being targeted with a SYN flood attack (a type of denial of service attack). When enabled the connection responses time out more quickly in the event of an attack. Disable Web Printing (Windows 2000/XP) This restriction enables and disables server support for Internet printing. Internet printing lets you display printers on Web pages so they can be viewed, managed, and used across the Internet or an intranet. Disable Recent Shares in Network Places (Windows 2000/XP) This restriction stops remote shared folders from being added to Network Places whenever you open a document in the shared folder. Offload IP Security Task Processing (Windows 2000/XP) This setting is used to control whether IP Security (IPSEC) tasks should be offloaded to a network card with IP security capabilities. Specify Users to Receive Administrative Alerts (Windows NT/2000/XP) This setting is used to specify a list of users and/or computers that should receive administrative alerts. Send Plain Text Passwords (All Windows) When connecting to some SMB servers, such as Samba and LAN Manager for UNIX, you may be required to send unencypted password. This setting enables that functionality. Disable Save Password Option in Dial-Up Networking (Windows NT/2000) When you dial a phonebook entry in Dial-Up Networking (DUN), you can use the 'Save Password' option so that your DUN password is cached and you will not need to enter it on successive dial attempts. This key disables that option. Restrict Anonymous User Access (Windows NT/2000/XP) Windows has a feature where anonymous users can list domain user names and enumerate share names. Users who want enhanced security may optionally restrict this functionality. Changing LAN Manager Authentication on Windows NT (Windows NT) Windows NT supports two kinds of challenge/response authentication: LanManager (LM) and Windows NT (NTLM). LM authentication is not as strong as Windows NT authentication so some customers may want to disable its use, because an attacker sniffing the network traffic could possibly attack the weaker protocol. Disable TCP/IP Source Routing (Windows NT 4.0) Normally, on a computer running Windows NT 4.0, you cannot disable the source routing feature for the TCP/IP protocol. By using this tweak it is possible to disable it. Hide the Active Directory Folder in My Network Places (Windows 2000) This restriction is used to remove the Active Directory folder from My Network Places. This still allows users to search but not browse the Active Directory. Hide Computer from the Browser List (Windows NT/2000/XP) If you have a secure server or workstation you wish to hide from the general browser list, then enable this setting. Hide Entire Network in Network Neighborhood (All Windows) Entire Network is an option under Network Neighborhood that allows users to see all the Workgroups and Domains on the network. Entire Network can be disabled, so users are confined to their own Workgroup or Domain. Hide Workgroup Content from Network Neighborhood (All Windows) Enabling this option hides all Workgroup contents from being displayed in Network Neighborhood. Remove the Map and Disconnect Network Drive Options (Windows NT/2000/XP) Prevents users from making additional network connections by removing the Map Network Drive and Disconnect Network Drive buttons from the toolbar in Explorer and also removing them from the Context menu of My Computer and the Tools menu of Explorer. Disable Caching of Domain Password (Windows 95/98/Me) Enabling this setting disables the caching of the domain passwords, and therefore passwords are required to be re-entered to access any additional domain resources. Hide Share Passwords with Asterisks (All Windows) This setting controls whether the password typed when accessing a file share is shown in clear text or as asterisks. Hide Computers Near Me in Network Places (Windows 2000/Me/XP) This setting allows you to show or hide the computers listed Near Me in My Network Places. Disable the Ability to Remotely Shutdown the Computer Browser Service (Windows NT/2000/XP) It is possible for a malicious user to shut down a computer browser, or all computer browsers, on the same subnet. If all of the computers on the same subnet are shut down, they can then declare their own computer the new master browser. Automatic Hidden Shares (Windows NT/2000/XP) When networking has been installed on a Windows machine, it will automatically create hidden shares to the local disk drives. It is possible to disable the sharing at run-time, but this tweak will stop the automatic sharing altogether. Require Validation by Network for Windows Access (Windows 95/98/Me) By default Windows 9x doesn't require a valid network username and password combination for a user to bypass the logon and gain access to the local machine. This functionality can be changed to require validation by the network before allowing access. Changing the Password Expiry Warning Period (Windows NT/2000/XP) This entry specifies the number of days before a user's password expires that a warning message is displayed. Disable the Automatic Creation of a Default Network Route (Windows NT) This tweak controls the default behavior of Windows to add a network route to 0.0.0.0 on multi-homed machines (e.g. proxy or firewall). Home : Security : Privacy Clear the Page File at System Shutdown (Windows NT/2000/XP) Popular Windows does not normally clear or recreate the page file. On a heavily used system this can be both a security threat and performance drop. Enabling this setting will cause Windows to clear the page file whenever the system is shutdown. Reset Microsoft Word Settings and Recent Files (All Windows) This setting can be used to reset the Word parameters back to the default if you are experiencing problems. For example if you start Word and one of your toolbars or menu bars is missing, or if your personalized settings are not retained. Disable Network Messenger Service (Windows NT/2000/XP) The Messenger service is normally used to transmit net send and Alerter service messages between clients and servers. Recently it has been employed by marketers for sending unsolicited advertising popups (SPAM) over the Internet. This tweak allows you to disable this service. Clear Download Accelerator History (All Windows) Download Accelerator Plus (DAP) is a tool used to retrieve files from Internet servers. It stores a history of the files downloaded and URLs visited. To increase privacy and security this tweak allows you to clear the history. Disable Recent Files in Media Player (All Windows) This restriction will stop Windows Media Player from storing the names of the played media in the recent file list. Clear the Recent Play List in Media Player (All Windows) This tweak allows you to clear the recent files, URL history and radio stations in Windows Media Player. Empty Temporary Internet Files on Exit (All Windows) This setting controls whether Internet Explorer should delete all of the temporary Internet files stored during the session when the browser is closed. Clear the Cached Run Commands (All Windows) Do you have a lot of items in the run command history on Start Menu? This tweak will allow you to clear the most-recently-used (MRU) list. Clear the Internet Explorer Typed Address History (All Windows) Popular Internet Explorer caches any URLs that are typed into the address bar. This may become a privacy issue on a shared computer, or a nuisance if there is a particular URL you want to remove without clearing the whole history. Disable User Tracking (Windows 2000/XP) This setting stops Windows from recording user tracking information including which applications a user runs and which files and documents are being accessed. Clear the Netmeeting Call History (All Windows) This tweak allows you to clear the stored call history in the Netmeeting drop down list. Home : Security : Remote Access Configure Remote Access Client Account Lockout (Windows 2000/XP) You can use the remote access account lockout feature to specify how many times a remote access authentication has to fail against a valid user account before the user is denied access. Use this tweak to set the number of failed logins before the account is locked-out and the time before the lockout is reset. Specify the Callback Pause Period (Windows NT/2000/XP) When callback is required or requested this setting defines how long to wait before initiating the callback connection. Automatically Disconnect Remote Access Callers (Windows NT/2000/XP) Specifies the amount of idle time in minutes to wait before disconnecting the remote access client. Time Limit for Remote Access Authentication (Windows NT/2000/XP) A time limit can be enforced on the period available to logon via remote access before the connection is terminated. Number of Remote Access Authentication Attempts (Windows NT/2000/XP) This setting controls the number of authentication retries before a remote access connection is terminated. Disable Dial-In Access (Windows 95/98/Me) It's possible for users to setup a modem on a Windows machine, and by using Dial- up Networking allow callers to connect to the internal network. Especially in a corporate environment this can cause a major security risk. Automatically Use Dial-Up Networking to Logon (Windows NT/2000) There is an option that is available on the logon dialog box and allows you to dial into your logon server for authentication of your user account, this can be enabled by default. Disable the "Log on using dial-up connection" Check Box (Windows NT/2000) During logon Windows allows users to optionally connect to a Windows domain using dial-up networking, this tweak can be used to disable that option. Home : Securit y : Start Menu and Taskbar Documents and Folders Security Settings for Documents and Folders . there is a particular URL you want to remove without clearing the whole history. Disable User Tracking (Windows 2000/XP) This setting stops Windows from recording user tracking information. functionality. Disable Save Password Option in Dial-Up Networking (Windows NT/2000) When you dial a phonebook entry in Dial-Up Networking (DUN), you can use the 'Save Password' option so that