In addition to an unattended answer file, Windows 2000 also provides the ability for administrators to add extra plug and play drivers to the installation to support hardware which is not present on the original Windows 2000 CD.  This is achieved using a $OEM$ directory structure.  Windows 2000 provides numerous methods of deployment. 

 

The available methods include:

 

·         RIS (remote installation service) running on a Windows 2000 Server.  Using this, a computer can boot using a PXE enabled boot ROM and automatically install its own OS.

·         An i386 directory copied to a share on a file server.  Clients can connect to this share (using a TCP/IP boot disk for example) and setup can be run from the network share.  The disk must be partitioned using fdisk beforehand for this method to work.

·         A master machine is set up and configured in the required way.  The Sysprep utility from the Windows 2000 Resource Kit is then used to prepare the system for duplication.  The master system shuts down, at which point a product such as DriveImage can be used to clone the hard disk to several target machines.  When these machines start up, a mini-setup wizard runs through and makes any adjustments required for the new target hardware using plug and play.  Note that the HAL must be the same on the master and target computers.

 

 

 

 

This is a line by line analysis of the winnt.sif file used by the School of Health Science. 

The winnt.sif file needs to be placed in the i386 directory on the CD. 

 

 

 

 

 

 

 

 

• Copy the entire original Windows 2000 CD’s contents to this folder.       C:\1
• Download the SP4 folder and extract to the directory.                        C:\2

 

You can safely remove the following files and directories to create some extra space and to remove the upgrade functionality if required.

\bootdisk

\discover

\setuptxt

\support

\valueadd

\autorun.inf

\read1st.txt

\readme.doc

\setup.exe

\i386\win9xmig

\i386\win9xupg

\i386\winntupg

 

type:  c:\1\i386\update\update.exe -s:c:\2\w2kcd

 

• Go to your created i386 folder in C:\2,
• find the setupp.ini file, remove the read-only attribute and open the file in notepad.
• Change the last 3 digits of the Pid number to 270.  OEM CDs contain the letters “OEM” rather than “000”.  Now it looks like this:
  
  [Pid]
  ExtraData=646E77637A6F6D79626A1D94089595
  Pid=51873270

 

For a basic CD, you’re now ready to burn the CD (see the section, “creating the CD image”).  If you wish to include extra drivers, copy extra files, run a batch file after GUI mode setup, or install extra applications then read on.

 

 

 

Place the $OEM$ directory in the root of the CD-ROM rather than inside i386 works perfectly. 

The $1 directory corresponds to the boot drive.  (e.g. C:\)  Files and folders placed in \$OEM$\$1 will be copied to the system drive

The $$ directory corresponds to the system root directory (e.g. C:\winnt).  Anything placed in \$OEM$\$$ gets copied to the system root directory

 

Windows 2000 setup can only deal with filenames in the DOS 8.3 format.  There is a $$rename.txt mechanism documented in the resource kit so that files can be given their correct names.

Adding extra plug and play drivers to $OEM$

 

Because setup does not have access to the CD-ROM during GUI setup (it copies all necessary files to temporary directories on the hard disk during the file-copy phase), the extra drivers need to be included in the $OEM$ structure.  The extra drivers could be placed into any directory on the hard disk, but for this example, we’ll use c:\drivers.

 

Copy all the files into \$OEM$\$1\drivers.  This will be copied to the hard disk as c:\drivers.

 

To tell Windows 2000 where it should look to find extra plug and play drivers, include the line

 

OEMPnPDriversPath="\drivers”

 

in the [unattended] section of your winnt.sif file.  The system drive’s letter will be added to the start of this string.

 

Windows should now detect the audio hardware (if present) and install the driver.  If you wish to include unsigned drivers, you should set the driver signing policy to “ignore” by including

 

DriverSigningPolicy=Ignore

 

in the [unattended] section of your winnt.sif file.

 

Files from multiple drivers should be able to coexist with each other provided that they all have unique names.  If they don’t split the drivers directory into multiple subdirectories.

 

You can split the drivers directory into subdirectories of your choice (e.g. network, audio, video, etc.).  You need to specify each directory individually in the OEMPnPDriversPath field, separated by ; characters.  For example, install\drivers\audio; install\drivers\network; etc..

 

 

 

 

For this example I’ll use Adobe Acrobat Reader 6, which uses the InstallShield Wizard as its installer.  The setup can be made to run silently as follows:

 

·         Download the ar6 files, which comes as a self extracting zip.

·         Drop the executable file into a WinZip window and extract its contents to an area on your hard disk.

·         On a clean reference PC, run setup using the –r switch (setup –r).

·         Choose the installation options you want.

·         When setup has finished, look in the winnt folder for a file named setup.iss.  This file contains the options you gave during setup.

·         Copy the setup.iss file into the same directory as AR5’s setup.exe file.

·         To run the installation silently on the destination PCs, run setup with the –s switch (setup –s).

 

Other scriptable applications include Terminal Services Client and Office 2000.  The former use MSI files and are relatively easy to script. 

For the Terminal Services Client, it is important to use the ALLUSERS=1 option with msiexec, otherwise the shortcuts get installed into the account used for installation rather than the all users profile.

 

Once you have created your application scripts, you can launch them from the Windows 2000 CD by creating a batch file and referencing it in the GUIRunOnce section of winnt.sif.  This file will, as its name suggests, be run only once.  Combined with an autologin parameter, the applications can start installing without any intervention.

 

Although Windows MSI technology is designed to allow setup to be customisable, Microsoft has so far only released a custom installation wizard that works with Office 2000 and Office XP (and of course any individual versions of Word, Excel, Powerpoint, Access and Outlook).  You may also want to roll out changes to the registry and script NTFS permission changes in a runonce file.

 

As an example of some of the modifications that can be scripted, I will document the following:

 

·         Preventing the last username being cached at the login screen by modifying the registry;

·         Installing extra fonts;

·         Changing NTFS permissions.

 

Username caching.

The setting for whether usernames are cached is stored in the registry under the following key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system.

 

A dword value called dontdisplaylastusername controls the caching.  Zero is the default setting and 1 will stop names being cached.

 

To automate this change in the registry, create a file called machine.reg containing the following lines.

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000001

 

Store this file on the Windows 2000 CD and call it with a batch file in the following manner.

 

start /wait regedit /s machine.reg

 

The /s switch stops regedit bringing up a confirmation dialogue box.

 

Changing permissions on registry keys in a batch file.

 

Some applications that have been written poorly make the assumption that the user has access to keys in the local machine registry (HKEY_LOCAL_MACHINE).  When logged in as an administrator, this assumption is correct.  However, normal users of Windows 2000 can’t.  Sometimes there are applications that we would like to make run under Windows 2000 by changing permissions on the registry.

 

Note that regedt32.exe is the tool to use if you want to change registry permissions by hand, rather than regedit.exe.

 

To change registry permissions in a batch file, you need a utility called regini.exe which is a tool from the Windows NT 4 resource kit.  See Q237607 for details of how to use this tool, and Q257643 for details of the registry change we’re about to perform.

 

Create a file called reg.ini with the following contents.

 

\registry\machine\software\microsoft\shared tools\proofing tools\spelling [1 5 7 17]

\registry\machine\software\microsoft\shared tools\proofing tools\grammar [1 5 7 17]

 

To use regini, run this file as follows.

regini.exe reg.ini

 

For details of what permissions the number correspond to, see the knowledge base article above.

 

Changing NTFS permissions using a batch file.

 

Windows 2000 contains a utility called CACLS for changing NTFS permissions.  To use CACLS to give ordinary users change permissions on the c:\winnt\temp directory, issue the following command.

echo y|cacls "c:\winnt\temp" /c /t /g administrators:F users:C "power users":C system:F

The echo y bit is to avoid the “are you sure” prompt from the CACLS command.

 

CACLS is available as standard with Windows 2000.  The Windows 2000 Resource Kit contains a utility called XCACLS that has more options, including a /y switch to suppress the “are you sure” prompt.  Download this file from ftp://ftp.microsoft.com/reskit/win2000/xcacls.zip.  You can include the xcacls.exe file in the \$OEM$\$$\system32 directory so that it is copied to the hard disk of the installed machine if you wish.

 

 

 

You will require the following:

 

·         A copy of CDRWin from Golden Hawk Technologies. See http://www.goldenhawk.com.

·         An image of the Windows 2000 CD’s boot sector.  See http://www.xs4all.nl/~binkbv/Bink.nu/Bootcd/bootfiles.zip

 

We need to use CDRWin, as this is capable of burning a custom boot sector and has the “load sector count” parameter (see later).  The demo version of CDRWin is restricted to single speed writing.  The best way to burn at the full speed of your writer is to use CDRWin to produce an ISO image file and use your normal CD writing software (e.g. Easy CD Creator) to burn the ISO image file produced by CDRWin.

 

These screenshots and instructions are based on the current non-beta version of CDRWin (3.8E).

 

·         Start CDRWIN and choose the File Backup and Tools option.

 

 

The following window appears

 

If you only have the demo version of CDRWIN and don’t feel like wasting an hour to burn at single speed, choose to create an ISO image so that it can be recorded using your normal CD writing software.

 

 

Next, click on the directory button (see below) and navigate to the directory containing your CD contents.  It is important to add only this directory, rather than selecting all the files and directories one level below.  If you do this, the CD will not work (trust me, I’ve tried).

 

 

Click the add button.

 

 

Next, set the options to match the following screenshot.

 

 

Set the output image filename by clicking the “…” button.  It is useful to include the date or a version number in the filename so you can identify which image is which.  Tick the disable version numbers option and ensure the other options are not ticked. Click the advanced options button.

 

 

 

 

Click the bootable disk tab. Set the options to match the screen-shot.  The w2kboot.bin file is a copy of the original boot sector. 

Make sure you set the load sector count to 4, otherwise the CD will not boot.

 

Click the OK button to return to the File Backup and Tools window, at which point you are ready to click the START button to create the ISO image.

Once the ISO image has been created, use your normal CD writing software to create a CD from the ISO image.

Notes

If you want to change the options in winnt.sif for a single system, rather than creating a new CD you can copy winnt.sif onto a floppy disk and modify it.  If this floppy disk is placed in the floppy drive at the start of setup, this copy will take precedence over the winnt.sif file which is already on the CD.

 

The winnt.sif file gets copied to the hard disk during setup, but the file is parsed and any passwords are stripped from the file.  If you want to use a batch file to copy the entire contents of i386 to the hard disk (which should not be necessary now that drivers are located in the driver cache directory of all installed systems) then you should make sure that the winnt.sif file is not copied.

 

If the winnt.sif file above is used, the hard disk will be wiped and reformatted without any prompting.  You should be careful of this.