Security Options Configuration for securing XP Professional

The security options snap in contains options that can also be modified through registry. But its better to use this snap in instead of registry.

The security options that need a change to secure your system are listed below

Limit local account use of blank passwords to console logon only.Enable this setting local accounts with blank passwords cannot be used to connect to the machine from across the network.

Rename the default administrator account with a different name.Rename the guest account and also disable guest account for more security

Allow undock without having to log on. Disable this setting.

Restrict CD-ROM access to locally logged-on user only. Enable this setting.

Restrict floppy access to locally logged-on user only. Enable this setting.

Domain member: Disable machine account password changes. Disable this setting.

Do not require CTRL+ALT+DEL disable this setting if you require to have CTRL+ALT+DEL key combination enabled at the time of logon. This setting is enabled by default in domain controllers. Also yo need to disable welcome screen to enable this setting.

Number of previous logons to cache (in case domain controller is not available.Set this to 0.

Smart card removal behavior set this to lock workstation.

Send unencrypted password to third-party SMB servers. Disable this setting.

Allow anonymous SID/Name translation. Disable this setting.

Do not allow anonymous enumeration of SAM accounts. Enable this setting.

Do not allow anonymous enumeration of SAM accounts and shares. Enable this setting.

Do not allow storage of credentials or .NET Passports. Enable this setting.

Let Everyone permissions apply to anonymous users. Disable this setting.

Remotely accessible registry paths. Delete all settings.

Shares that can be accessed anonymously. Delete all settings.

Sharing and security model for local accounts. Set this to classic users authenticate themselves.

Do not store LAN Manager hash value on next password change. Set this to enabled

Allow system to be shut down without having to log on. Set this to disabled.

Clear virtual memory pagefile. Set this to enabled.

Strengthen default permissions of internal system objects (e.g. Symbolic Links). Set this to enabled.

Also see User rights assignment