Sixth Step - Configure Security Options
For each of the following option, right click on each then click Properties. Now from the options on screen, consider whether the service or setting is beneficial for your particular needs. If not, choose “Disable" for the options:
· Interactive logon: Do not require CTRL+ALT+DEL.
· Microsoft network client: Send unencrypted password to connect to third-party SMB servers.
· Network access: Allow anonymous SID/name translation.
· Network access: Let everyone permissions apply to anonymous users.
· Recovery console: Allow automatic administrative logon.
· Recovery console: Allow floppy copy and access to all drives and all folders.
Similarly, there are many options that can be Enabled to improve Windows Security. With each of these options, now choose “Enable" from the option’s properties:
· Devices: Restrict CD-ROM access to locally logged-on user only. Note that this can cause problems copying or installing applications from certain CDs, however, i have never encountered this problem.
· Devices: Restrict floppy access to locally logged-on user only.
· Interactive logon: Do not display last user name.
· Microsoft network client: Digitally sign communications (if server agrees).
· Network access: Do not allow anonymous enumeration of SAM accounts.
· Network access: Do not allow anonymous enumeration of SAM accounts and shares.
· Network security: Do not store LAN Manager hash value on next password change.
· System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links).
Finally, there is more you can do to strengthen your security by double-clicking on “Network access: Remotely accessible registry paths" option. This option defines which registry paths should be made accessible remotely by non-locally logged on Users. People using private systems or home based networks should delete all the paths listed there for further security improvement.