You are on page 1of 7

Reseller Hardware Image Checklist-Server

September 2010

Page | 1

February 27, 2012

INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE BY RADIANT WITHOUT NOTICE. without the prior written permission of Radiant. or transmitted in any form or by any means. including photocopying and recording for any purpose. RADIANT DOES NOT WARRANT THE ACCURACY OF THE INFORMATION CONTAINED IN THIS DOCUMENT Page | 2 February 27. stored in a retrieval system. electronic or mechanical. No part of this document may be reproduced. Inc. All Rights Reserved The information contained in this manual is considered confidential and proprietary to Radiant Systems.© 2010 Radiant Systems. 2012 .

3. Enable Password Must Meet Complexity Requirements Gpedit. Gpedit.File Server settings .msc\Local Computer Policy\Computer Configuration\Security Settings\Local Security Settings\Local Policies\Account Policies\Password Policy: a. Add to Administrators group. Minimum Password Age to 30 d. Gpedit. Guest account is disabled.msc\Local Computer Policy\Computer Configuration\Administrative Templates\System\System Restore-Enable the following: y Turn off System Restore y Turn off Configuration Gpedit. Change Administrator account name to RADSvr and blank password. Maximum Password Age to 90 c.msc\Local Computer Policy\Computer Configuration\Security Settings\Local Security Settings\Local Policies\Account Policies\Account Lockout Policy-Configure Account lockout policy settings of : 6 invalid logon attempts and 30 minute lockout duration and 30 minute Reset account lockout after Gpedit. e.msc\Local Computer Policy\Computer Configuration\Security Settings\Local Security Settings\Local Policies\Audit Policy set all to audit Success and Failure. Change Enforce Password History to 4. Create user account named RALLogon if using RAL 2. b. 2012 Page | 3 . Flag User Must Change Password at next Logon.msc\Local Computer Policy\Computer Configuration\Administrative Templates\System\Remote AssistanceDisable the following: y Solicited Remote Assistance y Offer Remote Assistance February 27. Minimum Password Length to 7.*Use this only for Server Images y y y S335 S336 S337 y y y S4400 S4500 S4600 Image Name: Yes No Settings Remove the following accounts if they exist y User01 y HelpAssistant y Support_388945a0 y ASPNET Autologon is not enabled.

msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Log On Locally remove the following: Backup Operators and Guests Gpedit. 2012 . Gpedit.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Log On as a Service-Remove any Unknown SIDs if they exist Gpedit.Gpedit.msc\ Local Computer Policy\User Configuration\Adminstrative Templates\Control Panel\Display\Password Protect the Screen Saverenabled Gpedit.msc\ Local Computer Policy\User Configuration\Adminstrative Templates\Control Panel\Display-Hide Screen Saver tab-enabled Gpedit.msc\Local Computer Policy\Computer Configuration\Administrative Templates\System\Turn Off Autoplay-set to Enabled then Turn off Autoplay on ALL DRIVES. This will remove the Remote tab under My Computer-System Properties No Netware protocols exist on any Integrated or PCI NIC Microsoft TCP/IP version 6 is not installed on any Integrated or PCI NIC Speed and Duplex settings on NIC are set to Auto Detect Page | 4 February 27. Gpedit. Gpedit.msc\ Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown : Clear virtual memory pagefile = enabled Gpedit.msc\ Local Computer Policy\User Configuration\Adminstrative Templates\Control Panel\Display-Screen Saver executable nameenabled then type in %Systemroot%\System32\logon. and Everyone Gpedit.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny Log On Locally-remove any Unknown SIDs if they exist.dll.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment \Shutdown the System-Remove Backup Operators Gpedit.exe /u remotepg.scr in the field.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access This Computer From the Network-Remove any Unknown SIDs. From a command prompt type the following command: Regsvr32. Backup Operators. Gpedit.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment \Deny Access to this Computer from the network-Remove Unknown SIDs if they exist.msc\ Local Computer Policy\User Configuration\Adminstrative Templates\Control Panel\Display\Screen Saver timeout-enabled then set to 900 seconds (15 minutes) Remove unknown SID¶s from all other policies.msc\ Local Computer Policy\User Configuration\Adminstrative Templates\Control Panel\Display-Screen Saver-enabled Gpedit. if they exist.

DHCP Media Sense has been disabled. (Server 2003 is enabled by default) On XP images it can be set to the default of Not Configured or Disabled (Not Configured is the Default setting) ³Display delete confirmation´ is flagged for the Recycle Bin Classic Start Menu radio button is flagged. 3.1. Click on All Programs and Accessories. Enable NetBIOS over TCPIP is flagged on the Aloha Network connection. b.Net Framework versions 1. 2.5 with all service packs are installed. 2. Security Center popup message is disabled. located under Remote tab | Desktop frame is not flagged. Open an elevated command prompt a. Windows Update has been run For XP machines. ³Use Simple Filesharing´ is disabled. Timezone is set to correct time zone. My Computer\My Network Places\View Network Connections\Advanced\Advanced Settings\Adapters and Bindings tab\Verify that the Aloha Network connection is at the top of the binding order list.ini file (for XP and Server 2003 machines) and is disabled on Windows7 and Server 2008 using the following command: 1. The following Windows settings are checked/flagged: y View\Status Bar y View\Details y Display full path in address bar y Display full path in title bar y Show hidden files and folders y Hide protected OS and system files Windows Classic Theme is set The LCD and/or Hard drive settings have all Power Saving settings off Shutdown Event Tracker is disabled on Server 2003 images. c.0. Right click on Command Prompt and click Run as Administrator. Type the following command: bcdedit.³Allow Users to Connect Remotely to this Computer´. Use Sharing Wizard is disabled. 2012 . The lana number for the integrated NIC (Aloha Network) is set to 0 . DEP is set to AlwaysOff in the boot. If not highlight it and select the green up arrow until it is the first on in the list.exe /set {current} nx AlwaysOff Page | 5 February 27. For Windows 7 machines. Control Panel is set to ³Use Classic View´. ³Allow the Computer to Turn off this device to save power´ is not flagged on the NIC (Lan Connection/Properties/Configure/Power Management tab) Wireless Zero Configuration service is disabled and stopped. Open the Start Menu.0 and 3.

o Wireless Zero Configuration-stopped and disabled.aspx?familyid=766a6af7ec73-40ff-b072-9112bab119c2&displaylang=en Install Adobe Reader if required-current released version. 2012 . Select Advanced. D:\AlohaEDC folder is created for EDCProcPath variable use. o System Restore-stopped and disabled. Remove the Users group and aloha account from permissions. Open the System properties and select Advanced/Performance Options. if they exist: o HTTP SSL-disabled o SSDP Discovery Service-stopped and disabled o Universal Plug and Play Device Host-disabled o Web Client-stopped and disabled. o Telnet-stopped and disabled o Windows Messenger-stopped and disabled. Set the Event Viewer logs to the following settings: o Application Log o Maximum Log Size 16384 kb o Overwrite as needed o Security Log o 16384 Maximum Log Size o Overwrite as needed o System Log o 16384 Maximum Log Size o Overwrite as needed o Internet Explorer Log o 16384 Maximum log Size o Overwrite as needed o Make sure to do this for any other installed applications such as Menulink or Microsoft Office.microsoft. Create system environment variable named EDCPROCPATH. o Remote Registry-stopped and disabled. set value to D:\AlohaEDC Configure the processor priority to Background Services. Install VC++ SP1 per Microsoft KB972260http://www. Open up Adobe Reader. and set the performance scheduling to Background Services. y Updater-check Do not automatically download or install updates. and select Settings in the Performance section. These are not installed on the Aloha base image so the entries do not exist at this time. Stop and/or disable the following services.com/downloads/details. Go to Edit\Preferences and make the following changes: y JavaScript-unflag Enable Adobe JavaScript y Multimedia Trust-unflag Allow multimedia operations y Trust Manager-unflag Allow opening of non-PDF file attachments with external applications. o IIS Admin-stopped and disabled Page | 6 February 27.D:\Bootdrv folder exists.

o Simple Network Management Protocol-stopped and disabled.windows. Recycle Bin was emptied before capturing image Event Logs were deleted and not saved before capturing image System Properties\Advanced\Startup and Recovery\Settings\Write Debugging Information set to None. y \Accessories\Communication-Hyperterminal. o Network New Transfer Protocol-stopped and disabled. Delete the following from All Users: y \Accessories-Tour Windows XP and Remote Desktop Connection shortcuts. o Internet Authentication-stopped and disabled o Microsoft POP3-stopped and disabled Start\Programs\Control Panel\Add Remove Programs\Add/Remove Windows Components-Uncheck the following if they are checked: y Accessories and Utilities\Details\uncheck Games y MSN Explorer y Outlook Express y Windows Media Player y Windows Messenger Start\Settings\Taskbar and Start Menu\Start Menu\Customize\Advanced button. and Wireless Network Setup Wizard shortcuts. Network Connection Wizard. y Accessories\System Tools-System Restore shortcut. Automatic Updates is enabled and set for updates on Monday at 3 am. New Connection Wizard. o Simple Mail Transfer Protocol-stopped and disabled. o FTP Publishing-stopped and disabled.com System Restore is disabled. 2012 . Image validated by: _ ___________________ Page | 7 February 27.o World Wide Web Publishing-stopped and disabled. Set Internet Time Synchronization to Time.