+1 on these! I add to "GPO enable": Automatic Updates (because we use WSUS)
We are also going to turn off the autoplay via GPO starting next week after some patching: http://support.microsoft.com/kb/967715 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -----Original Message----- From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] Sent: Thursday, February 26, 2009 6:06 AM To: NT System Admin Issues Subject: RE: Disable services (was: Mystery Domains) For servers(Non-DCs), GPOs disable: Audio Service, Messenger, Computer Browser, Distributed Link Tracking Client, wireless configuration GPOs enable: DNS client, windows time, snmp service For clients GPOs disable: computer browser, messenger, Distributed Link Tracking Client GPOs enable: dns client, dhcp client, windows time Scott Kaufman Lead Network Analyst ITT ESI, Inc. -----Original Message----- From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] Sent: Thursday, February 26, 2009 8:48 AM To: NT System Admin Issues Subject: Disable services (was: Mystery Domains) This brings up a good point - what other services do you typically disable? -----Original Message----- From: David Lum [mailto:david....@nwea.org] Sent: Wednesday, February 25, 2009 5:00 PM To: NT System Admin Issues Subject: RE: Mystery Domains Now, this is something I have done for a long time via GPO! Dave -----Original Message----- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, February 25, 2009 1:50 PM To: NT System Admin Issues Subject: RE: Mystery Domains Disable the computer browser service on your workstations....we did it years ago and never looked back. At the very least disable the ability of your workstations to maintain a browse list. His computer has probably become a browse master (or backup) for the network it is on, is picking up all the workgroups/domains his fellow travelers are broadcasting on whatever adapter he has connected at the hotel and barfing them over the VPN adapter into your network. From: Steven Calvanese [mailto:scalvan...@membersolutions.com] Sent: Wednesday, February 25, 2009 10:50 AM To: NT System Admin Issues Subject: Mystery Domains I just noticed all of these extra domains in my Microsoft Windows Network list. I have a user vpning to us from a hotel right now. I think that is where these could be coming from. Does anyone know how to stop this and how to flush this list? CONFIDENTIALITY NOTE: This email and any attachments are confidential and intended for the sole use of the persons named in the email. ________________________________________ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~