Guide to Windows Online Security & Privacy



Security Options Configuration

Once more click on Start, Run type in secpol.msc and click Ok. Expand Local Policies and select Security Options. There are many options in the security options editor that can be used to further tighten your system. Several options worth setting to Disabled being:

         Interactive logon: Do not require CTRL+ALT+DEL.

         Microsoft network client: Send unencrypted password to connect to third-party SMB servers.

         Network access: Allow anonymous SID/name translation.

         Network access: Let everyone permissions apply to anonymous users.

         Recovery console: Allow automatic administrative logon.

         Recovery console: Allow floppy copy and access to all drives and all folders.

Whereas several options to consider setting to Enabled being:

         Devices: Restrict CD-ROM access to locally logged-on user only. Note This may cause problems copying/installing applications from certain CDs as discussed here (Personally Ive not encountered this in over 2 years of use).

         Devices: Restrict floppy access to locally logged-on user only.

         Interactive logon: Do not display last user name.

         Microsoft network client: Digitally sign communications (if server agrees).

         Network access: Do not allow anonymous enumeration of SAM accounts.

         Network access: Do not allow anonymous enumeration of SAM accounts and shares.

         Network security: Do not store LAN Manager hash value on next password change.

         System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links).

Now double click the Network access: Remotely accessible registry paths option. This specifies what registry paths can be accessed remotely by non-locally logged on Users. Those of you on stand-alone systems or home networks should certainly delete all paths listed here, though those running administered networks might have some use for this (especially if the network has no or limited internet access and sufficient protection against unauthorised external access).

For even more detailed information on securing remote registry access you should check the SANS/FBI 20 Most Critical Vulnerabilities.


Go to next page !

Get weekly updates on new
articles, news and contests
in your mail!