|
|
Copyright
©2007
1securitycenter.com
All rights reserved
|
|
|
|
|
Restricting Access to the Event Logs - The Windows NT event log contains records documenting application, security and system events taking place on the machine. This tweak allows you to restrict access to administrators and system accounts only.
Stopping the KnownDLLs Vulnerability - In Windows NT, core operating system DLLs are kept in virtual memory and shared between the programs running on the system. This has exposed a vulnerability thatcould allow a user to gain administrative privileges on the computer the user is interactively logged onto.
Securing Network Access to CD-ROM Drives - This setting determines whether data in the CD-ROM drive is accessible to other users. This value entry satisfies, in part, the C2 security requirement that you must be able to secure removable media.
Securing Network Access to Floppy Drives - This setting determines whether data in the floppy disk drive is accessible to other users. This value entry satisfies, in part, the C2 security requirement that you must be able to secure removable media.
Require Alphanumeric Windows Password - Windows by default will accept anything as a password, including nothing. This setting controls whether Windows will require a alphanumeric password, i.e. a password made from a combination of alpha (A, B, C...) and numeric (1, 2 ,3 ...) characters.
Control the Automatic Restarting of the Shell - By default if the Windows NT user interface or one of its components fails, the interface is restarted automatically, the can be changed so that you must restart the interface by logging off and logging on again manually.
Clear the Page File at System Shutdown - Windows normally does not not clear or recreate the page file. On a heavy used system this can be both a security threat and performance drop. Enabling this setting will cause Windows to clear the page file whenever the system is shutdown.
Disabled Password Caching - Normally Windows caches a copy of the users password on the local system to allow for additional automation, this leads to a possible security threat on some systems. Disabling caching means the users passwords are not cached locally. This setting also removes the second Windows password screen and also remove the possibility of networks passwords to get out of sync.
Disable Windows Installer - This restriction allows you to prevent users (not admins) from adding and removing software applications with Windows Installer.
Enable Remote Assistance - The Remote Assistance feature is a convenient way for an administrator to remotely connect to a computer and with permission view the screen, move the mouse, use the keyboard and chat online.
Disable File and Printer Sharing - When "File and Printer sharing..." is installed it allows users to make services available to other users on a network, this functionality can be disabled by changing this setting.
Hide Share Passwords with Asterisks - This setting controls whether the password typed when accessing a file share is shown in clear text or as asterisks.
Disable Caching of Domain Password - Enabling this setting, disables the caching of the NT domain password, and therefore it will need to be re-entered to access additional domain resources.
Automatic Hidden Shares - This key controls whether the administration shares are created ie. c$ and d$. Set this option to disable admin shares for a server and for a workstation.
Disabling Save Password option in Dial-Up Networking - When you dial a phonebook entry in Dial-Up Networking (DUN), you can use the "Save Password" option so that your DUN password is cached and you will not need to enter it on successive dial attempts. This key disables that option.
Do not Display Last User Name - Enabling this key will blank the username box on the logon screen. Preventing people that are logging on from knowing the last user on the system.
Hiding Servers from the Browser List - If you have a secure server or workstation you wish to hide from the general browser list, use this option.
Restricting Information Available to Anonymous Logon Users - Windows NT has a feature where anonymous logon users can list domain user names and enumerate share names. Customers who want enhanced security have requested the ability to optionally restrict this functionality.
Show Options on Logon Dialog Box - This setting controls whether the options to enter a domain or to log on using a dial-up connection are shown on the Windows logon box.
Enable Shutdown from Authentication Dialog Box - When this setting is enabled a [Shutdown] button is displayed in authentication dialog box when the system first starts. This allows you to shutdown a system without logging in. The button is shown by default on a workstation and removed on a server installation.
Allow Fast User Switching - Fast user switching allows you to quickly switch to another user account without having to close any programs. This setting controls whether fast user switching is available.
Force the Use of Automatic Logon - Normally when a Windows machine is configured to automatically logon to a specified account users can bypass this and enter alternate account information. This tweak forces the machine to auto logon and to ignore any bypass attempts.
Disable Dial-In Access - It is possible for users to setup a modem on a Windows machine, and by using Dial-up Networking allow callers to connect to the internal network. Especially in a corporate environment this can cause a major security risk.
Disable "Automatically Use Dial-Up Networking to Logon" - There is an option that is available on the logon dialog box and allows you to dial into your logon server for authentication of your user account, this can be enabled by default.
Maximum Number of Remote Access Authentication Attempts - This setting controls the number of authentication retries before the remote access connection is terminated.
Maximum Time Limit for Authentication - A time limit can be enforced on the length of time given to logon via Remote Access.
Automatically Disconnect Remote Access Callers - Specifies the amount of idle time in minutes to wait before disconnecting the RAS client.
Define the length of time before callback is initiated - When callback is required or requested this setting defines how long to wait before initiating the callback connection.
and more ...
|
|
|
|