Disable Recent Shares in Network Places Windows 2000/XP This restriction stops remote shared folders from being added to Network Places whenever you open a document in the shared folder
Trang 1being targeted with a SYN flood attack (a type of denial of service attack) When enabled the connection responses time out more quickly in the event of an attack
Disable Web Printing (Windows 2000/XP)
This restriction enables and disables server support for Internet printing Internet printing lets you display printers on Web pages so they can be viewed, managed, and used across the Internet or an intranet
Disable Recent Shares in Network Places (Windows 2000/XP)
This restriction stops remote shared folders from being added to Network Places whenever you open a document in the shared folder
Offload IP Security Task Processing (Windows 2000/XP)
This setting is used to control whether IP Security (IPSEC) tasks should be
offloaded to a network card with IP security capabilities
Specify Users to Receive Administrative Alerts (Windows NT/2000/XP)
This setting is used to specify a list of users and/or computers that should receive administrative alerts
Send Plain Text Passwords (All Windows)
When connecting to some SMB servers, such as Samba and LAN Manager for UNIX, you may be required to send unencypted password This setting enables that functionality
Disable Save Password Option in Dial-Up Networking (Windows NT/2000)
When you dial a phonebook entry in Dial-Up Networking (DUN), you can use the 'Save Password' option so that your DUN password is cached and you will not need to enter it on successive dial attempts This key disables that option
Restrict Anonymous User Access (Windows NT/2000/XP)
Windows has a feature where anonymous users can list domain user names and enumerate share names Users who want enhanced security may optionally restrict this functionality
Changing LAN Manager Authentication on Windows NT (Windows NT)
Windows NT supports two kinds of challenge/response authentication:
LanManager (LM) and Windows NT (NTLM) LM authentication is not as strong
as Windows NT authentication so some customers may want to disable its use, because an attacker sniffing the network traffic could possibly attack the weaker protocol
Trang 2Disable TCP/IP Source Routing (Windows NT 4.0)
Normally, on a computer running Windows NT 4.0, you cannot disable the source routing feature for the TCP/IP protocol By using this tweak it is possible to disable
it
Hide the Active Directory Folder in My Network Places (Windows 2000)
This restriction is used to remove the Active Directory folder from My Network Places This still allows users to search but not browse the Active Directory
Hide Computer from the Browser List (Windows NT/2000/XP)
If you have a secure server or workstation you wish to hide from the general
browser list, then enable this setting
Hide Entire Network in Network Neighborhood (All Windows)
Entire Network is an option under Network Neighborhood that allows users to see all the Workgroups and Domains on the network Entire Network can be disabled,
so users are confined to their own Workgroup or Domain
Hide Workgroup Content from Network Neighborhood (All Windows)
Enabling this option hides all Workgroup contents from being displayed in
Network Neighborhood
Remove the Map and Disconnect Network Drive Options (Windows
NT/2000/XP)
Prevents users from making additional network connections by removing the Map Network Drive and Disconnect Network Drive buttons from the toolbar in
Explorer and also removing them from the Context menu of My Computer and the Tools menu of Explorer
Disable Caching of Domain Password (Windows 95/98/Me)
Enabling this setting disables the caching of the domain passwords, and therefore passwords are required to be re-entered to access any additional domain resources
Hide Share Passwords with Asterisks (All Windows)
This setting controls whether the password typed when accessing a file share is shown in clear text or as asterisks
Hide Computers Near Me in Network Places (Windows 2000/Me/XP)
This setting allows you to show or hide the computers listed Near Me in My
Network Places
Trang 3Disable the Ability to Remotely Shutdown the Computer Browser Service
(Windows NT/2000/XP)
It is possible for a malicious user to shut down a computer browser, or all
computer browsers, on the same subnet If all of the computers on the same subnet are shut down, they can then declare their own computer the new master browser
Automatic Hidden Shares (Windows NT/2000/XP)
When networking has been installed on a Windows machine, it will automatically create hidden shares to the local disk drives It is possible to disable the sharing at run-time, but this tweak will stop the automatic sharing altogether
Require Validation by Network for Windows Access (Windows 95/98/Me)
By default Windows 9x doesn't require a valid network username and password combination for a user to bypass the logon and gain access to the local machine This functionality can be changed to require validation by the network before
allowing access
Changing the Password Expiry Warning Period (Windows NT/2000/XP)
This entry specifies the number of days before a user's password expires that a warning message is displayed
Disable the Automatic Creation of a Default Network Route (Windows NT)
This tweak controls the default behavior of Windows to add a network route to 0.0.0.0 on multi-homed machines (e.g proxy or firewall)
Home : Security : Privacy
Clear the Page File at System Shutdown (Windows NT/2000/XP) Popular
Windows does not normally clear or recreate the page file On a heavily used
system this can be both a security threat and performance drop Enabling this
setting will cause Windows to clear the page file whenever the system is shutdown
Reset Microsoft Word Settings and Recent Files (All Windows)
This setting can be used to reset the Word parameters back to the default if you are experiencing problems For example if you start Word and one of your toolbars or menu bars is missing, or if your personalized settings are not retained
Disable Network Messenger Service (Windows NT/2000/XP)
The Messenger service is normally used to transmit net send and Alerter service messages between clients and servers Recently it has been employed by marketers
Trang 4for sending unsolicited advertising popups (SPAM) over the Internet This tweak allows you to disable this service
Clear Download Accelerator History (All Windows)
Download Accelerator Plus (DAP) is a tool used to retrieve files from Internet servers It stores a history of the files downloaded and URLs visited To increase privacy and security this tweak allows you to clear the history
Disable Recent Files in Media Player (All Windows)
This restriction will stop Windows Media Player from storing the names of the played media in the recent file list
Clear the Recent Play List in Media Player (All Windows)
This tweak allows you to clear the recent files, URL history and radio stations in Windows Media Player
Empty Temporary Internet Files on Exit (All Windows)
This setting controls whether Internet Explorer should delete all of the temporary Internet files stored during the session when the browser is closed
Clear the Cached Run Commands (All Windows)
Do you have a lot of items in the run command history on Start Menu? This tweak will allow you to clear the most-recently-used (MRU) list
Clear the Internet Explorer Typed Address History (All Windows) Popular
Internet Explorer caches any URLs that are typed into the address bar This may become a privacy issue on a shared computer, or a nuisance if there is a particular URL you want to remove without clearing the whole history
Disable User Tracking (Windows 2000/XP)
This setting stops Windows from recording user tracking information including which applications a user runs and which files and documents are being accessed
Clear the Netmeeting Call History (All Windows)
This tweak allows you to clear the stored call history in the Netmeeting drop down list
Home : Security : Remote Access
Trang 5Configure Remote Access Client Account Lockout (Windows 2000/XP)
You can use the remote access account lockout feature to specify how many times
a remote access authentication has to fail against a valid user account before the user is denied access Use this tweak to set the number of failed logins before the account is locked-out and the time before the lockout is reset
Specify the Callback Pause Period (Windows NT/2000/XP)
When callback is required or requested this setting defines how long to wait before initiating the callback connection
Automatically Disconnect Remote Access Callers (Windows NT/2000/XP)
Specifies the amount of idle time in minutes to wait before disconnecting the
remote access client
Time Limit for Remote Access Authentication (Windows NT/2000/XP)
A time limit can be enforced on the period available to logon via remote access before the connection is terminated
Number of Remote Access Authentication Attempts (Windows NT/2000/XP)
This setting controls the number of authentication retries before a remote access connection is terminated
Disable Dial-In Access (Windows 95/98/Me)
It's possible for users to setup a modem on a Windows machine, and by using
Dial-up Networking allow callers to connect to the internal network Especially in a corporate environment this can cause a major security risk
Automatically Use Dial-Up Networking to Logon (Windows NT/2000)
There is an option that is available on the logon dialog box and allows you to dial into your logon server for authentication of your user account, this can be enabled
by default
Disable the "Log on using dial-up connection" Check Box (Windows NT/2000)
During logon Windows allows users to optionally connect to a Windows domain using dial-up networking, this tweak can be used to disable that option
Home : Security : Start Menu and Taskbar
Documents and Folders
Security Settings for Documents
Trang 6and Folders