Remove the Security Tab Windows XP This restriction removes the Security tab from Windows explorer which prevents users from accessing or changing the security permissions of folder and
Trang 1Remove the Distributed File System Tab (Windows 2000/XP)
This restriction removes the Distributed File System (DFS) tab from Windows explorer This prevents users from viewing or changing the properties of local DFS shares
Remove the Security Tab (Windows XP)
This restriction removes the Security tab from Windows explorer which prevents users from accessing or changing the security permissions of folder and file
objects
Remove the Hardware Tab (Windows 2000/XP)
This restriction removes the hardware tab from applicable items in the Control Panel and from the local drive properties This prevents users from changing the hardware device properties
Disable the New Menu Item (All Windows)
This tweak can be used to disable the ability to use the New menu item to create new objects using explorer
Disable the Ability to Customize Toolbars (All Windows)
By right clicking on a toolbar you are usually given the option to Customize, which allows you to change which functions are available from the toolbar This tweak allows you to disable that function
Remove the Option to Change or Hide Toolbars (All Windows)
By default users are able to select which toolbars are displayed either be right clicking the toolbar itself, or by changing the options from the View menu This tweak locks the toolbars, removing the ability to change which are displayed
Remove File Menu from Explorer (All Windows)
This setting is used to Remove the File option from the Explorers toolbar
Hide the Network Neighborhood Icon (All Windows)
The Network Neighborhood icon is shown on the Windows desktop whenever Windows networking is installed, by enabling this setting the icon will be hidden
Disable Folder Options Menu (All Windows)
This tweak allows you to hide the Folder Options function from the folder Tools menu Allowing you to restrict access to numerous advanced folder features
Trang 2Remove Properties from My Computer (Windows XP)
This restriction remove the properties option from My Computer and hides the
"System Properties" screen
Remove the Ability to Modify File Types (Windows 2000/XP)
This setting allows you to remove the ability to change, add or delete file types using explorer the Folder Options interface
Hide All Items on the Desktop (All Windows)
Enabling this options hides all the items and programs on the Windows desktop
Home : Security : Login and Authentication
Automatic Logon to Windows 95, 98 and Me (Windows 95/98/Me) Popular
This setting allows Windows clients to automatically logon without entering a user name or password, therefore bypassing the logon box
Automatic Logon to Windows NT, 2000 and XP (Windows NT/2000/XP)
Popular
Windows includes a feature that allows you to configure the computer to
automatically logon to the network, bypassing the Winlogon dialog box
Enable Shutdown from Authentication Dialog Box (Windows NT/2000/XP)
When this setting is enabled a [Shutdown] button is displayed in authentication dialog box when the system first starts This allows you to shutdown a system without logging in The button is shown by default on a workstation and removed
on a server installation
Automatic Administrative Logon to Recovery Console (Windows 2000/XP)
The recovery console is a command line environment that is used to recover from system problems This setting controls whether the administrator account will be logged on automatically or be required to enter a password when the recovery console is invoked during startup
Disable Password Caching in Internet Explorer (All Windows)
When you attempt to view a password-protected site, you are normally prompted
to type your username and password with an option to "Save this password in your password list" This tweak can be used to disable the ability for users to save
passwords
Trang 3Limit the Number of Automatic Logins (Windows NT/2000/XP)
This setting is used to limit the number of automatic logins, once the limit has been reached the auto logon feature will be disabled and the system will display the standard authentication box
Modify the Number of Cached Logins (Windows NT/2000/XP)
This value controls the number of allowable cached login attempts when the
network domain controller is unavailable
Legal Notice Dialog Box Before Logon (All Windows) Popular
Use these fields to create a dialog box that will be presented to any user before logging onto the system This is useful where you are required by law to warn people that it is illegal to attempt to logon without being an authorized user
Set the Minimum Password Length (All Windows)
You can force Windows to reject passwords that do not meet a minimum password length Useful to help stop people from using trivial passwords where security is an issue
Customize the Windows Logon and Security Dialog Title (Windows
NT/2000/XP) Popular
This setting allows you to add additional text to the title of the standard Windows Logon and Windows Security dialog boxes
Show Verbose Security Status Messages (Windows 2000/XP)
This setting allows you to configure Windows so that you receive verbose startup, shutdown, logon, and logoff status messages This may be helpful to in
troubleshooting slow startup, shutdown, logon, or logoff behaviour
Force the Use of Automatic Logon (Windows 2000/XP) Popular
Normally when a Windows machine is configured to automatically logon to a specified account users can bypass this and enter alternate account information This tweak forces the machine to auto logon and to ignore any bypass attempts
Disable Password Caching (All Windows)
Normally Windows caches a copy of the users password on the local system to allow for additional automation, this leads to a possible security threat on some systems Disabling caching means the users passwords are not cached locally This setting also removes the second Windows password screen and also remove the possibility of networks passwords to get out of sync
Trang 4Require Alphanumeric Windows Password (All Windows)
Windows by default will accept anything as a password, including nothing This setting controls whether Windows will require a alphanumeric password, i.e a password made from a combination of alpha (A, B, C ) and numeric (1, 2 ,3 ) characters
Disable the Change Password Button (Windows NT/2000)
This setting disables the 'Change Password' button on the Windows Security dialog box Enabling this setting stops casual users from being able to change the
password
Disable the Lock Workstation Button (Windows NT/2000/XP)
Add this setting to the registry to stop unauthorized users from locking machines from the Windows Security dialog box
Disable the Auto Logon Shift Override Feature (Windows NT/2000/XP)
When using the automatic login feature it is possible for a user to hold the Shift key to bypass the login sequence and enter a username and password This feature disables the ability to override the function
Require Users to Press Ctrl+Alt+Delete Before Logon (Windows 2000/XP)
This setting controls whether users are required to press Ctrl + Alt + Delete as a security precaution before logging into the system
Restrict Showing the Last Username (Windows 2000/XP)
This restriction removes the ability to view which user was last logged onto a computer by clearing the username box on the login screen
Use Active Authentication for Unlock and Screen Saver (Windows
NT/2000/XP)
This setting controls whether a full login should be performed when a workstation
is unlocked or a password is used with the screen saver Normally Windows will not check some settings such as whether the account has been locked out
Change the Message Shown on the Logon Box (Windows NT/2000/XP) Popular
You can personalize (or legalize) the message displayed on the logon box above the user name and password
Allow Portables to Undock Before Logon (Windows XP)
This setting controls whether users with portable computers have the option to undock the system before they have logged onto the computer
Trang 5Start Windows Without Prompting for a Password (Windows 95/98/Me)
Popular
Does Windows prompt you for a password every time you boot up even though you're the only one using the PC? Follow these instructions to make Windows automatically start up without prompting you for a password
Force Users to Logon to Windows (Windows 95/98/Me) Popular
Usually users can simply press 'Cancel' at the Windows logon box to bypass the login process and gain access to the local computer This tweak will logout the user
if the authentication fails or the user clicks Cancel
Home : Security : Network
Network Connection Restrictions (Windows 2000/XP)
These restrictions control access to the features and properties of LAN, RAS and other network connections
Remove Log Off from the Start Menu (All Windows)
This tweak allows you to remove the Log Off [Username] option from the Start menu
Disable File and Printer Sharing (Windows 95/98/Me)
When file and printer sharing is installed it allows users to make services available
to other users on a network, this functionality can be disabled by changing this setting
Harden the TCP/IP Stack for Denial of Service Attacks (Windows 2000/XP)
Denial of service attacks are network attacks that are aimed at making a computer
or a particular service unavailable to network users These settings can be used to increase the ability for Windows to defend against these attacks when connected directly to the Internet
Disables DHCP Router Discovery (All Windows)
The ICMP Router Discovery Protocol (IRDP) comes enabled by default for
Windows clients using DHCP This can be a security issue because by spoofing IRDP Router Advertisements, an attacker can remotely add default route entries on
a remote system
Trang 6Protect Against SYN Flood Attacks (Windows NT/2000/XP)
Windows includes protection that allows it to detect and adjust when the system is