setthecat
Content Type
Profiles
Forums
Events
Posts posted by setthecat
-
-
I have two Servers, one is 2008r2 Enterprise, the other is 2008r2 HPC. The HPC server acts as a Domain Controller, while the other has been setup specifically to deploy WIM images.
I want to setup a network share on both computers that will have read access by the everyone group. The DC share will be hosting some media files while the other will be hosting a script and a few updates that will run on the image before joining the domain. The problem I run into is that I have both NTFS and share permissions on both systems set up to allow read access by the "Everyone" group, but neither server's open share can be accessed from a non-domain computer without entering credentials. Is there a policy or some other setting that is preventing the non-domain systems from being allowed access as part of the "Everyone" group?
0 -
I currently have a simple domain controller but will be moving soon and plan to restructure. I want to have one domain controller in my apartment and one domain controller in my mom's house that will be able to communicate with eachother.
I know the kosher way would be:
SetTheCat.local
-home.setthecat.local
In this setup would all accounts be name@setthecat.local or would users in the subdomain be name@home.setthecat.local?
But I was wondering if I could get the same advantages with:
apartment.setthecat.local
home.setthecat.local
Also, with this setup, would my user accounts be set@setthecat.local or set@apartment.setthecat.local?
0 -
And the domain user and password used to join are valid on the domain to join a machine to the computers OU.
Not quite sure what you mean, but for temporary testing purposes I'm using my own personal credentials.
Edit: Ok, maybe I'm just 'tarded... Looks like I had my password in the username field and my username in the password field... Wish I could re-test this without spending an hour reverting to an image I made in audit mode...
0 -
Ok, no longer creating a local account but still not wanting to joint my domain...
<settings pass="specialize">
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>______.com</Domain>
<Password>_______</Password>
<Username>____________</Username>
</Credentials>
<DebugJoin>true</DebugJoin>
<JoinDomain>______.com</JoinDomain>
<MachineObjectOU>OU=computers,DC=______,DC=com</MachineObjectOU>
</Identification>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>net user administrator /active:yes</Path>
<Description>Admin On</Description>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserAccounts>
<AdministratorPassword>
<Value>________________________________________________________________________</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>________________________________________</Value>
<PlainText>false</PlainText>
</Password>
<Description>Local Administrator</Description>
<DisplayName>Administrator</DisplayName>
<Group>Administrators</Group>
<Name>Administrator</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<AutoLogon>
<Password>
<Value>________________________________________</Value>
<PlainText>false</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Username>administrator</Username>
</AutoLogon>
</component>
</settings>Is creation of a domain user during oobe required? And does my username need to be just the username or username@domain.com? I'm not even getting debug errors so I can't tell where it fails or why.
0 -
For a bit of background, I used audit mode to build a pre-activated Windows 7 x64 WIM for my company (around 1500+ computers) and everything is working with the exception of one OOBE page. I cannot get my answer file to join our domain in the default "Computers" OU and skip creating a local user while still prompting for a unique computer name. The unattended join section of my XML:
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="________________" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>______.com</Domain>
<Password>_______</Password>
<Username>____________</Username>
</Credentials>
<DebugJoin>true</DebugJoin>
<JoinDomain>______.com</JoinDomain>
</Identification>
</component>
</settings>
<cpi:offlineImage cpi:source="wim://_______/windowspartition.wim#____Win7" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>Is there something I did wrong here?
Edit: other than the blanks, had to remove a few things for obvious security reasons.
0
Server 2008r2 - Share to Everyone
in Windows Server
Posted · Edited by setthecat
I have been playing with this for a few days, so far I have tried:
Local and Domain Group Policies:
Network access: Do not allow anonymous enumeration of SAM accounts and shares - Disabled
Network access: Let Everyone permissions apply to anonymous users - Enabled
Network access: Restrict anonymous access to Named Pipes and Shares - Disabled
Network access: Shares that can be accessed anonymously - Media
Accounts:
Guest - Enabled
Share permissions:
Everyone - Full Control
Guest - Full Control
Domain Admins - Full Control
Domain Guests - Full Control
Administrator - Full Control
Guests - Full control
NTFS Permissions:
Everyone - Read&execute, List folder contents, Read
SYSTEM - Full control
administrator - Full control
Guest - Read&execute, List folder contents, Read
Domain Admins - Full control
Domain Guests - Read&execute, List folder contents, Read
Administrators - Full control
Guests - Read&execute, List folder contents, Read
ANONYMOUS LOGON - Read&execute, List folder contents, Read
With everything done I am still not able to access \\10.1.1.10\ without being prompted for credentials.
Edit: For now I am working exclusively with the domain controller as it is a replacement that is currently in a test environment.