Network security restrictions
The following restrictions are available in this group:
- Disable File and Printer Sharing - When file and printer sharing is
installed it allows users to make services available to other users on a
network, this functionality can be disabled by changing this setting. Option
affects the whole PC. Reboot your PC to activate or deactivate this option.
Applicable to Windows 95/98/ME.
- Securing Network Access to CD-ROM Drives - This setting determines
whether data in the CD-ROM drive is accessible to other users. This value
entry satisfies, in part, the C2 security requirement that you must be able to
secure removable media. Because the CD-ROM drive is a volume, by default, it
is shared as an administrative share on the network. If the option is on, the
CD-ROM drive is allocated to the user as part of the interactive logon process
and, therefore, only the current user can access it. This prevents
administrators and remote users (and even the same user at a different
workstation) from accessing the drive while the current user is logged on to
the computer. The drive is shared again when the current user logs off the
computer. Option affects the whole PC. Reboot your PC to activate or
deactivate this option. Applicable to Windows NT/2000/XP.
- Securing Network Access to Floppy Drives - This setting determines
whether data in the floppy disk drive is accessible to other users. This value
entry satisfies, in part, the C2 security requirement that you must be able to
secure removable media. Because the floppy disk drive is a volume, by default
it is shared as an administrative share on the network. If the option is on,
the floppy disk drive is allocated to the user as part of the interactive
logon process and, therefore, only the current user can access it. This
prevents administrators and remote users (and even the same user at a
different workstation) from accessing the drive while the current user is
logged on. The drive is shared again when the current user logs off. Option
affects the whole PC. Reboot your PC to activate or deactivate this option.
Applicable to Windows NT/2000/XP.
- Securing Network Access to DASDs - This setting determines whether
data in the direct access storage device (DASD) is accessible to other users.
This value entry satisfies, in part, the C2 security requirement that you must
be able to secure removable media. Because the DASD is a volume, by default it
is shared as an administrative share on the network. If the option is on, the
DASD is allocated to the user as part of the interactive logon process and,
therefore, only the current user can access it. This prevents administrators
and remote users (and even the same user at a different workstation) from
accessing the DASD while the current user is logged on. The DASD is shared
again when the current user logs off. Option affects the whole PC. Reboot your
PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.
- Hiding Servers from the Browser List - If you have a secure server
or workstation you wish to hide from the general browser list, add this
registry setting. Option affects the whole PC. Reboot your PC to activate or
deactivate this option. Applicable to Windows NT/2000/XP.
- Disabled Password Caching - Normally Windows caches a copy of the
users password on the local system to allow for additional automation, this
leads to a possible security threat on some systems. Disabling caching means
the users passwords are not cached locally. This setting also removes the
second Windows password screen and also remove the possibility of networks
passwords to get out of sync. Option affects the whole PC. Reboot your PC to
activate or deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.
- Disable Caching of Domain Password - Enabling this setting disables
the caching of the domain passwords, and therefore passwords are required to
be re-entered to access any additional domain resources. Option affects the
whole PC. Reboot your PC to activate or deactivate this option. Applicable to
Windows 95/98/ME/NT/2000/XP.
- Require Alphanumeric Windows Password - Windows by default will
accept anything as a password, including nothing. This setting controls
whether Windows will require a alphanumeric password, i.e. a password made
from a combination of alpha (A, B, C...) and numeric (1, 2 ,3 ...) characters.
Option affects the whole PC. Reboot your PC to activate or deactivate this
option. Applicable to Windows 95/98/ME/NT/2000/XP.
- Hide Share Passwords with Asterisks - This setting controls whether
the password typed when accessing a file share is shown in clear text or as
asterisks. Option affects the whole PC. Reboot your PC to activate or
deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.
- Disable Automatic Hidden Shares - When networking has been
installed on a Windows NT machine, it will automatically create hidden shares
to the local disk drives. The shares are normally accessed via \server\c$ and
\server\d$ depending on the drive letter. It is possible to disable the
sharing at run-time, but this tweak will stop the automatic sharing
altogether. Option affects the whole PC. Reboot your PC to activate or
deactivate this option. Applicable to Windows NT/2000/XP.
- Disable the Ability to Remotely Shutdown the Computer Browser Service
- It is possible for a malicious user to shut down a computer browser, or all
computer browsers, on the same subnet. If all of the computers on the same
subnet are shut down, they can then declare their own computer the new master
browser. Option affects the whole PC. Reboot your PC to activate or deactivate
this option. Applicable to Windows NT/2000/XP.
- Restricting Information Available to Anonymous Logon Users -
Windows NT has a feature where anonymous logon users can list domain user
names and enumerate share names. Customers who want enhanced security have
requested the ability to optionally restrict this functionality. Option
affects the whole PC. Reboot your PC to activate or deactivate this option.
Applicable to Windows NT/2000/XP.
- Don't Display Last User Name - Enabling this key will blank the
username box on the logon screen. Preventing people that are logging on from
knowing the last user on the system. Option affects the whole PC. Reboot your
PC to activate or deactivate this option. Applicable to Windows NT.
Back to 1st
Security Agent online Help