I got an email from a friend with some security tweak suggestions. Before I do any of them I'd like to know what they do. Can anyone help to clarify exactly what these tweaks do and what they protect against please???
I ask my friend and he had no idea.
---
Registry Tweaks
HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Ole
EnableDCOM = N
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
DCOM Protocols > Remove ncacn_ip_tcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\
Machine > Delete all value data INSIDE this key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\
Create:
DWORD - MaxCachedSockets = 0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\
Create:
DWORD - AutoShareServer = 0
DWORD - AutoShareWks = 0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSession Pipes\
NullSessionPipes > Delete all value data INSIDE this key
NullSessionShares > Delete all value data INSIDE this key
HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\NetBT\Parameters
TransportBindName = Delete all value data INSIDE this key
Create:
DWORD - SmbDeviceEnabled = 0
other
start > Run: telnet.exe
Type (and press enter): unset ntlm
Start > Connect to > right click account name > Properties > Networking
TCP/IP > Properties > Advanced > WINS
Enable LMhosts lookup = untick
Disable Netbios over TCP/IP = select
---
Thanks in advance
I ask my friend and he had no idea.
---
Registry Tweaks
HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Ole
EnableDCOM = N
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
DCOM Protocols > Remove ncacn_ip_tcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\
Machine > Delete all value data INSIDE this key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\
Create:
DWORD - MaxCachedSockets = 0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\
Create:
DWORD - AutoShareServer = 0
DWORD - AutoShareWks = 0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSession Pipes\
NullSessionPipes > Delete all value data INSIDE this key
NullSessionShares > Delete all value data INSIDE this key
HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\NetBT\Parameters
TransportBindName = Delete all value data INSIDE this key
Create:
DWORD - SmbDeviceEnabled = 0
other
start > Run: telnet.exe
Type (and press enter): unset ntlm
Start > Connect to > right click account name > Properties > Networking
TCP/IP > Properties > Advanced > WINS
Enable LMhosts lookup = untick
Disable Netbios over TCP/IP = select
---
Thanks in advance