Remove the Distributed File System Tab (Windows 2000/XP) This restriction removes the Distributed File System (DFS) tab from Windows explorer. This prevents users from viewing or changing the properties of local DFS shares. Remove the Security Tab (Windows XP) This restriction removes the Security tab from Windows explorer which prevents users from accessing or changing the security permissions of folder and file objects. Remove the Hardware Tab (Windows 2000/XP) This restriction removes the hardware tab from applicable items in the Control Panel and from the local drive properties. This prevents users from changing the hardware device properties. Disable the New Menu Item (All Windows) This tweak can be used to disable the ability to use the New menu item to create new objects using explorer. Disable the Ability to Customize Toolbars (All Windows) By right clicking on a toolbar you are usually given the option to Customize, which allows you to change which functions are available from the toolbar. This tweak allows you to disable that function. Remove the Option to Change or Hide Toolbars (All Windows) By default users are able to select which toolbars are displayed either be right clicking the toolbar itself, or by changing the options from the View menu. This tweak locks the toolbars, removing the ability to change which are displayed. Remove File Menu from Explorer (All Windows) This setting is used to Remove the File option from the Explorers toolbar. Hide the Network Neighborhood Icon (All Windows) The Network Neighborhood icon is shown on the Windows desktop whenever Windows networking is installed, by enabling this setting the icon will be hidden. Disable Folder Options Menu (All Windows) This tweak allows you to hide the Folder Options function from the folder Tools menu. Allowing you to restrict access to numerous advanced folder features. Remove Properties from My Computer (Windows XP) This restriction remove the properties option from My Computer and hides the "System Properties" screen. Remove the Ability to Modify File Types (Windows 2000/XP) This setting allows you to remove the ability to change, add or delete file types using explorer the Folder Options interface. Hide All Items on the Desktop (All Windows) Enabling this options hides all the items and programs on the Windows desktop. Home : Security : Login and Authentication Automatic Logon to Windows 95, 98 and Me (Windows 95/98/Me) Popular This setting allows Windows clients to automatically logon without entering a user name or password, therefore bypassing the logon box. Automatic Logon to Windows NT, 2000 and XP (Windows NT/2000/XP) Popular Windows includes a feature that allows you to configure the computer to automatically logon to the network, bypassing the Winlogon dialog box. Enable Shutdown from Authentication Dialog Box (Windows NT/2000/XP) When this setting is enabled a [Shutdown] button is displayed in authentication dialog box when the system first starts. This allows you to shutdown a system without logging in. The button is shown by default on a workstation and removed on a server installation. Automatic Administrative Logon to Recovery Console (Windows 2000/XP) The recovery console is a command line environment that is used to recover from system problems. This setting controls whether the administrator account will be logged on automatically or be required to enter a password when the recovery console is invoked during startup. Disable Password Caching in Internet Explorer (All Windows) When you attempt to view a password-protected site, you are normally prompted to type your username and password with an option to "Save this password in your password list". This tweak can be used to disable the ability for users to save passwords. Limit the Number of Automatic Logins (Windows NT/2000/XP) This setting is used to limit the number of automatic logins, once the limit has been reached the auto logon feature will be disabled and the system will display the standard authentication box. Modify the Number of Cached Logins (Windows NT/2000/XP) This value controls the number of allowable cached login attempts when the network domain controller is unavailable. Legal Notice Dialog Box Before Logon (All Windows) Popular Use these fields to create a dialog box that will be presented to any user before logging onto the system. This is useful where you are required by law to warn people that it is illegal to attempt to logon without being an authorized user. Set the Minimum Password Length (All Windows) You can force Windows to reject passwords that do not meet a minimum password length. Useful to help stop people from using trivial passwords where security is an issue. Customize the Windows Logon and Security Dialog Title (Windows NT/2000/XP) Popular This setting allows you to add additional text to the title of the standard Windows Logon and Windows Security dialog boxes. Show Verbose Security Status Messages (Windows 2000/XP) This setting allows you to configure Windows so that you receive verbose startup, shutdown, logon, and logoff status messages. This may be helpful to in troubleshooting slow startup, shutdown, logon, or logoff behaviour. Force the Use of Automatic Logon (Windows 2000/XP) Popular Normally when a Windows machine is configured to automatically logon to a specified account users can bypass this and enter alternate account information. This tweak forces the machine to auto logon and to ignore any bypass attempts. Disable Password Caching (All Windows) Normally Windows caches a copy of the users password on the local system to allow for additional automation, this leads to a possible security threat on some systems. Disabling caching means the users passwords are not cached locally. This setting also removes the second Windows password screen and also remove the possibility of networks passwords to get out of sync. Require Alphanumeric Windows Password (All Windows) Windows by default will accept anything as a password, including nothing. This setting controls whether Windows will require a alphanumeric password, i.e. a password made from a combination of alpha (A, B, C ) and numeric (1, 2 ,3 ) characters. Disable the Change Password Button (Windows NT/2000) This setting disables the 'Change Password' button on the Windows Security dialog box. Enabling this setting stops casual users from being able to change the password. Disable the Lock Workstation Button (Windows NT/2000/XP) Add this setting to the registry to stop unauthorized users from locking machines from the Windows Security dialog box. Disable the Auto Logon Shift Override Feature (Windows NT/2000/XP) When using the automatic login feature it is possible for a user to hold the Shift key to bypass the login sequence and enter a username and password. This feature disables the ability to override the function. Require Users to Press Ctrl+Alt+Delete Before Logon (Windows 2000/XP) This setting controls whether users are required to press Ctrl + Alt + Delete as a security precaution before logging into the system. Restrict Showing the Last Username (Windows 2000/XP) This restriction removes the ability to view which user was last logged onto a computer by clearing the username box on the login screen. Use Active Authentication for Unlock and Screen Saver (Windows NT/2000/XP) This setting controls whether a full login should be performed when a workstation is unlocked or a password is used with the screen saver. Normally Windows will not check some settings such as whether the account has been locked out. Change the Message Shown on the Logon Box (Windows NT/2000/XP) Popular You can personalize (or legalize) the message displayed on the logon box above the user name and password. Allow Portables to Undock Before Logon (Windows XP) This setting controls whether users with portable computers have the option to undock the system before they have logged onto the computer. Start Windows Without Prompting for a Password (Windows 95/98/Me) Popular Does Windows prompt you for a password every time you boot up even though you're the only one using the PC? Follow these instructions to make Windows automatically start up without prompting you for a password. Force Users to Logon to Windows (Windows 95/98/Me) Popular Usually users can simply press 'Cancel' at the Windows logon box to bypass the login process and gain access to the local computer. This tweak will logout the user if the authentication fails or the user clicks Cancel. Home : Security : Network Network Connection Restrictions (Windows 2000/XP) These restrictions control access to the features and properties of LAN, RAS and other network connections. Remove Log Off from the Start Menu (All Windows) This tweak allows you to remove the Log Off [Username] option from the Start menu. Disable File and Printer Sharing (Windows 95/98/Me) When file and printer sharing is installed it allows users to make services available to other users on a network, this functionality can be disabled by changing this setting. Harden the TCP/IP Stack for Denial of Service Attacks (Windows 2000/XP) Denial of service attacks are network attacks that are aimed at making a computer or a particular service unavailable to network users. These settings can be used to increase the ability for Windows to defend against these attacks when connected directly to the Internet. Disables DHCP Router Discovery (All Windows) The ICMP Router Discovery Protocol (IRDP) comes enabled by default for Windows clients using DHCP. This can be a security issue because by spoofing IRDP Router Advertisements, an attacker can remotely add default route entries on a remote system. Protect Against SYN Flood Attacks (Windows NT/2000/XP) Windows includes protection that allows it to detect and adjust when the system is . to automatically logon to a specified account users can bypass this and enter alternate account information. This tweak forces the machine to auto logon and to ignore any bypass attempts. Disable. 2000/XP) Denial of service attacks are network attacks that are aimed at making a computer or a particular service unavailable to network users. These settings can be used to increase the ability