Security Restrictions and Policies
WARNING: This article contains information about editing the registry. Before you edit the registry, you should first make a backup copy of the registry files (System.dat and User.dat). Both are hidden files in the Windows folder. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows. Use Registry Editor at your own risk.

Require Validation by Network for Windows Access (Windows 9x)
By default Windows doesn't require a valid network username and password combination for a user to create and use a local Windows machine. This functionality can be change to require validation by the network. 
Registry Settings:
Key: [HKEY_LOCAL_MACHINE\Network\Logon]
Value Name: MustBeValidated
Data Type: REG_DWORD
Data: (0 = disabled, 1 = enabled)

Require Alphanumeric Windows Password (Windows 9x and NT)
Windows by default will accept anything as a password, including nothing. This setting controls whether Windows will require a alphanumeric password, i.e. a password made from a combination of alpha (A, B, C...) and numeric (1, 2 ,3 ...) characters.
Registry Settings:
Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
Value Name: AlphanumPwds
Data Type: REG_DWORD
Data: (0 = disabled, 1=enabled)

Deny Access to the Display Settings (Windows 9x and NT)
This option disables the display settings control panel icon, and stops users from accessing any display settings. 
Registry Settings:
Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
Value Name: NoDispCPL
Data Type: REG_DWORD
Data: (0 = disabled, 1 = enabled)

Disable Network Control Panel (Windows 9x)
Enabling this option disables access to the Network Control Panel icon. 
Registry Settings:
Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
Value Name: NoNetSetup
Data Type: REG_DWORD
Data: (0 = disabled, 1 = enabled)

Disable Hidden Administrative Shares C$ D$
The system automatically creates hidden "administrative shares" for its logical volumes C:, D:, and so forth which it names C$, D$ and so forth. These shares are designed for remote access support by domain administrators. By default, if you delete these admin shares, they will be recreated when you reboot. To disable permanently so they will not be recreated on the next reboot:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareServer for servers
Name: AutoShareWks for workstations
Type: REG_DWORD
Value: 0
Perhaps the best approach to protect hard drive resources on workstations is to disable the server service if you can. There are a few workstation applications that need server service running, in particular, some SNA emulation packages.

Legal Notice Dialog Box Before Logon (Windows 9x and NT)
Use these fields to create a dialog box that will be presented to any user before logging onto the system. This is useful where you are required by law to warn people that it is illegal to attempt to logon without being an authorized user. 
1. Using Regedit find the appropriate key for your operating system. 
Windows 9x:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon 
Windows NT:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2. Modify the data of 'LegalNoticeCaption' to represent the caption on the dialog box (e.g. 'WARNING!'). If this value doesn't already exist create it. 
3. Then modify the data of 'LegalNoticeText' to represent the body of the dialog box (e.g. 'Do Not Attempt to Logon to this system unless you are an authorized user!') 
4. Exit Regedit, reboot, and the next time you boot up you should be presented with the dialog box before logging on. 
Note: This value is limited to 256 characters, you need to install the latest Windows NT service pack to allow up to 1024 characters. 
Registry Settings:
Value Name: LegalNoticeCaption, LegalNoticeText
Data Type: REG_SZ

Change the Message Shown on the Logon Box (Windows NT)
You can personalize (or legalize) the message displayed on the logon box above the user name and password. 
Simply create a new string value named 'LogonPrompt' in the key below, and enter the text you want to display. The default message is: 'Enter a user name and password that is valid for this system.' 
This feature can be used in conjunction with: Legal Notice Dialog Box Before Logon. 
Registry Settings:
Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Value Name: LogonPrompt
Data Type: REG_SZ

Disable Windows NT Encrypted Passwords
All versions of Windows NT prior to 4.0 Service Pack 3 could negotiate plain text (clear text) passwords. Windows NT 4.0 Service Pack 3 changed this default behaviour so it now will only handle encrypted passwords.
The following registry entry change will re-enable clear text password handling:
Run regedt32.exe and locate the hive key entry:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\System\CurrentControlSet\Services\Rdr\Parameters
Add the following value:EnablePlainTextPassword:REG_DWORD=1
Alternatively, download the NT4_PlainPassword.reg file and install it (either by double clicking on it, or run regedt32.exe and select Import Registry File from the Registry Menu).
The other major ramification of this feature of NT is that it can't browse a user level non-encrypted server unless it already has a connection open. This is because there is no spot for a password prompt in the browser window. It works fine if you already have a drive mounted (for example, one auto mounted on startup).