Prestaging computer accounts for RIS / Conclusion

One of the great things that RIS does much better than Ghost for image installations is that it allows the computer account to be prestaged in Active Directory. Basically, the PXE specification provides for each computer to have its own unique GUID. This is transmitted in the DHCP Discover packet and is used to identity the machine account in AD. The result is that the machine itself can be given its proper name automatically, and joined to the domain automatically using the prestaged account. Yet another manual step, changing the machine and domain account name, is eliminated.

Both RIPREP and RISETUP images will handle this automatically if their respective SIF images contain the magical lines to automatically join the domain. The only real effort for a sysadmin is to create the machine account with the GUID field filled in properly. There are two ways of extracting this information:

  • The GUID or UUID value may be found in the BIOS in many cases, and then manually copied to be put into the account properties.
  • A Visual Basic script can be run against the machine’s network name to extract the information using WMI. The target computer must be up and running Windows to do this, with remote administration enabled in Windows Firewall.

A script for doing this is as follows:

Dim strComputer, objComputer, objWMIService, colSettings
strComputer = “<computername>”
Set objWMIService = GetObject(“winmgmts:” _
& “{impersonationLevel=impersonate}!\” _
& strComputer & “rootcimv2”)
Set colSettings = objWMIService.ExecQuery _
(“Select * from Win32_ComputerSystemProduct”)
For Each objComputer in colSettings
Wscript.Echo “Caption: ” & objComputer.Caption
Wscript.Echo “Name: ” & objComputer.Name
Wscript.Echo “UUID: ” & objComputer.UUID
Next

Put the actual computer name into the strComputer variable in the second line e.g. “ADMIN13”.

Then you need to input the information into the account. This can only be done if you ticked a box in the account creation wizard that says “This is a managed computer” at which point you would have been prompted for the GUID. The data can’t be added to existing accounts that weren’t created as managed computers.

Another way to get the GUID is to let an RISETUP installation create an account with a default name, and then copy the GUID that RIS automatically stores for you in the default named account it creates when it joins the domain. You could even try renaming the PC, not something I’ve had a lot of success with.

In conclusion. RIS is a very powerful tool and well worth the effort. It has taken a lot of work to get to this point of creating our RIS image, and it is locked to a group consisting of only half of our desktops. Since I have managed to document the process so well, another time it will be much more straightforward and less time consuming. Of course, now that we have WDS, the next challenge will be to turn my RIS image into a WDS installation. That is a big task in itself, and sometime in the future I will write another series of articles about that.

I trust someone finds this journey and process useful in some form. Have a great day!


Posted

in

by

Tags: