Registry Home > Security > System

Restrict use of Management Console (MMC) Snap-ins (Windows 2000/XP)
Enable this setting, to restrict access to all snap-ins, except those that you explicitly permit via the Group Policy Restricted/Permitted snap-ins setting folder.

Restrict Author Mode in Management Console (MMC) (Windows 2000/XP)
This restriction stops users from opening the Microsoft Management Console and relevant .mmc console files in author mode.

Disable Storage of Credentials and .NET Passwords (Windows XP)
This setting controls the storage of authentication credentials and .NET passwords on the local system. By disabling this feature, passwords will not be stored.

Disable System Restore Tools and Settings (Windows XP)
System Restore allows users to revert Windows settings and configuration changes to an earlier point in time (called Restore Points). This tweak can be used to restrict user access to the System Restore tools and settings.

Configure Windows Software Update Services (Windows 2000/XP) Popular
These settings allow you to configure Windows client machines to use custom Microsoft Software Update Services (SUS) located on an internal corporate network instead of the Windows Update Internet site.

Restrict Shortcut and WinHelp Commands (Windows NT/2000/XP)
This restriction can be used to specify which directories contain Help files that can use the Shortcut and WinHelp commands. By clearing this setting you can also completely disable the help commands on the system.

Restrict the Language and Locale Region (Windows 2000/XP)
This restriction is used to set the language used in menus and dialog boxes in Windows and prevent users from changing it. When enabled the system disables the menus and dialog boxes in the Regional Options in Control Panel.

Disable Group Policy Objects (Windows 2000/XP)
This setting is used to disable the use of group policy objects on the local computer.

Change Default Administrator Ownership (Windows XP)
Windows XP may assign the ownership of some file system objects to the Administrator account, instead of the Administrators group. This behaviour may not be desirable where there are multiple administrative users.

Configure Windows Script Signature Security (All Windows)
This setting is used to define whether trusted and untrusted scripts should be executed when using signature verification. By requiring a signature the system will only execute scripts from verified authors.

Secure Access to Removable Drives (Windows NT/2000/XP)
This setting determines whether the ability to access removable drives is available to other users.

Prompt for Password on Resume (Windows XP)
This setting allows you to configure the computer to always lock and require a password after resuming from hibernate or suspend mode.

Disable CD Burning (Windows XP) Popular
This restriction is used to disable the use of the inbuilt CD recording functions of Windows.

Specify a Replacement GINA Authentication DLL (Windows NT/2000/XP)
Windows is shipped to load and execute the standard Microsoft GINA DLL (Graphical Identification and Authentication dynamic-link library) called MSGina.dll. You can specify a replacement GINA DLL using this setting.

Reboot Windows After a Crash (Windows NT/2000/XP)
This parameter controls whether Windows should automatically reboot after a system failure or if the blue crash screen should be displayed.

Restrict Access to the Event Logs (Windows NT/2000/XP)
The Windows event log contains records documenting application, security and system events taking place on the machine. As these logs can contain sensitive data this tweak allows you to restrict access to administrators and system accounts only.

Restrict Access to Base System Objects (Windows NT/2000/XP)
In Windows the core operating system libraries are kept in virtual memory and shared between the programs running on the system. This has exposed a vulnerability that could allow a user to gain administrative privileges on the computer the user is interactively logged onto.

Secure Network Access to the Windows Registry (Windows NT/2000/XP)
Windows supports accessing a remote registry via the Registry Editor across a network. The default setting allows for users to connect and modify data within the remote registry.

Secure Access to CD-ROM Drives (Windows NT/2000/XP)
This setting determines whether data in the CD-ROM drive is accessible to other users.

Secure Access to Floppy Drives (Windows NT/2000/XP)
This setting determines whether data in the floppy disk drive is accessible to other users.

Restart the Shell Automatically (Windows NT/2000/XP)
By default if the Windows user interface or one of its components fails, the interface is restarted automatically, the can be changed so that you must restart the interface by logging off and logging on again manually.

Specify Executable Files to be Lauched by Winlogon (Windows NT/2000/XP)
This setting specifies a list of executable files to be run by Winlogon in the system context when Windows starts.