Oli Restorick MVP said:
Hi Oli
changes made in group policy secrity options
Additional restrictions for anonymous connections Do not allow
enumeration of SAM accounts and shares
Allow server operators to schedule tasks (domain controllers
only)Disabled
Allow system to be shut down without having to log on Disabled
Allowed to eject removable NTFS media Administrators
Amount of idle time required before disconnecting session 15 minutes
Audit the access of global system objects Enabled
Audit use of Backup and Restore privilege Enabled
Automatically log off users when logon time expires Enabled
Automatically log off users when logon time expires (local) Enabled
Clear virtual memory pagefile when system shuts down Enabled
Digitally sign client communication (always) Disabled
Digitally sign client communication (when possible) Enabled
Digitally sign server communication (always) Disabled
Digitally sign server communication (when possible) Enabled
Disable CTRL+ALT+DEL requirement for logon Disabled
Do not display last user name in logon screen Enabled
LAN Manager Authentication Level Send NTLMv2 response only\refuse LM
& NTLM
Number of previous logons to cache (in case domain controller is not
available) 1 logons
Prevent system maintenance of computer account password Disabled
Prevent users from installing printer drivers Disabled
Prompt user to change password before expiration 5 days
Recovery Console: Allow automatic administrative logon Disabled
Recovery Console: Allow floppy copy and access to all drives and all
folders Disabled
Rename administrator account idmadmin
Rename guest account Not defined
Restrict CD-ROM access to locally logged-on user only Enabled
Restrict floppy access to locally logged-on user only Enabled
Secure channel: Digitally encrypt or sign secure channel data
(always) Disabled
Secure channel: Digitally encrypt secure channel data (when
possible) Enabled
Secure channel: Digitally sign secure channel data (when
possible) Enabled
Secure channel: Require strong (Windows 2000 or later) session
key Disabled
Secure system partition (for RISC platforms only) Not defined
Send unencrypted password to connect to third-party SMB
servers Disabled
Shut down system immediately if unable to log security
audits Disabled
Smart card removal behavior Not defined
Strengthen default permissions of global system objects (e.g. Symbolic
Links) Enabled
Unsigned driver installation behavior Do not allow installation
Unsigned non-driver installation behavior Warn but allow installation
