" (ACIRIS_07.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Defining Risetup Images" on the Web at https://www.microsoft.com/reskit).
From the Tools tab, you can remove tools or view the properties of system maintenance and troubleshooting tools provided by third parties. You cannot add tools to your RIS server from the Tools dialog box. Only independent software vendors (ISVs) or original equipment manufacturers (OEMs) can provide system maintenance and troubleshooting tools to administrators, technical support staff, and users of client computers. ISVs and OEMs use a custom setup program to add their tools to the \RemoteInstall directory on a RIS server.
Your RIS server configuration design might involve removing certain tools from your RIS server so that they are not available to clients. However, note that you can achieve the same objective by using Group Policy settings for specific user groups rather than by deleting the tool entirely. You cannot retrieve a tool once you delete it, except by the OEM reinstalling it. Record which tools you want to delete in the "Other RIS Server Configuration Parameters" section of job aid "Designing the RIS Server Configuration" (ACIRIS_09.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Designing the RIS Server Configuration" on the Web at https://www.microsoft.com/reskit).
If you decide to delegate administration of your RIS server, you can set permissions on your RIS server computer account in Active Directory from the Security tab of RIS server Properties. The decision to delegate RIS administrative tasks is addressed in the discussion about assessing delegation of RIS administrative tasks in "Planning Security for RIS Administrative Tasks" earlier in this chapter. If you did record your decision in job aid "Planning RIS Server Security" (ACIRIS_05.doc) earlier, record the information now in the "RIS Administrative Task Security" section of the job aid. See "Planning RIS Server Security" (ACIRIS_05.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Planning RIS Server Security" on the Web at https://www.microsoft.com/reskit).
|
