If you’re looking for a detailed, definitive guide to hardening Windows 7, you can’t beat this security guide from Microsoft. It’s called the Threats and Countermeasures Guide: Security Settings in Windows 7 and Windows Server 2008 R2 and you can download it here.
It’s a massive 387 pages long and it includes specific descriptions and recommendations for every Windows 7 security setting. Here’s an example:
Accounts: Guest account status
This policy setting enables or disables the Guest account.
- Not Defined
The default Guest account allows unauthenticated network users to log on as Guest with no password. These unauthorized users could access any resources that are accessible to the Guest account over the network. This capability means that any shared folders with permissions that allow access to the Guest account, the Guests group, or the Everyone group are accessible over the network, which could lead to the exposure or corruption of data.
Disable the Accounts: Guest account status policy setting so that the built-in Guest account cannot be used.
All network users must be authenticated before they can access shared resources. If you disable the Guest account and the Network Access: Sharing and Security Model option is set to Guest Only, network logons fail, such as those performed by the Microsoft Network Server (SMB Service). This policy setting should have little impact on most organizations because Disabled is the default setting.
If you’re developing your own Windows 7 Hardening Guide or Windows 7 Hardening Standard, use this document as your reference and you won’t go wrong.