Those are great. I also looked into setting the windows installer to run as the guest account, which is disabled. To help prevent users from updating their computers as this messes with the windows update. i also installed dreampack pl on the computers, but i don't think thats gonna do a whole lot cause we don't get physical access to computers.

ok i guess i should rephrase this. I'm looking for some semi common things that administrators do that are unsecure. The teams are given roughly 2-3 weeks to setup their network, and fix any holes in their security. So this would kinda be real world where someone comes into a business and the computer administrator has left. So no knowledge of how or what they did to the system, but they can't reinstall the os.

ok so my university puts on cyber defense competitions and i was just wondering if people know of some security holes that administrators accidentally put into a system that would leave that system vulnerable to attack. I would love for these to be real life errors like the admin was lazy and left a copy of the password list in an obscure directory.

That system is a windows 2003 server SP1. When it is given to them it is not a part of a domain, but many decide to make it a part of one even though their only other windows system is a windows dns. The group of people that are trying to secure up their systems are high school students, but at the same time i want the attacking team to have to work at it to break into the system. The attackers come from professionals and some graduate students.