Reseller Hardware Image Checklist-Server

September 2010

Page | 1

February 27, 2012

 2010 Radiant Systems, Inc. All Rights Reserved

The information contained in this manual is considered confidential and proprietary to Radiant Systems. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose, without the prior written permission of Radiant. INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE BY RADIANT WITHOUT NOTICE. RADIANT DOES NOT WARRANT THE ACCURACY OF THE INFORMATION CONTAINED IN THIS DOCUMENT

Page | 2

February 27, 2012

File Server settings - *Use this only for Server Images

y y y S335 S336 S337 y y y S4400 S4500 S4600

Image Name: Yes No Settings Remove the following accounts if they exist y User01 y HelpAssistant y Support_388945a0 y ASPNET Autologon is not enabled. Guest account is disabled. Change Administrator account name to RADSvr and blank password. Flag User Must Change Password at next Logon. Create user account named RALLogon if using RAL 2.3. Add to Administrators group. Gpedit.msc\Local Computer Policy\Computer Configuration\Security Settings\Local Security Settings\Local Policies\Account Policies\Account Lockout Policy-Configure Account lockout policy settings of : 6 invalid logon attempts and 30 minute lockout duration and 30 minute Reset account lockout after Gpedit.msc\Local Computer Policy\Computer Configuration\Security Settings\Local Security Settings\Local Policies\Audit Policy set all to audit Success and Failure. Gpedit.msc\Local Computer Policy\Computer Configuration\Security Settings\Local Security Settings\Local Policies\Account Policies\Password Policy: a. Change Enforce Password History to 4. b. Maximum Password Age to 90 c. Minimum Password Age to 30 d. Minimum Password Length to 7. e. Enable Password Must Meet Complexity Requirements Gpedit.msc\Local Computer Policy\Computer Configuration\Administrative Templates\System\System Restore-Enable the following: y Turn off System Restore y Turn off Configuration Gpedit.msc\Local Computer Policy\Computer Configuration\Administrative Templates\System\Remote AssistanceDisable the following: y Solicited Remote Assistance y Offer Remote Assistance February 27, 2012

Page | 3

Gpedit.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Log On Locally remove the following: Backup Operators and Guests Gpedit.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access This Computer From the Network-Remove any Unknown SIDs, if they exist, Backup Operators, and Everyone Gpedit.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny Log On Locally-remove any Unknown SIDs if they exist. Gpedit.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Log On as a Service-Remove any Unknown SIDs if they exist Gpedit.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment \Shutdown the System-Remove Backup Operators Gpedit.msc\Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment \Deny Access to this Computer from the network-Remove Unknown SIDs if they exist. Gpedit.msc\Local Computer Policy\Computer Configuration\Administrative Templates\System\Turn Off Autoplay-set to Enabled then Turn off Autoplay on ALL DRIVES. Gpedit.msc\ Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown : Clear virtual memory pagefile = enabled Gpedit.msc\ Local Computer Policy\User Configuration\Adminstrative Templates\Control Panel\Display-Hide Screen Saver tab-enabled Gpedit.msc\ Local Computer Policy\User Configuration\Adminstrative Templates\Control Panel\Display-Screen Saver-enabled Gpedit.msc\ Local Computer Policy\User Configuration\Adminstrative Templates\Control Panel\Display-Screen Saver executable nameenabled then type in %Systemroot%\System32\logon.scr in the field. Gpedit.msc\ Local Computer Policy\User Configuration\Adminstrative Templates\Control Panel\Display\Password Protect the Screen Saverenabled Gpedit.msc\ Local Computer Policy\User Configuration\Adminstrative Templates\Control Panel\Display\Screen Saver timeout-enabled then set to 900 seconds (15 minutes) Remove unknown SIDs from all other policies. From a command prompt type the following command: Regsvr32.exe /u remotepg.dll. This will remove the Remote tab under My Computer-System Properties No Netware protocols exist on any Integrated or PCI NIC Microsoft TCP/IP version 6 is not installed on any Integrated or PCI NIC Speed and Duplex settings on NIC are set to Auto Detect Page | 4 February 27, 2012

Allow Users to Connect Remotely to this Computer, located under Remote tab | Desktop frame is not flagged. DHCP Media Sense has been disabled. Timezone is set to correct time zone. The following Windows settings are checked/flagged: y View\Status Bar y View\Details y Display full path in address bar y Display full path in title bar y Show hidden files and folders y Hide protected OS and system files Windows Classic Theme is set The LCD and/or Hard drive settings have all Power Saving settings off Shutdown Event Tracker is disabled on Server 2003 images. (Server 2003 is enabled by default) On XP images it can be set to the default of Not Configured or Disabled (Not Configured is the Default setting) Display delete confirmation is flagged for the Recycle Bin Classic Start Menu radio button is flagged. Control Panel is set to Use Classic View. Windows Update has been run For XP machines, Use Simple Filesharing is disabled. For Windows 7 machines, Use Sharing Wizard is disabled. The lana number for the integrated NIC (Aloha Network) is set to 0 .Net Framework versions 1.1, 2.0, 3.0 and 3.5 with all service packs are installed. Security Center popup message is disabled. Enable NetBIOS over TCPIP is flagged on the Aloha Network connection. Allow the Computer to Turn off this device to save power is not flagged on the NIC (Lan Connection/Properties/Configure/Power Management tab) Wireless Zero Configuration service is disabled and stopped. My Computer\My Network Places\View Network Connections\Advanced\Advanced Settings\Adapters and Bindings tab\Verify that the Aloha Network connection is at the top of the binding order list. If not highlight it and select the green up arrow until it is the first on in the list. DEP is set to AlwaysOff in the boot.ini file (for XP and Server 2003 machines) and is disabled on Windows7 and Server 2008 using the following command: 1. Open an elevated command prompt a. Open the Start Menu. b. Click on All Programs and Accessories. c. Right click on Command Prompt and click Run as Administrator. 2. Type the following command: bcdedit.exe /set {current} nx AlwaysOff

Page | 5

February 27, 2012

D:\Bootdrv folder exists. Remove the Users group and aloha account from permissions. D:\AlohaEDC folder is created for EDCProcPath variable use. Create system environment variable named EDCPROCPATH, set value to D:\AlohaEDC Configure the processor priority to Background Services. Open the System properties and select Advanced/Performance Options, and select Settings in the Performance section. Select Advanced, and set the performance scheduling to Background Services. Install VC++ SP1 per Microsoft KB972260http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7ec73-40ff-b072-9112bab119c2&displaylang=en Install Adobe Reader if required-current released version. Open up Adobe Reader. Go to Edit\Preferences and make the following changes: y JavaScript-unflag Enable Adobe JavaScript y Multimedia Trust-unflag Allow multimedia operations y Trust Manager-unflag Allow opening of non-PDF file attachments with external applications. y Updater-check Do not automatically download or install updates. Set the Event Viewer logs to the following settings: o Application Log o Maximum Log Size 16384 kb o Overwrite as needed o Security Log o 16384 Maximum Log Size o Overwrite as needed o System Log o 16384 Maximum Log Size o Overwrite as needed o Internet Explorer Log o 16384 Maximum log Size o Overwrite as needed o Make sure to do this for any other installed applications such as Menulink or Microsoft Office. These are not installed on the Aloha base image so the entries do not exist at this time. Stop and/or disable the following services, if they exist: o HTTP SSL-disabled o SSDP Discovery Service-stopped and disabled o Universal Plug and Play Device Host-disabled o Web Client-stopped and disabled. o System Restore-stopped and disabled. o Remote Registry-stopped and disabled. o Wireless Zero Configuration-stopped and disabled. o Telnet-stopped and disabled o Windows Messenger-stopped and disabled. o IIS Admin-stopped and disabled

Page | 6

February 27, 2012

o World Wide Web Publishing-stopped and disabled. o FTP Publishing-stopped and disabled. o Network New Transfer Protocol-stopped and disabled. o Simple Mail Transfer Protocol-stopped and disabled. o Simple Network Management Protocol-stopped and disabled. o Internet Authentication-stopped and disabled o Microsoft POP3-stopped and disabled Start\Programs\Control Panel\Add Remove Programs\Add/Remove Windows Components-Uncheck the following if they are checked: y Accessories and Utilities\Details\uncheck Games y MSN Explorer y Outlook Express y Windows Media Player y Windows Messenger Start\Settings\Taskbar and Start Menu\Start Menu\Customize\Advanced button. Delete the following from All Users: y \Accessories-Tour Windows XP and Remote Desktop Connection shortcuts. y \Accessories\Communication-Hyperterminal, Network Connection Wizard, New Connection Wizard, and Wireless Network Setup Wizard shortcuts. y Accessories\System Tools-System Restore shortcut. Set Internet Time Synchronization to Time.windows.com System Restore is disabled. Automatic Updates is enabled and set for updates on Monday at 3 am. Recycle Bin was emptied before capturing image Event Logs were deleted and not saved before capturing image System Properties\Advanced\Startup and Recovery\Settings\Write Debugging Information set to None.

Image validated by: _ ___________________

Page | 7

February 27, 2012