Prestaging computer accounts in Active Directory means that you create computer account objects in Active Directory prior to client computer startup, using the UUIDs of the client computers to configure the netbootMachineFilePath attribute in each computer object. You also configure the user accounts that will use the client machines by providing them with read, write, and set/change password permissions on the computer account objects. When these clients boot to a RIS server, they send their UUID to the RIS server. The server then 12512m1220m checks Active Directory for a UUID that matches the UUID that the client sends to the RIS server. If one is found, the RIS server accepts the request for service from that client. By using the prestaging process, you can greatly enhance security by causing your RIS server to recognize specific clients only.
If you are not concerned with the security of servicing RIS client requests for operating system installations and you are not planning to provide automated installations, you can bypass the prestaging process. If you decide to prestage your client computers in Active Directory to enhance security or provide automated installations, you need to obtain the UUIDs for client computers so you can provide them during the prestaging process. Prestaging clients in Active Directory assures that the RIS server recognizes service requests from these clients, while ignoring all others (if you configure the RIS server to do so). For more information about prestaging client computers to enhance security, see "Planning RIS Server Security" (ACIRIS_05.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Planning RIS Server Security" on the Web at https://www.microsoft.com/reskit).
In many cases, you can get an Excel spreadsheet with the UUID information from the OEM supplier of the client computers. If you do not have UUID information from the OEM, you can use the BIOS information script. To find this script, see the Remote Installation Scripts link on the Web Resources page http /www.microsoft.com/windows/reskits/webresources.). You can use this script to automate the process of obtaining UUIDs of all client computers in the default Active Directory Computers container.
To obtain UUIDs by using the BIOS information script, you must run the script at the command line and use the getalluuids command. The script uses ADSI and WMI technologies to return valid UUIDs that you can use to prestage client computers in Active Directory. The script provides usage instructions that explain all the input arguments and commands you must specify.
Alternatively, you can also use SMS to obtain the UUID for a computer or group of computers. To use SMS to identify the UUID of a computer or group of computers, see the documentation provided with SMS.
Once you have the UUIDs for your client computers, you can
use them to prestage clients by creating new computer accounts in Active
Directory. For procedures to prestage RIS clients using the Active Directory
snap-in on a RIS server, see "Remote Installation Services administration
overview" in Help and
You can automate the prestaging process by using the prestaging script; to find this script, see the Remote Installation Scripts link on the Web Resources page http /www.microsoft.com/windows/reskits/webresources.). If you have UUID listings on an OEM spreadsheet, you can adapt this information as input data to the script, but you must use the exact same Excel spreadsheet format that BIOS information script creates. Otherwise, use the BIOS information script with the /ExcelPath: option to print the UUIDs to an Excel spreadsheet for the data you need as input to the prestaging script. For more information about designing Active Directory support, including prestaging RIS clients in Active Directory and automating the prestaging process by using scripts, see "Designing the Active Directory Infrastructure" later in this chapter.
For this part of your planning process, use job aid "Planning for RIS Clients" (ACIRIS_01.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Planning for RIS Clients" on the Web at https://www.microsoft.com/reskit) to indicate your decision to prestage client computers in Active Directory. Also specify the method you intend to use to obtain the UUIDs and the personnel assigned to the task.
|