To subscribe, visit http://www.minasi.com/nwsreg.htm. To unsubscribe, link to http://www.minasi.com/unsubs.htm. Visit the Archives at http://www.minasi.com/archive.htm.
A very busy month. I just included a short note in a newsletter a month or two back saying that I've got a two-day Windows 2000 Server seminar available and the phones have been ringing off the hook. I was on the road all of August doing seminars with some great companies and I'll be busy in the next few months visiting some more. As I've taught the class I've expanded the material and it's a pretty full two-day seminar at this point. I'm trying to keep it to two days, so I may trim a minor subject or two, but the most recent course outline is on the Web site at www.minasi.com/w2koutln.htm. I also got a chance to meet with my co-authors on the 2000 Server book and we're all digging in to get the Third Edition out by early next year, probably late February or early March 2001. I also talked to some other authors who'll be putting together some small, tightly-focused books in a new library from Sybex called Mark Minasi's Windows 2000 Masters Series. It'll include a title on Clusters, another on deployment and scripting, yet another on group policies, and one on VPNs for the first round. No time for reader letters this month -- the big RIS article took too much time -- but they'll be back next month.
Speaking of seminars, I've been only doing in-house seminars so far, where I go to a particular firm and teach to their employees. The alternative is to run a "public" class, where I run the seminar at a hotel in some city and charge per-person. I've avoided the idea of public seminars because they involve a lot of management but we've been getting about 75 e-mails a month asking when we'll start doing public seminars, so I've decided to ask you whether we should run a few. I'm considering running seminars in a few cities but need to know whether or not there's sufficient interest. To find out, I've put up a page on my Web site at www.minasi.com/pickcity.htm where prospective seminar attendees can vote to indicate whether or not they'd attend a two-day seminar in one of11 cities. If you're interested, please consider visiting the page and registering your opinion.
The 11th edition of my PC hardware "Bible," The Complete PC Upgrade and Maintenance Guide, is now in the stores. We did some pretty significant rewrites of much of the book -- quite a major task -- to pare away some of the old technologies and highlight the special maintenance issues raised by the new technologies. It looks like your best buy on-line is at buy.com at http://www.us.buy.com/retail/product.asp?sku=30601005&loc=644. Buy it there and you'll not only get a good price, you'll also get a chance to win a laptop.
Whew! All last month, the Sybex editing and production staff sent galley proofs chasing me around the country. Whenever I'd settle into a hotel the night before starting a seminar, I'd find a stack of galleys waiting for me. But we got it done on time and now the printer's got all 560 pages to print. The book hits the shelf around the 10th of October, but Amazon is taking pre-orders at http://www.amazon.com/exec/obidos/ASIN/0782127304/o/qid=967758550/sr=8-1/ref=aps_sr_b_1_3/102-2426794-6852926/markminasi -- granted, it's not Goblet of Fire, but if you've been curious about Linux, I think you'll find this "Linux explained in NT terms" text to be the fastest way to get your "brown belt" in Linux.
As I'm busy working on the Third Edition, I've turned up a lot of stuff this month. But the best information comes via a tip from Doug Toombs, one of my co-authors on the 2000 Server book, about Remote Installation Services.
I'm liking Remote Installation Services (RIS) more and more for getting images or just plain basic operating systems on computers. Once upon a time, I'd install NT 3.x or 4.0 on a new system in probably much the same way as many of your. My network always had a share containing the I386 directory somewhere. I'd then rig up a boot floppy that loaded DOS and just enough of a network redirector to get me onto the I386 share, then I'd do a winnt /b command to kick off an install.
That worked fine, but it included one big pain -- getting that bootable floppy to work. Squeezing basic DOS, HIMEM.SYS, the MS-DOS Network Client, and the NIC's drivers onto a floppy (to say nothing of making that awful real-mode version of TCP/IP function) was a somewhat disagreeable task. That task has gotten even harder nowadays, as it's getting tougher to find the old NDIS version 2 drivers that you'd need to make the DOS network client function. Come to think of it, finding a copy of DOS is getting a bit tricky! (You can, of course, create bootable floppies with Windows 9x, but they take up even more floppy space. If we only had standard 200 MB floppies.)
RIS gets around that initial how-do-I-get-to-the-network-so-I-can-install-network-software vicious circle by employing a simplified set of protocols gathered together under a heading called "PXE," or "Preboot eXEcution Sequence," as you read elsewhere in chapter 3 of the Mastering Windows 2000 Server book. Many modern computers have the ability to boot "from the network" and so any of those computers can get to RIS without any trouble, so long as their NIC is a PCI board. And if you don't have a computer that can do a network boot, then of course there's the remote boot floppy that RBFG.EXE creates. Of course, this isn't the answer for everything:
I've been doing more in-depth research into RIS and have discovered a few things that you won't find in the book.
In my earlier explorations of RIS, I pretty much assumed that the "CD image" installs, the ones based on I386, were a pretty useless tool. I figured that the only way to make RIS useful would be to create a model system and then copy it in a Ghost-like fashion to a RIS server, using RIPREP. But a conversation with Doug Toombs helped me find out that you can use scripts to tell RIS to start from a basic I386 image and do a very customized unattended install.
RIS creates a directory called RemoteInstall. In that directory, it creates four more directories:
Look in Setup (\RemoteInstall\Setup, that is) and you'll find a directory named English (or whatever language version of 2000 that you're using) and inside that a directory named Images and inside that, the directories for your images. For example, if you installed RIS with the defaults then you have a basic I386 image in a directory called win2000.pro or, more completely, \RemoteInstall\Setup\English\Images\win2000.pro. Look inside that directory and you'll find \RemoteInstall\Setup\English\Images\win2000.pro\I386\Templates, which contains the file that I'm looking for -- a file named RISTNDRD.SIF (it's "RI STANDARD," but with the vowels in "STANDARD" dropped). That file looks like this:
[data] floppyless = "1" msdosinitiated = "1" OriSrc = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%" OriTyp = "4" LocalSourceOnCD = 1
[SetupData] OsLoadOptions = "/noguiboot /fastdetect" SetupSourceDevice = "\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%"
[Unattended] OemPreinstall = no NoWaitAfterTextMode = 0 FileSystem = LeaveAlone ExtendOEMPartition = 0 ConfirmHardware = no NtUpgrade = no Win31Upgrade = no TargetPath = \WINNT OverwriteOemFilesOnUpgrade = no OemSkipEula = yes InstallFilesPath = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
[UserData] FullName = "%USERFIRSTNAME% %USERLASTNAME%" OrgName = "%ORGNAME%" ComputerName = %MACHINENAME%
[GuiUnattended] OemSkipWelcome = 1 OemSkipRegional = 1 TimeZone = %TIMEZONE% AdminPassword = "*"
[LicenseFilePrintData] AutoMode = PerSeat
[Display] ConfigureAtLogon = 0 BitsPerPel = 8 XResolution = 640 YResolution = 480 VRefresh = 60 AutoConfirm = 1
[Networking] ProcessPageSections=Yes
[Identification] JoinDomain = %MACHINEDOMAIN% CreateComputerAccountInDomain = No DoOldStyleDomainJoin = Yes
[NetProtocols] MS_TCPIP=params.MS_TCPIP
[params.MS_TCPIP] ; transport: TC (TCP/IP Protocol) InfID=MS_TCPIP DHCP=Yes
[NetClients] MS_MSClient=params.MS_MSClient
[params.MS_MSClient] InfID=MS_MSClient
[NetServices] MS_Server=params.MS_Server
[params.MS_Server] ; service: SRV (Server) InfID=MS_Server BroadcastsToLanman2Clients = No
[ServicesSection]
[RemoteInstall] Repartition = Yes UseWholeDisk = Yes
[OSChooser] Description ="Microsoft Windows 2000 Professional" Help ="Automatically installs Windows Professional without prompting the user for input." LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates\startrom.com" ImageType =Flat Version="5.0"
I made a few changes to help RIS do an install from this folder in hands-off mode. First, in the [unattended] section, I changed two lines:
nowaitaftertextmode = 1
OEMPreInstall = Yes
The first causes RIS to not wait at the end of the text portion of install. That's normally there to tell you to pop out the floppy, but if you just pop it out once the Client Wizard starts then you're fine. OEMPreInstall enables some features that we'll use later. I then deleted this line:
FileSystem=LeaveAlone
In the [UserData] section, I added this line so that it wouldn't stop and make me type in a product code:
ProductID = "aaaaa-bbbbb-ccccc-ddddd-eeeee"
Of course, that code won't really work; you'll have to type in your actual product ID. If you've got the Select CDs then, of course, you needn't punch in a product ID at all, and so you won't need to add that line. Finally, in the [Identification] section, I deleted all of the lines and inserted these instead:
JoinDomain=win2ktest.com
DomainAdmin=administrator
DomainAdminPassword=swordfish
This tells RIS to create a machine account in the win2ktest.com domain, to use the "administrator" account to authorize it, and that the "administrator" account uses password "swordfish." Now, you wouldn't type in those lines exactly, for several reasons. First, win2ktest.com is my domain, and you don't want to join my domain, you want to join YOURS. Second, I was being lazy here and specifying the default domain administrator account to create the machine account, and that's overkill -- you can easily replace it with a less-powerful administrative account that can only create machine accounts, as Chapter 3 in the book explains. And third, even if you did want to join my domain (please don't!), the administrator's password isn't "swordfish."
I made a few other changes to reflect personal preferences, such as modifying the screen resolution, but when I was done, I had a RISTNDRD.SIF that looked like this:
[data] floppyless = "1" msdosinitiated = "1" OriSrc = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%" OriTyp = "4" LocalSourceOnCD = 1
[SetupData] OsLoadOptions = "/noguiboot /fastdetect" SetupSourceDevice = "\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%"
[Unattended] Repartition = Yes UseWholeDisk = Yes OemPreinstall = yes NoWaitAfterTextMode = 1 ExtendOEMPartition = 0 ConfirmHardware = no NtUpgrade = no Win31Upgrade = no TargetPath = \WINNT OverwriteOemFilesOnUpgrade = no OemSkipEula = yes InstallFilesPath = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
[UserData] FullName = "%USERFIRSTNAME% %USERLASTNAME%" OrgName = "%ORGNAME%" ComputerName = %MACHINENAME% ProductID="1111-1111-1111-1111-1111"
[GuiUnattended] OemSkipWelcome = 1 OemSkipRegional = 1 TimeZone = %TIMEZONE% AdminPassword = "*"
[LicenseFilePrintData] AutoMode = PerSeat
[Display] ConfigureAtLogon = 0 BitsPerPel = 16 XResolution = 1024 YResolution = 768 VRefresh = 72 AutoConfirm = 1
[Networking] ProcessPageSections=Yes
[Identification] JoinDomain=win2ktest.com DomainAdmin=administrator DomainAdminPassword=swordfish
[NetProtocols] MS_TCPIP=params.MS_TCPIP
[params.MS_TCPIP] ; transport: TC (TCP/IP Protocol) InfID=MS_TCPIP DHCP=Yes
[NetClients] MS_MSClient=params.MS_MSClient
[params.MS_MSClient] InfID=MS_MSClient
[NetServices] MS_Server=params.MS_Server
[params.MS_Server] ; service: SRV (Server) InfID=MS_Server BroadcastsToLanman2Clients = No [ServicesSection]
[RemoteInstall] Repartition = Yes UseWholeDisk = Yes
[OSChooser] Description ="Microsoft Windows 2000 Professional" Help ="Automatically installs Windows Professional without prompting the user for input." LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates\startrom.com" ImageType =Flat Version="5.0"
You can do just about any scripting trick with RISTNDRD.SIF -- these changes are just a start.
Next, I wanted to be able to use RIS to roll out systems with Service Pack 1 already installed. You may know that SP1 offers a neat -s or "slipstream" feature that lets you pre-install all of the Service Pack 1 files onto an I386 distribution point. Anything that you install from that distribution point already contains Service Pack 1, making installation a one-step process, rather than the more familiar NT approach of "first install the initial version, then put the latest Service Pack on top of it."
In case you haven't done it, here's how to create an I386 that's already got the Service Pack files installed. To do this, you'll need two things: a Server or Professional CD and sp1network.exe, the nearly 90 megabyte file that contains the entirety of Service Pack 1. Type these commands:
None of that's very hard, except for the last step -- I kept typing "...update -s:c:\i386" and the Service Pack isn't smart enough to figure out that the files are in c:\i386; no, whatever directory you point the Service Pack to had better contain a directory named I386 or you'll get one of the less-useful error messages around.
Anyway, now that you've got a brand-new SP1-ized I386, how do you use it for RIS? I imagine that you could probably try copying files over to \RemoteInstall\Setup\English\Images\imagename\I386, overwriting the old ones, but there's a better -- or at least a more "official" way. You know from the Mastering Windows 2000 Server book how to make a new image out of a completely installed system in a Ghost-like fashion using RIPrep -- but how do you create a new RIS image from just an I386? From Active Directory Users and Computers.
Sitting at the RIS server, start Active Directory Users and Computers. If you don't seem to have ADUC, then run \winnt\system32\adminpak.msi, which contains the complete suite of administrative tools.
Next, find your RIS server. It'll either have a computer account in the Computers folder, or if it's a domain controller then its account will be in the Domain Controllers organizational unit. Or, if you've taken the time to create an OU structure, then perhaps it's sitting in an OU. Once you've found the RIS server, right-click it and choose Properties. You'll get a property sheet that includes a tab labeled "Remote Install;" click that.
On the RIS page, you'll see a button labeled "Advanced Settings" and, once you click it, you'll get another property page. One of its tabs is labeled "Images;" click that and you'll see a list of images on the RIS server. You can add another by clicking "Add..." (I know, you'd kind of guessed that by now) and then when it asks you what kind of image to add, choose “Add New Installation Image,” which kicks off a wizard. The wizard basically asks you where to find the files; tell it c:\i386 and then go take a break while it copies. You've now got an SP1-ized RIS installation folder.
Pretty neat, this RIS thing, eh? Too bad it only lets us easily set up Professional. If only rolling out Server were this easy...
Well, it can be, with just two very easy steps.
Start from an I386 directory on a hard disk. Yes, that's right, it's got to be an image on a hard disk rather than a CD-ROM, as we need to modify one file, so copy an I386 from a CD-ROM (if you haven't done that already) and, while you're at it, you might as well slipstream Service Pack 1 onto it. Once you've got an I386 on a hard disk, open up the file I386\TXTSETUP.SIF. It's a text file, so you can use Notepad.
Search for the line "ProductType = 1" and change the "1" to a "0," then re-save the file. Tell RIS to add a new image as you just did in the previous section, and then point it to this I386 with the modified TXTSETUP.SIF. RIS will take the image with no qualms.
Once RIS has copied the image, go find that TXTSETUP.SIF file again -- it's now in \RemoteInstall\Setup\English\Images\whatever-name-you-gave-it\I386. Edit the ProductType line to restore the value to "1" rather than "0." Try a RIS install from this image -- you'll see that you've now got a fully functional copy of Server, delivered from RIS!
There's just one thing that I can't seem to make work under RIS -- $OEM$ files. I've tried creating a $OEM$ directory inside I386 inside my image directory, and then changing the setup script's OEMPreinstall value to equal "yes," but I've been unsuccessful at enabling any of the OEMPreinstall features. Perhaps with some more work -- I'll keep you posted. On to a few short tips...
Intrigued by a reader letter, I built a simple AD for testing purposes with just one server. That server acted as the sole DNS server and domain controller (as well as the sole server of any kind, file and print included) for an Active Directory-based domain. I then got a Netlogon error like this one in the Event Viewer, referring to an event ID 5775:
Deregistration of the DNS record '_ldap._tcp.gc._msdcs.win2ktest.com. 600 IN SRV 0 100 3268 dun.win2ktest.com.' failed with the following error: DNS bad key.
I was surprised to find an article in Microsoft's Knowledge Base (Q252695) that says that dynamic DNS sometimes can't register or de-register DNS records on a system which is an AD domain controller, a global catalog server, the dynamic DNS server for that domain, and that refers to itself for name resolution (in other words, if you were to look in the "DNS server addresses" box in the Advanced TCP/IP settings for that system, you'd see that it refers to itself).
That sounds like a fairly significant problem for small offices. In fact, it kind of makes me wonder how they're going to get Small Business Server 2000 to work in that case -- if it's anything like the current product, it might not even allow any other servers. Anyway, a word to the wise for small users of 2000 and AD is, I guess, "don't use 2000 unless you've got a second server."
I ran into some trouble this month with Outlook 2000 and learned a few things that might be of value to my readers. I'd run it for a little while and it'd just crash unexpectedly, leaving nothing but Dr. Watson behind. It ultimately turned out that the NetFolders feature is just plain buggy in a non-Exchange environment (and who knows, it might be in an Exchange environment as well). I shut off NetFolders (Tools/Options/Other/Advanced Options/Add-In Manager, un-check Net Folders) but Outlook persisted in crashing. Office includes a tool called SCANPST.EXE which checked out my PST and found a few corrupted records. Once it cleaned them out, I had no more crashes from Outlook. (I'm tempted to suggest another solution -- avoiding Outlook -- but I'll leave that up to you, wink wink.)
In both the NT Server and 2000 Server books, I talk about a terrific free SMTP/POP3 server for NT/2000 called "IMS," "Internet Mail Server." (As a matter of fact, it sent this newsletter to you.) The link in the book doesn't work any more, but you can find the EMWACS IMS software now at http://www.texasstar.net/IMS/ims.htm. You can also find other IMS-related links at www.sica.com.
Windows 2000 has an interesting new feature (actually, Windows ME has it also) which protects files in \winnt\system32. If a program overwrites an existing file in system32 then the operating system waits a few seconds, then restores the file to its original state. Try this to see: type erase c:\winnt\system32\sol.exe to get rid of Solitaire. Then wait about a minute and type "dir c:\winnt\system32\sol*" and you'll see that it's back.
How does it work? Windows 2000 keeps a folder named \winnt\system32\dllcache which contains copies of the files in system32. When something changes a file in that directory, W2K takes out its cached copy and uses it to restore the deleted or modified file. And every time that you boot, the system checks some checksum or signature file -- I haven't been able to get more details than that -- to verify that the copies in the dllcache directory are valid. If they don't match the checksums, then Windows File Protection prompts you for the installation disk.
This is all pretty nice, but I could see wanting to disable it, so I dug around the Knowledge Base and talked to a contact inside Microsoft. His answer -- and the Knowledge Base's -- was that you can't turn Windows File Protection off. Dang.
You may know Fastlane for its directory migration tools, but did you know that they also run a great NT/2000 conference? "Winning Strategies for Planning, Designing and Implementing Large Scale Directory Management Solutions" happens at Toronto's Four Seasons hotel, so I'll have to remember to keep the pinkies out when sipping tea. I'm doing my "Windows 2000 Report Card" talk, and my fellow Windows 2000 Magazine writers Sean Daily and Paula Sharick will speak on a variety of topics. My U.S. readers should plan to join us in Toronto because remember -- your Yank dollars go further up north! Find out more at www.fastlane.com/dmworld.
This year's Comdex in Las Vegas (yeah, like I had to tell you where they run Comdex) will include a Windows 2000 mini-conference run by the one and only George Spalding. George has kindly asked me to do two talks -- my DNS for 2000 talk and my Active Directory concepts talk. If you're going to be in Vegas this year, please consider attending George's show and my talks.
The more teaching I do and the more work I do on the Third Edition (coming in February), the more gets stuffed into the class. I've updated the course outline -- take a peek at www.minasi.com/w2koutln.htm if you're interested. It's two fact-packed days covering infrastructure (getting DNS right before starting on Active Directory), AD concepts and planning, remote support tools, rollout and deployment tools, group policies, software deployment, W2K storage issues (including Encrypting File System administration), and more. It's just the thing to move your NT techies to 2000 competence in a short period of time. For more information, Contact jennifer@minasi.com or call (757) 426-1431.
Mastering Windows 2000 Server, 2nd Edition is consistently in Amazon's top 400 and often the top 100 -- many thanks to those of you who've purchased it! As always, the Windows 2000 book is discounted at Amazon via this link: http://www.amazon.com/exec/obidos/ASIN/0782127746/qid%3D951327728/sr%3D1-24/103-1360566-4240609/markminasi/002-6700447-8468236 or just jump off from http://www.minasi.com/covers/booklink.htm. Many thanks for the extremely kind reviews.
Please share this newsletter! I'd like very much to expand this newsletter into a useful source of NT/2000 information. Please forward it to any associates who might find it helpful, and accept my thanks. We are now at very nearly four thousand subscribers (heck, I didn't even know that many people read my books!) and I aim to use this to get information to every single Mastering NT and 2000 Server reader. Thanks for letting me visit with you, take care, and come see me in San Francisco, Scottsdale, Toronto, or Las Vegas! Many, many thanks to the readers who have mailed me to offer suggestions, errata, and those kind reviews. As always, I'm at help@minasi.com.
To subscribe, visit http://www.minasi.com/nwsreg.htm. To unsubscribe, link to http://www.minasi.com/unsubs.htm. Visit the Archives at http://www.minasi.com/archive.htm.
All contents copyright 2001 Mark Minasi. You are encouraged to quote this material, SO LONG as you include this entire document; thanks.