Network security restrictions

The following restrictions are available in this group:
 

• Disable File and Printer Sharing - When file and printer sharing is installed it allows users to make services available to other users on a network, this functionality can be disabled by changing this setting. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME.
   
• Securing Network Access to CD-ROM Drives - This setting determines whether data in the CD-ROM drive is accessible to other users. This value entry satisfies, in part, the C2 security requirement that you must be able to secure removable media. Because the CD-ROM drive is a volume, by default, it is shared as an administrative share on the network. If the option is on, the CD-ROM drive is allocated to the user as part of the interactive logon process and, therefore, only the current user can access it. This prevents administrators and remote users (and even the same user at a different workstation) from accessing the drive while the current user is logged on to the computer. The drive is shared again when the current user logs off the computer. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.
   
• Securing Network Access to Floppy Drives - This setting determines whether data in the floppy disk drive is accessible to other users. This value entry satisfies, in part, the C2 security requirement that you must be able to secure removable media. Because the floppy disk drive is a volume, by default it is shared as an administrative share on the network. If the option is on, the floppy disk drive is allocated to the user as part of the interactive logon process and, therefore, only the current user can access it. This prevents administrators and remote users (and even the same user at a different workstation) from accessing the drive while the current user is logged on. The drive is shared again when the current user logs off. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.
   
• Securing Network Access to DASDs - This setting determines whether data in the direct access storage device (DASD) is accessible to other users. This value entry satisfies, in part, the C2 security requirement that you must be able to secure removable media. Because the DASD is a volume, by default it is shared as an administrative share on the network. If the option is on, the DASD is allocated to the user as part of the interactive logon process and, therefore, only the current user can access it. This prevents administrators and remote users (and even the same user at a different workstation) from accessing the DASD while the current user is logged on. The DASD is shared again when the current user logs off. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.
   
• Hiding Servers from the Browser List - If you have a secure server or workstation you wish to hide from the general browser list, add this registry setting. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.
   
• Disabled Password Caching - Normally Windows caches a copy of the users password on the local system to allow for additional automation, this leads to a possible security threat on some systems. Disabling caching means the users passwords are not cached locally. This setting also removes the second Windows password screen and also remove the possibility of networks passwords to get out of sync. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.
   
• Disable Caching of Domain Password - Enabling this setting disables the caching of the domain passwords, and therefore passwords are required to be re-entered to access any additional domain resources. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.
   
• Require Alphanumeric Windows Password - Windows by default will accept anything as a password, including nothing. This setting controls whether Windows will require a alphanumeric password, i.e. a password made from a combination of alpha (A, B, C...) and numeric (1, 2 ,3 ...) characters. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.
   
• Hide Share Passwords with Asterisks - This setting controls whether the password typed when accessing a file share is shown in clear text or as asterisks. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.
   
• Disable Automatic Hidden Shares - When networking has been installed on a Windows NT machine, it will automatically create hidden shares to the local disk drives. The shares are normally accessed via \server\c$ and \server\d$ depending on the drive letter. It is possible to disable the sharing at run-time, but this tweak will stop the automatic sharing altogether. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.
   
• Disable the Ability to Remotely Shutdown the Computer Browser Service - It is possible for a malicious user to shut down a computer browser, or all computer browsers, on the same subnet. If all of the computers on the same subnet are shut down, they can then declare their own computer the new master browser. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.
   
• Restricting Information Available to Anonymous Logon Users - Windows NT has a feature where anonymous logon users can list domain user names and enumerate share names. Customers who want enhanced security have requested the ability to optionally restrict this functionality. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.
   
• Don't Display Last User Name - Enabling this key will blank the username box on the logon screen. Preventing people that are logging on from knowing the last user on the system. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT.
  
   

Back to 1st Security Agent online Help