Local machine security restrictions.

Boot

The following restrictions are available in this group:

Disable function keys on boot up - By default Windows 9x enables the interruption keys on boot, these allow you to control the boot process. For example pressing F5 while the "Starting Windows..." message is displayed will boot Windows in Safe Mode. This option allows you to disable the F5, F6 and F8 keys. If you have turned on the restriction Require User's Validation for Windows Access and have not tested it yet, do not enable this restriction until you are sure it does work on your PC properly because it denies access to Safe Mode completely. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME.

Disable ability to skip startup programs - Normally if you hold the Shift key while Windows is loading you can prevent the Startup applications from being launched. This setting disables the ability to by-pass these programs. Set up the rest "Boot" options to lock your computer more safely. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Allow booting to the previous operating system - If you installed an upgrade version of Windows 9x, you can normally press F4 to boot your previous version of Windows. This option can be disabled. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME.

Suppress safe mode warning message - Enabling the setting suppress the safe mode warning message when booting up, and bypasses the Startup menu. In most of cases it can give access to DOS mode if your PC was not properly shut down. We do recommend you to turn on this option if you secure PC entrance by the Require User's Validation for Windows Access option. If you have turned on the Require User's Validation for Windows Access restriction and have not tested it yet, do not enable this restriction until you are sure it does work on your PC properly because it restricts access to Safe Mode. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME.

Require user's validation for windows access - By default Windows doesn't require a valid username and password combination for a user to create and use a local Windows machine. This functionality can be changed to require this validation. Using this option you can stop unauthorized access to your PC via Cancel button while logging in. If you turn on all boot options, only known users defined in Control Panel will have access to your PC using their own usernames and passwords. You need to create at least one user profile, and to define a password for it. Make sure that Microsoft Family Logon is enabled in the network configuration, and set as Primary Network Logon. Use the item Users of Control Panel to create user profiles. To install Microsoft Family Logon: Open the item Network of Control Panel and check the list of installed network components. If you do not see Microsoft Family Logon there, install it as follows: Press the button Add, choose the item Client in the dialog box, then press the button Add. Choose the item Microsoft from the list of Manufacturers and then the item Microsoft Family Logon from the list of Network Clients, then press the button Ok. The last and very important step is to set Microsoft Family Logon as Primary Network Logon. To do this, use the combo box Primary Network Logon, which is situated below the button Add in the item Network of Control Panel. See How to setup this option correctly. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME.

Always check password on boot - Use this option to lock your personal computer with a password by starting Screen Lock on Boot. Screen Lock is an application you can use to lock your desktop while you are away (see the icon "1st Screen Lock" on the desktop of your PC). If you turn on this option, it will be impossible to get to your PC without knowing password. You can define the boot password in the folder Screen Lock of Common Restrictions or User Restrictions of the tree. Applicable to Windows 95/98/ME/NT/2000/XP.

Screen lock

The following restrictions are available in this group:

Screen-lock password - If enabled, the password will be applied to all PC users, so all your users will use this password to get through the built-in screen-lock every time desktop is locked with the built-in screen-lock. If you want to use different passwords for different PC users, set up individual passwords for each user listed in the tree (see the folders "Screen Lock" for each user shown in the tree). Screen Lock is an application you can use to lock your desktop while you are away (see the icon "1st Screen Lock" on the desktop of your PC). Option affects the whole PC. Applicable to Windows 95/98/ME/NT/2000/XP.

Screen-lock background image - You can select an image here, which will be used as a background in the built-in screen-lock. You can change the picture as many times as you want. To disable the background picture (make the screen-lock on the black screen), uncheck the checkbox. The image will be applied to all PC users, so all your users will see the same background picture in the built-in screen-lock. If you want to use different images for different PC users, set up individual images for each user listed in the tree (see the folders "Screen Lock" for each user shown in the tree). Option affects the whole PC. Applicable to Windows 95/98/ME/NT/2000/XP.

Legal notice

The following options are available in this group:

Caption of the legal notice dialog box - This option along with the "Text of the Legal Notice Dialog Box" lets you create a dialog box that will be presented to any user before logging onto the system. This is useful where you are required by law to warn people that it is illegal to attempt to logon without being an authorized user. You must define both Caption and Text of the dialog box to make Windows to show it on the screen. Option affects the whole PC. Applicable to Windows 95/98/ME/NT/2000/XP.

Text of the legal notice dialog box - This option along with the "Caption of the Legal Notice Dialog Box" lets you create a dialog box that will be presented to any user before logging onto the system. This is useful where you are required by law to warn people that it is illegal to attempt to logon without being an authorized user. You must define both Caption and Text of the dialog box to make Windows to show it on the screen. Option affects the whole PC. Applicable to Windows 95/98/ME/NT/2000/XP.

System

The following restrictions are available in this group:

Restricting access to the event logs - The Windows NT event log contains records documenting application, security and system events taking place on the machine. These logs can contain sensitive data, and by default, the Guest account has access to view them. This tweak allows you to restrict access to administrators and system accounts. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Stopping the knowndlls vulnerability - In Windows NT the core operating system DLLs are kept in virtual memory and shared between the programs running on the system. This has exposed a vulnerability that could allow a user to gain administrative privileges on the computer the user is interactively logged onto. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Clear the page file at system shutdown - Windows normally does not clear or recreate the page file. On a heavy used system this can be both a security threat and performance drop. Enabling this setting will cause Windows to clear the page file whenever the system is shutdown. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Disable the automatic restarting of the shell - By default if the Windows user interface or one of its components fails, the interface is restarted automatically, this can be changed so that you must restart the interface by logging off and logging on again manually. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Disable shutdown from authentication dialog box - When this setting is enabled a [Shutdown] button is not displayed in authentication dialog box when the system first starts. This does not allow you to shutdown a system without logging in. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT.

Disable multiple user sessions and fast user switching - By default, Windows XP gives you an ability to switch between users without logging off that keeps all active users on your PC with all started processes and programs. On a heavy used system this can be both a security threat and performance drop. This option disables multiple user sessions and fast user switching on your PC. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows XP.

Enable advanced file system and sharing security - This setting is used to enable the ability to control advanced NTFS permissions on local and shared files. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows XP.

Require users to press ctrl+alt+delete before logon - This setting controls whether users are required to press Ctrl + Alt + Delete as a security precaution before logging into the system. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 2000/XP.

Use active authentication for unlock and screen saver - This setting controls whether a full login should be performed when a workstation is unlocked or a password is used with the screen saver. Normally Windows will not check some settings such as whether the account has been locked out. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Secure desktop restriction - This restriction is used to stop interactive users from snooping on other user sessions by exploiting a Windows vulnerability. This feature is enabled by default but may interfere with some software applications. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 2000/XP.

Disable windows installer - This restriction allows you to prevent users from adding and removing software applications with Windows Installer. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.

Network

The following restrictions are available in this group:

Disable file and printer sharing - When file and printer sharing is installed it allows users to make services available to other users on a network, this functionality can be disabled by changing this setting. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME.

Securing network access to cd-rom drives - This setting determines whether data in the CD-ROM drive is accessible to other users. This value entry satisfies, in part, the C2 security requirement that you must be able to secure removable media. Because the CD-ROM drive is a volume, by default, it is shared as an administrative share on the network. If the option is on, the CD-ROM drive is allocated to the user as part of the interactive logon process and, therefore, only the current user can access it. This prevents administrators and remote users (and even the same user at a different workstation) from accessing the drive while the current user is logged on to the computer. The drive is shared again when the current user logs off the computer. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

SSecuring network access to floppy drives - This setting determines whether data in the floppy disk drive is accessible to other users. This value entry satisfies, in part, the C2 security requirement that you must be able to secure removable media. Because the floppy disk drive is a volume, by default it is shared as an administrative share on the network. If the option is on, the floppy disk drive is allocated to the user as part of the interactive logon process and, therefore, only the current user can access it. This prevents administrators and remote users (and even the same user at a different workstation) from accessing the drive while the current user is logged on. The drive is shared again when the current user logs off. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Securing network access to dasds - This setting determines whether data in the direct access storage device (DASD) is accessible to other users. This value entry satisfies, in part, the C2 security requirement that you must be able to secure removable media. Because the DASD is a volume, by default it is shared as an administrative share on the network. If the option is on, the DASD is allocated to the user as part of the interactive logon process and, therefore, only the current user can access it. This prevents administrators and remote users (and even the same user at a different workstation) from accessing the DASD while the current user is logged on. The DASD is shared again when the current user logs off. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hiding servers from the browser list - If you have a secure server or workstation you wish to hide from the general browser list, add this registry setting. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Disabled password caching - Normally Windows caches a copy of the users password on the local system to allow for additional automation, this leads to a possible security threat on some systems. Disabling caching means the users passwords are not cached locally. This setting also removes the second Windows password screen and also remove the possibility of networks passwords to get out of sync. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.

Disable caching of domain password - Enabling this setting disables the caching of the domain passwords, and therefore passwords are required to be re-entered to access any additional domain resources. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.

Require alphanumeric windows password - Windows by default will accept anything as a password, including nothing. This setting controls whether Windows will require a alphanumeric password, i.e. a password made from a combination of alpha (A, B, C...) and numeric (1, 2 ,3 ...) characters. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.

Hide share passwords with asterisks - This setting controls whether the password typed when accessing a file share is shown in clear text or as asterisks. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME/NT/2000/XP.

Disable automatic hidden shares - When networking has been installed on a Windows NT machine, it will automatically create hidden shares to the local disk drives. The shares are normally accessed via \server\c$ and \server\d$ depending on the drive letter. It is possible to disable the sharing at run-time, but this tweak will stop the automatic sharing altogether. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Disable the ability to remotely shutdown the computer browser service - It is possible for a malicious user to shut down a computer browser, or all computer browsers, on the same subnet. If all of the computers on the same subnet are shut down, they can then declare their own computer the new master browser. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Restricting information available to anonymous logon users - Windows NT has a feature where anonymous logon users can list domain user names and enumerate share names. Customers who want enhanced security have requested the ability to optionally restrict this functionality. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Don't display last user name - Enabling this key will blank the username box on the logon screen. Preventing people that are logging on from knowing the last user on the system. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to very old versions of Windows NT.

Disable web printing - This restriction enables and disables server support for Internet printing. Internet printing lets you display printers on Web pages so they can be viewed, managed, and used across the Internet or an intranet. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 2000/XP.

Remote access

The following restrictions are available in this group:

Disabling save password option in dial-up networking - When you dial a phonebook entry in Dial-Up Networking (DUN), you can use the 'Save Password' option so that your DUN password is cached and you will not need to enter it on successive dial attempts. This key disables that option. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Disable the "log on using dial-up connection" check box - During logon Windows allows users to optionally connect to a Windows domain using dial-up networking, this tweak can be used to disable that option. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows NT.

Disable dial-in access - It's possible for users to setup a modem on a Windows machine, and by using Dial-up Networking allow callers to connect to the internal network. Especially in a corporate environment this can cause a major security risk. Option affects the whole PC. Reboot your PC to activate or deactivate this option. Applicable to Windows 95/98/ME/NT.

Control panel

The following restrictions are available in this group:

Hide accessibility options in control panel - Hides Accessibility Options control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide add/remove programs in control panel - Hides Add/Remove Programs control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide display in control panel - Hides Display control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide add hardware in control panel - Hides Add Hardware control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide internet options in control panel - Hides Internet Options control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide regional/language options in control panel - Hides Regional/Language Options control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide game controllers in control panel - Hides Game Controllers control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide mouse and keyboard in control panel - Hides Mouse and Keyboard control panel applets. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide sounds/audio devices in control panel - Hides Sounds/Audio Devices control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide user accounts in control panel - Hides User Accounts control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide power options in control panel - Hides Power Options control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide system in control panel - Hides System control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide phone/modem options in control panel - Hides Phone/Modem Options control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide date/time in control panel - Hides Date/Time control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide network connections in control panel - Hides Network Connections control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000.

Hide odbc administration in control panel - Hides ODBC Administration control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide scanners/cameras in control panel - Hides Scanners/Cameras control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000.

Hide faxes in control panel - Hides Faxes control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000.

Hide console in control panel - Hides Console control panel applet. Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide infrared port/wireless link in control panel - Hides Infrared Port/Wireless Link control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide licensing in control panel - Hides Licensing control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide mail in control panel - Hides Mail control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide netware client in control panel - Hides Netware Client control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide pc card in control panel - Hides PC Card control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide ports in control panel - Hides Ports control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide server manager in control panel - Hides Server Manager control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide speech properties in control panel - Hides Speech Properties control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide tweakui in control panel - Hides TweakUI control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide wsp client in control panel - Hides WSP Client control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide quicktime in control panel - Hides QuickTime control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide norton live update in control panel - Hides Norton Live Update control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide compaq insight agents in control panel - Hides Compaq Insight Agents control panel applet Option affects selected user, see the status bar. Reboot your PC to activate or deactivate this option. Applicable to Windows NT/2000/XP.

Hide passwords in control panel - Hides Passwords control panel applet Applicable to Windows 95/98/ME/

Go to 1st Security Agent online Help

1st Security Agent [More] [Download] [Buy]

Password and security tools - free downloads

Restrict access to Control Panel, disable Start Menu items, hide drives, disable DOS, boot keys, Registry editing, taskbar, task manager, and network access, hide desktop icons, apply password protection to Windows, and disable running applications. Secure Internet Explorer, disable individual menu items and individual tabs in the Internet Options dialog, as well as specific settings from each, and more ...

================================================================

1st Security Agent	Mail Bomber	Security Administrator	PC Lockup	Access Lock	Access Administrator Pro	1st Screen Lock

http//www.softheap.com