• Disable Shutdown Event Tracker
  

• Start Menu: No docs, recent, etc. (requires logoff/on)
  
• Command Completion (TAB)
  
• Notepad: Font=FixedSys
  
• Shell: Open with Notepad
  
• Shell: Open with Notepad (unknown extentions only)
  
  
• Shell: Open Command Window Here (INF)
  

• Assign HTA File Icon
  

• Disable Admin Shares (requires restart)
  
• Restrict Anonymous IPC Enumeration (requires restart)
  
• Shell: Encrypt / Decrypt (requires restart)
  

• Exchange System Admin: Show security page
  
• Restore Outlook Desktop Icon
  
• Clear swap file at shutdown
  

To disable the automatic search for network printers and folders: 
Click Start, click Control Panel, click Appearance and Themes,
and click Folder Options to open the Folder Options dialog box.
Click the View tab. In the Advanced Settings list, click to clear
the Automatically Search for Network Folders and Printers check box.
Click OK.

speed When you are connecting and viewing other PC's, such as Windows 95/98 machine on your
network, it can seem rather slow. One of the reasons for this is that the xp machine is
checking for scheduled tasks on the destination computer. Certainly in the home or small
business environment, this is not necessary. Delete the sub-key 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace
{D6277990-4C6A-11CF-8D87-00AA0060F5BF}



You can make admins authenticate as a guest by setting the following
policy in Local Security Settings MMC:
Local Policies/Security Options/Network Access:
Sharing and security model for local accounts:guest only
--------------------------------------------------
It is a security risk to send your passwords out over the network using LM (LanMan)
authentication. It is recommended that you only use NTLM.
Risk Level:  High 

Note: Disabling the LM Hash will break functionality with legacy systems. I.E.
Windows95/98 machines. To disable the LM hash set the following Registry key
settings:

Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Control\Lsa
Key: LMCompatibilityLevel
Type: REG_DWORD
Value: 2 
--------------------------------------------------
The page file is used for virtual memory. It can contain sensitive information such as usernames and passwords. 
Risk Level:  Medium 
How To Fix:  To have the page file automatically cleared on a reboot or shutdown set the following Registry key settings:

Hive: HKEY_LOCAL_MACHINE
Path: SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Key: ClearPageFileAtShutdown
Type: REG_SZ
Value: 1 
--------------------------------------------------
The current MS RAS (Remote Access Server) is not logging connections. It is recommended to log all RAS connection information. 
Risk Level:  Medium 
How To Fix:  To enable logging, set the following Registry key settings:
Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Services\Rasman\Parameters
Key: Logging
Type: REG_DWORD
Value: 1 
--------------------------------------------------
It is recommended to enforce MSCHAP V2; this forces the server to drop any VPN (Virtual Private Network) connections that do not use MSCHAP V2 authentication. 
Risk Level:  Medium 
How To Fix:  To enforce MSCHAP V2 set the following key:
Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Services\RasMan\PPP
Key: SecureVPN
Type: REG_DWORD
Value: 1 
--------------------------------------------------
NTFS has the ability to support backwards compatibility with older 16 bit apps. It is recommended not to use 16-bit apps on a secure server. 
Risk Level:  Medium 
How To Fix:  To disable 8.3 file names set the following Registry key settings:
Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Control\FileSystem
Key: NtfsDisable8dot3NameCreation
Type: REG_DWORD
Value: 1 
--------------------------------------------------
DCOM (Distributed Component Object Model) has been found installed and active. DCOM has been shown to have numerous holes and we therefore recommend disabling it. 
Risk Level:  Medium 
How To Fix:  To disable DCOM:
1. Click Start
2. Click Run
3. Type in dcomcnfg
4. Hit Enter
5. Click the Default Properties tab
6. Uncheck Enable Distributed COM on this computer
7. Click OK 
--------------------------------------------------
It is recommended not to cache your Dial-up Networking passwords. 
Risk Level:  Medium 
How To Fix:  To disable the caching of the dial-up password set the following key:
Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Services\Rasman\Parameters
Key: DisableSavePassword
Type: REG_DWORD
Value: 1 
--------------------------------------------------
By default Windows NT will cache the last interactive logon (console logon) so in case your PDC or BDC are down you are still able to locally log into your machine. It is recommended that this feature not be used because its possible an attacker can gain access to this cached information therefore exposing sensitive logon information. 
Risk Level:  Low 
How To Fix:  To disable cached logon's set the following Registry key settings:
Hive: HKEY_LOCAL_MACHINE
Path: Software\Microsoft\Windows Nt\CurrentVersion\Winlogon
Key: CachedLogonsCount
Type: REG_SZ
Value: 0 
--------------------------------------------------
By default Windows NT will display the last user to log on to the server. This gives an attacker a starting point to try to crack the password of the account last shown and therefore create a window into your network. 
Risk Level:  Low 
How To Fix:  To disable the display of the last username change the following Registry key settings: 
Hive: HKEY_LOCAL_MACHINE
Path: Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Key: DontDisplayLastUserName
Type: REG_SZ
Value: 1 
--------------------------------------------------
When Auto Run is enabled, CDROMs that are inserted into the CDROM drive are automatically run. When a computer is in the reach of being physically accessed, having a CDROM automatically run can lead to virus's and even trojan horses being loaded onto your system. 
Risk Level:  Low 
How To Fix:  Disable CD Auto Run. Set the following Registry key settings:
Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Services\CDRom
Key: Autorun
Value: 0 
--------------------------------------------------
To make your system as secure as possible it is recommended that you use the crash on audit fail settings. When the system security log reaches its maximum size it will stop recording security events. By enabling the crash on audit fail system, your system will shutdown until an administrator logs in and clears the event log. 
Risk Level:  Low 
How To Fix:  We only recommend using this if you want total security. Set the following Registry key settings:
Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Control\Lsa
Key: CrashOnAuditFail
Value: 1 
--------------------------------------------------
If you do not use the Task scheduler you should disable the service. The task scheduler is often used in malicious hacking attacks to run trojan code. It has also been used in the past to elevate local privileges. 
Risk Level:  Low 
How To Fix:  Disable Task Scheduler Service by setting the following registry key. 
Hive: HKEY_LOCAL_MACHINE 
Path:\SYSTEM\CurrentControlSet\Services\Schedule 
Key: Start 
Value: 4 
--------------------------------------------------
By Default, all drives on a machine are shared using hard coded Administrative ACL's. Even if these shares are removed, they are recreated each time the system reboots. 
Risk Level:  Medium 
How To Fix:  To remove this functionality, set the following Registry key settings:
Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Services\LanmanServer\Parameters
Key: AutoShareServer
Type: DWORD
Value: 0 
--------------------------------------------------
Automatic Machine Logon
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
	"AutoAdminLogon"="1"
	"DefaultUserName"="username"
	"DefaultPassword"="password"
	"DefaultDomainName"="NETBIOSDOMAIN"

--------------------------------------------------
--------------------------------------------------
--------------------------------------------------