Windows NT Registry Settings

registy.xls (5 Feb 99)      
HKLM\HARDWARE\DESCRIPTION\System\SystemBiosDate REG_SZ   7/27/98
HKLM\HARDWARE\DESCRIPTION\System\SystemBiosVersion REG_MULTI_SZ   Phoenix ROM BIOS PLUS Version 1.10 A02
HKLM\SOFTWARE\3Com\El90c\CurrentVersion\Description REG_SZ   3Com 3C90x Adapter Driver
HKLM\SOFTWARE\AntiShut     no permissions
HKLM\SOFTWARE\Classes\AppID\     READ access to users
HKLM\SOFTWARE\Classes\regfile\shell\open\command     READ access to users
HKLM\SOFTWARE\Classes\regfile\shell\open\command REG_SZ   replace with wordpad.exe "%1"
HKLM\SOFTWARE\Microsoft\Inetsrv\CurrentVersion\Description REG_SZ   Microsoft Internet Information Server
HKLM\SOFTWARE\Microsoft\Internet Explorer\Version REG_SZ   4.72.3110.8 is 4.01 SP1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Version\mkEnabled REG_SZ No disable mk
HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM REG_SZ N READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion REG_SZ   Service Pack 4
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion REG_SZ   3.51; 4.0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Embedding     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix     list of Q hotfixes for SP3
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q143478     fixes for port 139 OOB attack
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q143484     long URL parsing access violation
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q146965     fixes getadmin problem
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q147222     fixes for MS Exchange 5.5 and IIS 4.0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q148427     SSL Schannel fix
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q153296     fix for inaccessible boot device error
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q154087     fix for LSA Access violation
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q154460     fixes chargen/telnet issue
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q155701     corects WINS DoS problem
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q156655     corrects NDIS memory leak
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q163251     fix for NDISWAN buffer overflow
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q163852     workaround for pentium processor
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q167040     fix for PPTP performance
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q169274     fix for IIS 4.0 performance problem
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q169461     fix corrects the DNS attack
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q173277     fix for crashdump on machines > 2G RAM
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q175093     year 2000 compliance
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q177471     fix for EBSDIC to ANSI conversion problem
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q178205     fix for netbt problems
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q179129     fix for newtear and bonk attacks
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q179187     fix for TAPI 2.1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q180532     fix for pcmcia and xircom adapters
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q180963     fix for server attack crashing problem
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q181022     fix for printer problems
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q183654     fix for large drives (> 10 GB)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q184017     fix for lsahack.exe problem
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q188348     IIS fix for ftpls attack
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q190288     fix for privilege elevation problem
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI Extensions     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList     READ access to users
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SP4\Hotfix     list of Q hotfixes for SP4
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SP4\Hotfix\Q195725     TCP/IP crashing fix for 3Com drivers
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SP4\Hotfix\Q195733     fix for named pipe RPC DoS
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SP4\Hotfix\Q214802     fix to not allow pasting in logon dialog box
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon     remove access for Server Operators
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms REG_SZ 1 only user loggd on can use it
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies REG_SZ 1 only user loggd on can use it
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon REG_SZ 0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell REG_DWORD 1 automatically restart
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount REG_SZ 0 disable cached logons Q172931 (10)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword REG_SZ   remove any entry
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUsername REG_SZ 1 username space blank
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption REG_SZ   Warning
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText REG_SZ   Authorized Use Only
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning REG_DWORD e (number of days - 14)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon REG_SZ 0  
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WoW     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Extensions     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update\     should be IEXPOREV4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RenameFiles     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run     READ access to users Q126713
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions     READ access to users
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall     READ access to users
HKLM\SYS\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown REG_DWORD 1 enable
HKLM\SYSTEM\CCS\Control\Print\Providers\LanMan Print Services\Servers\AddPrinertDrivers REG_DWORD 1 enable
HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName REG_SZ   SC015352
HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot REG_DWORD 1 1 = reboot; 0 = no reboot (wks default)
HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled REG_DWORD 1 Log file is memory.dmp.
HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\LogEvent REG_DWORD 1  
HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\Overwrite REG_DWORD 1  
HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\SendAlert REG_DWORD 1 needs alerter service
HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation REG_DWORD 0 disable 8.3 creation - Q179148
HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\Win95TruncatedExtensions REG_DWORD 0 (off)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AuditBaseObjects REG_DWORD 1  
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail REG_DWORD 1 stop if audit is full
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing REG_BINARY 1 records backup and restore files
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel REG_DWORD 2 Q147706 (never send LM authentication)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages REG_MULTI_SZ   add PASSFILT; remove fpnwclnt
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous REG_DWORD 1 Q143474
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SecureBoot REG_DWORD 1  
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SubmitControl [AT command] REG_DWORD 0 disable
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType REG_SZ   ServerNT; WinNT is wks; LanmanNT - PDC
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\     add winreg - Q155363
HKLM\SYSTEM\CurrentControlSet\Control\Services\DHCP REG_DWORD 4  
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\NUMBER_OF_PROCESSORS REG_SZ 1 single processor
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ProtectionMode REG_DWORD 1 enabled
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Optional REG_MULTI_SZ   remove os2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Optional REG_MULTI_SZ   remove posix
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Os2 REG_EXPAND_SZ   delete text
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Posix REG_EXPAND_SZ   delete text
HKLM\SYSTEM\CurrentControlSet\Control\Update\UpdateMode REG_DWORD 1 (automatic update; not manual)
HKLM\SYSTEM\CurrentControlSet\IPFilterDrive\Parameters\DefaultForwardFragments REG_DWORD 0 drop fragments if they don't match
HKLM\SYSTEM\CurrentControlSet\IPFilterDrive\Parameters\EnableFragmentChecking REG_DWORD 1 enable fragment checks
HKLM\SYSTEM\CurrentControlSet\Services\Cdrom\Autorun REG_DWORD 0 turn off CD AutoRun
HKLM\SYSTEM\CurrentControlSet\Services\Disk\ScanDisconnectedDevices REG_DWORD 1 enabled
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\RestrictGuestAccess REG_DWORD 1 enabled
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security\RestrictGuestAccess REG_DWORD 1  
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\RestrictGuestAccess REG_DWORD 1  
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoDisconnect REG_DWORD 15 15 seconds autodisconnect
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer REG_BINARY 0 (no default admin shares) - server only
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks REG_BINARY 0 workstation only
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Disc REG_DWORD   insert # of minutes before disconnect
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\EnableForcedLogOff REG_DWORD 1  
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\EnableSecuritySignature REG_DWORD 1 enabled - on server only Q161372
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Hidden REG_DWORD 1 hides sever from browser
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionPipes REG_MULTI_SZ   remove SPOOLSS - Q143138
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\RequireSecuritySignature REG_DWORD 1 enabled - on server only Q161372
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\RestrictNullSessAccess REG_DWORD 1 enabled (true)
HKLM\SYSTEM\CurrentControlSet\Services\NdisWan\Parameters REG_DWORD 0 disable hitoryless encryption
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal REG_DWORD 0  
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel REG_DWORD 1 enable
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel REG_DWORD 1 enable
HKLM\SYSTEM\CurrentControlSet\Services\Rasman\Parameters\DisableSavePassword REG_DWORD 1  
HKLM\SYSTEM\CurrentControlSet\Services\Rasman\PPP\CHAP\OfferMSCHAP REG_DWORD 1 enable MS_CHAP with RADIUS
HKLM\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\EnablePlainTextPassword REG_DWORD 0  
HKLM\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\EnableSecuritySignature REG_DWORD 1 enabled - Workstation only; 0 for server
HKLM\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\FqdnUsesSmbServerName REG_DWORD 1 try SMBSERVER instead of ASQ
HKLM\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\RequireSecuritySignature REG_DWORD 1 workstation only - Q161372
HKLM\SYSTEM\CurrentControlSet\Services\Schedule\Security     remove WRITE access from SO
HKLM\SYSTEM\CurrentControlSet\Services\SimpTcp\Parameters\EnableTcpChargen REG_DWORD 0 disable chargen
HKLM\SYSTEM\CurrentControlSet\Services\SimpTcp\Parameters\EnableTcpEcho REG_DWORD 0 disable echo
HKLM\SYSTEM\CurrentControlSet\Services\SimpTcp\Parameters\EnableUdpChargen REG_DWORD 0 disable chargen
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter REG_DWORD 0  

Last Updated on 2/5/99
By bill wall
Hosted by www.Geocities.ws

1