Thanks for the quick reply,

1) Crypto ACL is an ACL to define interesting traffic to be encrypted between the VPN tunnel.
On Office router: you are using ACL 101, however, ACL 101 is applied to both the crypto map as well as your class-map/zbfw.
Same on pit1 router: you are using ACL 101, however, ACL 101 is applied to both the crypto map as well as your class-map/zbfw.
I would suggest that you configure a different ACL for the crypto map as well as the class-map/zbfw so when you add or make modification to the ACL it does not affect each other.

Sorry, but I am not sure how I would go about doing that   Is there a document that I could read regarding how to accomplish this?

2) Crypto ACL needs to be mirror image between the 2 sites. Currently you have:
Office router:
access-list 101 permit ip any host 10.15.0.1
access-list 101 permit ip 10.15.0.0 0.0.0.255 10.15.1.0 0.0.0.255
Pit1 router:
access-list 101 permit ip host 67.225.57.7 any
access-list 101 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 101 permit ip 10.15.1.0 0.0.0.255 10.15.0.0 0.0.0.255
I would suggest that you configure a new ACL# and apply that to the respective crypto map match address statement as follows:
Office router:
access-list 150 permit ip 10.15.0.0 0.0.0.255 10.15.1.0 0.0.0.255
crypto map CISCO 10 ipsec-isakmp 
  no match address 101
  match address 150
Pit1 router:
access-list 150 permit ip 10.15.1.0 0.0.0.255 10.15.0.0 0.0.0.255
crypto map CISCO 10 ipsec-isakmp 
  no match address 101
  match address 150
3) Lastly, I am guessing base on your configuration that you are trying to RDP to 10.15.0.1, 10.15.0.2 and 10.15.1.99. If you are, then you won't be able to RDP to the private ip addresses via the VPN tunnel because of the following NAT configuration:
Office router:
ip nat inside source static tcp 10.15.0.1 3389 interface FastEthernet4 4489
ip nat inside source static tcp 10.15.0.2 3389 interface FastEthernet4 4589
Pit1 router:
ip nat inside source static tcp 10.15.1.99 3389 interface FastEthernet4 8889
For 10.15.0.1, 10.15.0.2, you can add the Office router public ip address into the crypto ACL (as it is static ip address), and you can access those 2 servers from the Pit1 side using its public ip address as per the static PAT port you configured (4489 and 4589).
For 10.15.1.99, you can add Pit1 router public ip address into the crypto ACL. I assume the ip address is also static even though it is DHCP assigned as you have configured static crypto map on Office router for peering with Pit1 router.
To achieve that, if you change the crypto ACL to 150 as per my above point, you can add the following:
Office router:
access-list 150 permit ip host  10.15.1.0 0.0.0.255
access-list 150 permit ip 10.15.0.0 0.0.0.255 host 
Pit1 router:
access-list 150 permit ip 10.15.1.0 0.0.0.255 host 
access-list 150 permit ip host  10.15.0.0 0.0.0.255
After all of the above changes, pls make sure that you clear the tunnel SA at both end:
clear cry isa sa
clear cry ipsec sa

I *think* I entered this correctly.  I did a "#clear crypto isakmp" followed by a "#clear crypto sa" on each router.  then did a "#write" followed by a "#reload"  on each.  when trying to connect to the RDP Server (10.15.0.2) from Computer at Pit (10.15.1.99), it says "cannot connect to computer".  so i then tried to browse file share on the RDP Server as well as the DB Server (10.15.0.1) but said could not find computer.  Ping, still, works both ways.

You would need to RDP to the public ip address of the respective router with the port that you specify in the NAT statement.

if i got rid of the NAT statements, then i could use the internal IP?

what would i need to add to allow microsoft windows file sharing accross the tunnel?

i guess the goal was to have access to either location's network resources as though they were all local.  the software vendor for the application running on the servers at the office, wanted RDP access without having to log on to the vpn; hence why there was NAT.

It kinda baffles me that i cant have NAT access from any computer on the internet and local access through the VPN at the same time, unless i am missing something here - which is a good possibility.

Yes, correct, if you remove the static NAT statements, you can connect using the private IP. But you won't be able to connect from the Internet anymore.

Yeah, unfortunately you can't add "route-map" to bypass the NAT for static PAT on the router. The same would work just fine from ASA firewall.

Microsoft file sharing should work as long as the ip address is in the subnet configured in the crypto ACL.

i believe i have my subnets set correctly in my crpto, but i cannot seem to access any microsoft file shares accross the VPN (not that i will be doing alot of this).

For the RDP, i can live with using the external IP to access rdp.

Try to lower the MSS value on your inside interface and test the connection again.

Example:

interface Vlan1

     ip tcp adjust-mss 1300

i changed the value on both sides, but made no difference.  i am still unable to connect to any shares on either side of the tunnel.

Do you try to access the share by IP address or by name?

Can you please advise the ip address of the shares? Thanks.

Tried via ip address.
10.15.0.1\Share and
10.15.0.2\Share