Win 10 Install From ISO vs Domain-Set Image

deanwebb · December 18, 2017, 04:51:07 PM

TL;DR: If you install Windows from a Technet ISO, expect to do a good deal of tinkering before it will play 100% with others. Fix the image and install from that, things run as expected.

Long version: I wanted to get a Win 10 VM to mess around with, so I used the Technet image I got and spun it up. To get it where my NAC could talk to it completely, I had to turn on the Remote Registry service, add a registry entry for SysvolReady, make an exception for Remote Registry and WMI in Windows Firewall, turn on network discovery for the Domain network, set the Windows DC as the DNS server for the Win10 box, do an ipconfig /dnsflush and /dnsregister from an admin-elevated cmd prompt, and manually join it to my domain.

Now, for it to work with NAC, I could have installed a client. I could have also left Remote Registry off, but wanted to have full management, so I fired it up.

If I had made all those settings in the image prior to install and then pushed it out, I wouldn't have had to do all that business. Or so I think. I suppose my next step is to actually try hacking an image and installing from *that*.

icecream-guy · December 19, 2017, 05:52:42 AM

Quote from: deanwebb on December 18, 2017, 04:51:07 PM
...I had to turn on the Remote Registry service, add a registry entry for SysvolReady, make an exception for Remote Registry and WMI in Windows Firewall, turn on network discovery for the Domain network, set the Windows DC as the DNS server for the Win10 box, do an ipconfig /dnsflush and /dnsregister from an admin-elevated cmd prompt, and manually join it to my domain.

Did you scan it afterwards doing all those tweaks? It'd be interesting to see how many vulnerability doors you just opened.

deanwebb · December 19, 2017, 08:39:56 AM

Well... that sounds like an excuse to install Kali Linux into a VM...

Win 10 Install From ISO vs Domain-Set Image

deanwebb

icecream-guy

deanwebb