Remove the Distributed File System Tab (Windows 2000/XP)
This restriction removes the Distributed File System (DFS) tab from Windows
explorer. This prevents users from viewing or changing the properties of local DFS
shares.
Remove the Security Tab (Windows XP)
This restriction removes the Security tab from Windows explorer which prevents
users from accessing or changing the security permissions of folder and file
objects.
Remove the Hardware Tab (Windows 2000/XP)
This restriction removes the hardware tab from applicable items in the Control
Panel and from the local drive properties. This prevents users from changing the
hardware device properties.
Disable the New Menu Item (All Windows)
This tweak can be used to disable the ability to use the New menu item to create
new objects using explorer.
Disable the Ability to Customize Toolbars (All Windows)
By right clicking on a toolbar you are usually given the option to Customize, which
allows you to change which functions are available from the toolbar. This tweak
allows you to disable that function.
Remove the Option to Change or Hide Toolbars (All Windows)
By default users are able to select which toolbars are displayed either be right
clicking the toolbar itself, or by changing the options from the View menu. This
tweak locks the toolbars, removing the ability to change which are displayed.
Remove File Menu from Explorer (All Windows)
This setting is used to Remove the File option from the Explorers toolbar.
Hide the Network Neighborhood Icon (All Windows)
The Network Neighborhood icon is shown on the Windows desktop whenever
Windows networking is installed, by enabling this setting the icon will be hidden.
Disable Folder Options Menu (All Windows)
This tweak allows you to hide the Folder Options function from the folder Tools
menu. Allowing you to restrict access to numerous advanced folder features.

Remove Properties from My Computer (Windows XP)
This restriction remove the properties option from My Computer and hides the
"System Properties" screen.
Remove the Ability to Modify File Types (Windows 2000/XP)
This setting allows you to remove the ability to change, add or delete file types
using explorer the Folder Options interface.
Hide All Items on the Desktop (All Windows)
Enabling this options hides all the items and programs on the Windows desktop.
Home

:
Security

: Login and Authentication

Automatic Logon to Windows 95, 98 and Me (Windows 95/98/Me) Popular
This setting allows Windows clients to automatically logon without entering a user
name or password, therefore bypassing the logon box.
Automatic Logon to Windows NT, 2000 and XP (Windows NT/2000/XP)
Popular
Windows includes a feature that allows you to configure the computer to
automatically logon to the network, bypassing the Winlogon dialog box.
Enable Shutdown from Authentication Dialog Box (Windows NT/2000/XP)
When this setting is enabled a [Shutdown] button is displayed in authentication
dialog box when the system first starts. This allows you to shutdown a system
without logging in. The button is shown by default on a workstation and removed
on a server installation.
Automatic Administrative Logon to Recovery Console (Windows 2000/XP)
The recovery console is a command line environment that is used to recover from
system problems. This setting controls whether the administrator account will be

logged on automatically or be required to enter a password when the recovery
console is invoked during startup.
Disable Password Caching in Internet Explorer (All Windows)
When you attempt to view a password-protected site, you are normally prompted
to type your username and password with an option to "Save this password in your
password list". This tweak can be used to disable the ability for users to save
passwords.
Limit the Number of Automatic Logins (Windows NT/2000/XP)
This setting is used to limit the number of automatic logins, once the limit has been
reached the auto logon feature will be disabled and the system will display the
standard authentication box.
Modify the Number of Cached Logins (Windows NT/2000/XP)
This value controls the number of allowable cached login attempts when the
network domain controller is unavailable.
Legal Notice Dialog Box Before Logon (All Windows) Popular
Use these fields to create a dialog box that will be presented to any user before
logging onto the system. This is useful where you are required by law to warn
people that it is illegal to attempt to logon without being an authorized user.
Set the Minimum Password Length (All Windows)
You can force Windows to reject passwords that do not meet a minimum password
length. Useful to help stop people from using trivial passwords where security is an
issue.
Customize the Windows Logon and Security Dialog Title (Windows
NT/2000/XP) Popular
This setting allows you to add additional text to the title of the standard Windows
Logon and Windows Security dialog boxes.
Show Verbose Security Status Messages (Windows 2000/XP)
This setting allows you to configure Windows so that you receive verbose startup,
shutdown, logon, and logoff status messages. This may be helpful to in
troubleshooting slow startup, shutdown, logon, or logoff behaviour.

Force the Use of Automatic Logon (Windows 2000/XP) Popular
Normally when a Windows machine is configured to automatically logon to a
specified account users can bypass this and enter alternate account information.
This tweak forces the machine to auto logon and to ignore any bypass attempts.
Disable Password Caching (All Windows)
Normally Windows caches a copy of the users password on the local system to
allow for additional automation, this leads to a possible security threat on some
systems. Disabling caching means the users passwords are not cached locally. This
setting also removes the second Windows password screen and also remove the
possibility of networks passwords to get out of sync.
Require Alphanumeric Windows Password (All Windows)
Windows by default will accept anything as a password, including nothing. This
setting controls whether Windows will require a alphanumeric password, i.e. a
password made from a combination of alpha (A, B, C ) and numeric (1, 2 ,3 )
characters.
Disable the Change Password Button (Windows NT/2000)
This setting disables the 'Change Password' button on the Windows Security dialog
box. Enabling this setting stops casual users from being able to change the
password.
Disable the Lock Workstation Button (Windows NT/2000/XP)
Add this setting to the registry to stop unauthorized users from locking machines
from the Windows Security dialog box.
Disable the Auto Logon Shift Override Feature (Windows NT/2000/XP)
When using the automatic login feature it is possible for a user to hold the Shift
key to bypass the login sequence and enter a username and password. This feature
disables the ability to override the function.
Require Users to Press Ctrl+Alt+Delete Before Logon (Windows 2000/XP)
This setting controls whether users are required to press Ctrl + Alt + Delete as a
security precaution before logging into the system.
Restrict Showing the Last Username (Windows 2000/XP)

This restriction removes the ability to view which user was last logged onto a
computer by clearing the username box on the login screen.
Use Active Authentication for Unlock and Screen Saver (Windows
NT/2000/XP)
This setting controls whether a full login should be performed when a workstation
is unlocked or a password is used with the screen saver. Normally Windows will
not check some settings such as whether the account has been locked out.
Change the Message Shown on the Logon Box (Windows NT/2000/XP) Popular
You can personalize (or legalize) the message displayed on the logon box above
the user name and password.
Allow Portables to Undock Before Logon (Windows XP)
This setting controls whether users with portable computers have the option to
undock the system before they have logged onto the computer.
Start Windows Without Prompting for a Password (Windows 95/98/Me)
Popular
Does Windows prompt you for a password every time you boot up even though
you're the only one using the PC? Follow these instructions to make Windows
automatically start up without prompting you for a password.
Force Users to Logon to Windows (Windows 95/98/Me) Popular
Usually users can simply press 'Cancel' at the Windows logon box to bypass the
login process and gain access to the local computer. This tweak will logout the user
if the authentication fails or the user clicks Cancel.
Home

:
Security

: Network

Network Connection Restrictions (Windows 2000/XP)

These restrictions control access to the features and properties of LAN, RAS and
other network connections.
Remove Log Off from the Start Menu (All Windows)
This tweak allows you to remove the Log Off [Username] option from the Start
menu.
Disable File and Printer Sharing (Windows 95/98/Me)
When file and printer sharing is installed it allows users to make services available
to other users on a network, this functionality can be disabled by changing this
setting.
Harden the TCP/IP Stack for Denial of Service Attacks (Windows 2000/XP)
Denial of service attacks are network attacks that are aimed at making a computer
or a particular service unavailable to network users. These settings can be used to
increase the ability for Windows to defend against these attacks when connected
directly to the Internet.
Disables DHCP Router Discovery (All Windows)
The ICMP Router Discovery Protocol (IRDP) comes enabled by default for
Windows clients using DHCP. This can be a security issue because by spoofing
IRDP Router Advertisements, an attacker can remotely add default route entries on
a remote system.
Protect Against SYN Flood Attacks (Windows NT/2000/XP)
Windows includes protection that allows it to detect and adjust when the system
is