[Server 2008r2 - Share to Everyone]

I have been playing with this for a few days, so far I have tried:

Local and Domain Group Policies:

Network access: Do not allow anonymous enumeration of SAM accounts and shares - Disabled

Network access: Let Everyone permissions apply to anonymous users - Enabled

Network access: Restrict anonymous access to Named Pipes and Shares - Disabled

Network access: Shares that can be accessed anonymously - Media

Accounts:

Guest - Enabled

Share permissions:

Everyone - Full Control

Guest - Full Control

Domain Admins - Full Control

Domain Guests - Full Control

Administrator - Full Control

Guests - Full control

NTFS Permissions:

Everyone - Read&execute, List folder contents, Read

SYSTEM - Full control

administrator - Full control

Guest - Read&execute, List folder contents, Read

Domain Admins - Full control

Domain Guests - Read&execute, List folder contents, Read

Administrators - Full control

Guests - Read&execute, List folder contents, Read

ANONYMOUS LOGON - Read&execute, List folder contents, Read

With everything done I am still not able to access \\10.1.1.10\ without being prompted for credentials.

Edit: For now I am working exclusively with the domain controller as it is a replacement that is currently in a test environment.

[Server 2008r2 - Share to Everyone]

I have two Servers, one is 2008r2 Enterprise, the other is 2008r2 HPC. The HPC server acts as a Domain Controller, while the other has been setup specifically to deploy WIM images.

I want to setup a network share on both computers that will have read access by the everyone group. The DC share will be hosting some media files while the other will be hosting a script and a few updates that will run on the image before joining the domain. The problem I run into is that I have both NTFS and share permissions on both systems set up to allow read access by the "Everyone" group, but neither server's open share can be accessed from a non-domain computer without entering credentials. Is there a policy or some other setting that is preventing the non-domain systems from being allowed access as part of the "Everyone" group?

[Two Sub Domains]

I currently have a simple domain controller but will be moving soon and plan to restructure. I want to have one domain controller in my apartment and one domain controller in my mom's house that will be able to communicate with eachother.

I know the kosher way would be:

SetTheCat.local

-home.setthecat.local

In this setup would all accounts be name@setthecat.local or would users in the subdomain be name@home.setthecat.local?

But I was wondering if I could get the same advantages with:

apartment.setthecat.local

home.setthecat.local

Also, with this setup, would my user accounts be set@setthecat.local or set@apartment.setthecat.local?

[Cannot Unattended Join]

And the domain user and password used to join are valid on the domain to join a machine to the computers OU.

Not quite sure what you mean, but for temporary testing purposes I'm using my own personal credentials.

Edit: Ok, maybe I'm just 'tarded... Looks like I had my password in the username field and my username in the password field... Wish I could re-test this without spending an hour reverting to an image I made in audit mode...

[Cannot Unattended Join]

Ok, no longer creating a local account but still not wanting to joint my domain...

    <settings pass="specialize">
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>______.com</Domain>
                    <Password>_______</Password>
                    <Username>____________</Username>
                </Credentials>
                <DebugJoin>true</DebugJoin>
                <JoinDomain>______.com</JoinDomain>
                <MachineObjectOU>OU=computers,DC=______,DC=com</MachineObjectOU>
            </Identification>
        </component>
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Order>1</Order>
                    <Path>net user administrator /active:yes</Path>
                    <Description>Admin On</Description>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <UserAccounts>
                <AdministratorPassword>
                    <Value>________________________________________________________________________</Value>
                    <PlainText>false</PlainText>
                </AdministratorPassword>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>________________________________________</Value>
                            <PlainText>false</PlainText>
                        </Password>
                        <Description>Local Administrator</Description>
                        <DisplayName>Administrator</DisplayName>
                        <Group>Administrators</Group>
                        <Name>Administrator</Name>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
            <AutoLogon>
                <Password>
                    <Value>________________________________________</Value>
                    <PlainText>false</PlainText>
                </Password>
                <Enabled>true</Enabled>
                <LogonCount>1</LogonCount>
                <Username>administrator</Username>
            </AutoLogon>
        </component>
    </settings>

Is creation of a domain user during oobe required? And does my username need to be just the username or username@domain.com? I'm not even getting debug errors so I can't tell where it fails or why.

[Cannot Unattended Join]

For a bit of background, I used audit mode to build a pre-activated Windows 7 x64 WIM for my company (around 1500+ computers) and everything is working with the exception of one OOBE page. I cannot get my answer file to join our domain in the default "Computers" OU and skip creating a local user while still prompting for a unique computer name. The unattended join section of my XML:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="specialize">
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="________________" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>______.com</Domain>
                    <Password>_______</Password>
                    <Username>____________</Username>
                </Credentials>
                <DebugJoin>true</DebugJoin>
                <JoinDomain>______.com</JoinDomain>
            </Identification>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="wim://_______/windowspartition.wim#____Win7" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

Is there something I did wrong here?

Edit: other than the blanks, had to remove a few things for obvious security reasons.