Changing LAN Manager Authentication on Windows NT (Windows NT)
Windows NT supports two kinds of challenge/response authentication: LanManager (LM) and Windows NT (NTLM). LM authentication is not as strong as Windows NT authentication so some customers may want to disable its use, because an attacker sniffing the network traffic could possibly attack the weaker protocol.

Disable TCP/IP Source Routing (Windows NT 4.0)
Normally, on a computer running Windows NT 4.0, you cannot disable the source routing feature for the TCP/IP protocol. By using this tweak it is possible to disable it.

Remove Log Off from the Start Menu (All Versions)
This tweak allows you to remove the Log Off [Username] option from the Start menu.

Hide Computer from the Browser List (Windows NT/2000/XP)
If you have a secure server or workstation you wish to hide from the general browser list, then enable this setting.

Hide Entire Network in Network Neighborhood (All Versions)
Entire Network is an option under Network Neighborhood that allows users to see all the Workgroups and Domains on the network. Entire Network can be disabled, so users are confined to their own Workgroup or Domain.

Disabling Save Password option in Dial-Up Networking (Windows NT/2000)
When you dial a phonebook entry in Dial-Up Networking (DUN), you can use the 'Save Password' option so that your DUN password is cached and you will not need to enter it on successive dial attempts. This key disables that option.

Hide Workgroup Content from Network Neighborhood (All Versions)
Enabling this option hides all Workgroup contents from being displayed in Network Neighborhood.

Send Plain Text Passwords (Windows NT)
When connecting to some SMB servers, such as Samba and LAN Manager for UNIX, you may be required to send unencypted password. This setting enables that functionality.

Remove the Map and Disconnect Network Drive Options (Windows NT/2000/XP)
Prevents users from making additional network connections by removing the Map Network Drive and Disconnect Network Drive buttons from the toolbar in Explorer and also removing them from the Context menu of My Computer and the Tools menu of Explorer.

Disable Caching of Domain Password (Windows 95/98/Me)
Enabling this setting disables the caching of the domain passwords, and therefore passwords are required to be re-entered to access any additional domain resources.

Disable File and Printer Sharing (All Versions)
When file and printer sharing is installed it allows users to make services available to other users on a network, this functionality can be disabled by changing this setting.

Hide Share Passwords with Asterisks (All Versions)
This setting controls whether the password typed when accessing a file share is shown in clear text or as asterisks.

Hide Computers Near Me in Network Places (Windows 2000/Me/XP)
This setting allows you to show or hide the computers listed Near Me in My Network Places.

Disable the Ability to Remotely Shutdown the Computer Browser Service (Windows NT/2000/XP)
It is possible for a malicious user to shut down a computer browser, or all computer browsers, on the same subnet. If all of the computers on the same subnet are shut down, they can then declare their own computer the new master browser.

Automatic Hidden Shares (Windows NT/2000/XP)
When networking has been installed on a Windows machine, it will automatically create hidden shares to the local disk drives. It is possible to disable the sharing at run-time, but this tweak will stop the automatic sharing altogether.

Disable Recent Shares in Network Places (Windows XP)
This restriction stops remote shared folders from being added to Network Places whenever you open a document in the shared folder.

Network Connection Restrictions (Windows 2000/XP)
These restrictions control access to the features and properties of LAN, RAS and other network connections.

Remove Network Connections from the Start Menu (Windows 2000/Me/XP)
This tweak allows you to hide the Network and Dial-up Connections option on the Start Menu.

Restrict Anonymous User Access (Windows NT/2000/XP)
Windows has a feature where anonymous users can list domain user names and enumerate share names. Users who want enhanced security may optionally restrict this functionality.

Specify Users to Receive Administrative Alerts (Windows NT/2000/XP)
This setting is used to specify a list of users and/or computers that should receive administrative alerts.

Require Validation by Network for Windows Access (Windows 95/98/Me) Popular
By default Windows 9x doesn't require a valid network username and password combination for a user to bypass the logon and gain access to the local machine. This functionality can be changed to require validation by the network before allowing access.

Changing the Password Expiry Warning Period (Windows NT/2000/XP)
This entry specifies the number of days before a user's password expires that a warning message is displayed.

Fix DHCP Security Flaw (Windows 95/98/Me)
The ICMP Router Discovery Protocol (IRDP) comes enabled by default on DHCP clients that are running Microsoft Windows 9x/2000 machines. By spoofing IRDP Router Advertisements, an attacker can remotely add default route entries on a remote system.

Disable the Automatic Creation of a Default Network Route (Windows NT)
This tweak controls the default behavior of Windows to add a network route to 0.0.0.0 on multi-homed machines (e.g. proxy or firewall).