setthecat

I have been playing with this for a few days, so far I have tried: Local and Domain Group Policies: Network access: Do not allow anonymous enumeration of SAM accounts and shares - Disabled Network access: Let Everyone permissions apply to anonymous users - Enabled Network access: Restrict anonymous access to Named Pipes and Shares - Disabled Network access: Shares that can be accessed anonymously - Media Accounts: Guest - Enabled Share permissions: Everyone - Full Control Guest - Full Control Domain Admins - Full Control Domain Guests - Full Control Administrator - Full Control Guests - Full control NTFS Permissions: Everyone - Read&execute, List folder contents, Read SYSTEM - Full control administrator - Full control Guest - Read&execute, List folder contents, Read Domain Admins - Full control Domain Guests - Read&execute, List folder contents, Read Administrators - Full control Guests - Read&execute, List folder contents, Read ANONYMOUS LOGON - Read&execute, List folder contents, Read With everything done I am still not able to access \\10.1.1.10\ without being prompted for credentials. Edit: For now I am working exclusively with the domain controller as it is a replacement that is currently in a test environment.

I have two Servers, one is 2008r2 Enterprise, the other is 2008r2 HPC. The HPC server acts as a Domain Controller, while the other has been setup specifically to deploy WIM images. I want to setup a network share on both computers that will have read access by the everyone group. The DC share will be hosting some media files while the other will be hosting a script and a few updates that will run on the image before joining the domain. The problem I run into is that I have both NTFS and share permissions on both systems set up to allow read access by the "Everyone" group, but neither server's open share can be accessed from a non-domain computer without entering credentials. Is there a policy or some other setting that is preventing the non-domain systems from being allowed access as part of the "Everyone" group?

I currently have a simple domain controller but will be moving soon and plan to restructure. I want to have one domain controller in my apartment and one domain controller in my mom's house that will be able to communicate with eachother. I know the kosher way would be: SetTheCat.local -home.setthecat.local In this setup would all accounts be name@setthecat.local or would users in the subdomain be name@home.setthecat.local? But I was wondering if I could get the same advantages with: apartment.setthecat.local home.setthecat.local Also, with this setup, would my user accounts be set@setthecat.local or set@apartment.setthecat.local?

Not quite sure what you mean, but for temporary testing purposes I'm using my own personal credentials. Edit: Ok, maybe I'm just 'tarded... Looks like I had my password in the username field and my username in the password field... Wish I could re-test this without spending an hour reverting to an image I made in audit mode...

Ok, no longer creating a local account but still not wanting to joint my domain... <settings pass="specialize"> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <Credentials> <Domain>______.com</Domain> <Password>_______</Password> <Username>____________</Username> </Credentials> <DebugJoin>true</DebugJoin> <JoinDomain>______.com</JoinDomain> <MachineObjectOU>OU=computers,DC=______,DC=com</MachineObjectOU> </Identification> </component> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <RunSynchronous> <RunSynchronousCommand wcm:action="add"> <Order>1</Order> <Path>net user administrator /active:yes</Path> <Description>Admin On</Description> </RunSynchronousCommand> </RunSynchronous> </component> </settings> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <UserAccounts> <AdministratorPassword> <Value>________________________________________________________________________</Value> <PlainText>false</PlainText> </AdministratorPassword> <LocalAccounts> <LocalAccount wcm:action="add"> <Password> <Value>________________________________________</Value> <PlainText>false</PlainText> </Password> <Description>Local Administrator</Description> <DisplayName>Administrator</DisplayName> <Group>Administrators</Group> <Name>Administrator</Name> </LocalAccount> </LocalAccounts> </UserAccounts> <AutoLogon> <Password> <Value>________________________________________</Value> <PlainText>false</PlainText> </Password> <Enabled>true</Enabled> <LogonCount>1</LogonCount> <Username>administrator</Username> </AutoLogon> </component> </settings> Is creation of a domain user during oobe required? And does my username need to be just the username or username@domain.com? I'm not even getting debug errors so I can't tell where it fails or why.

For a bit of background, I used audit mode to build a pre-activated Windows 7 x64 WIM for my company (around 1500+ computers) and everything is working with the exception of one OOBE page. I cannot get my answer file to join our domain in the default "Computers" OU and skip creating a local user while still prompting for a unique computer name. The unattended join section of my XML: <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="specialize"> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="________________" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <Credentials> <Domain>______.com</Domain> <Password>_______</Password> <Username>____________</Username> </Credentials> <DebugJoin>true</DebugJoin> <JoinDomain>______.com</JoinDomain> </Identification> </component> </settings> <cpi:offlineImage cpi:source="wim://_______/windowspartition.wim#____Win7" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend> Is there something I did wrong here? Edit: other than the blanks, had to remove a few things for obvious security reasons.