Here are so basic registry tweaks i decided to post. I will post some more advanced ones in the future.
CONTENTS
-Disable the Properties Option For Recycle Bin(Windows 2000/XP)
-Automatic Administrative Logon to Recovery Console (Windows 2000/XP)
-Disable Password Caching in Internet Explorer (All Windows)
-Limit the Number of Automatic Logins (Windows NT/2000/XP)
-Legal Notice Dialog Box Before Logon (All Windows)
-Disable Password Caching (All Windows)
-Require Alphanumeric Windows Password (All Windows)
-Disable the Change Password Button (Windows NT/2000)
-Disable the Auto Logon Shift Override Feature (Windows NT/2000/XP)
-Require Users to Press Ctrl+Alt+Delete Before Logon (Windows 2000/XP)
-Restrict Showing the Last Username (Windows 2000/XP)
-Change the Message Shown on the Logon Box (Windows NT/2000/XP)
-Disable the Lock Workstation Button (Windows NT/2000/XP)
-Network Connection Restrictions (Windows 2000/XP)
-Remove Log Off from the Start Menu (All Windows
-Disable File and Printer Sharing (Windows 95/98/Me)
-Harden the TCP/IP Stack for Denial of Service Attacks (Windows 2000/XP)
-Protect Against SYN Flood Attacks (Windows NT/2000/XP)
-Disable Save Password Option in Dial-Up Networking (Windows NT/2000)
-Restrict Anonymous User Access (Windows NT/2000/XP)
-Remove the Map and Disconnect Network Drive Options (Windows NT/2000/XP)
-Require Validation by Network for Windows Access (Windows 95/98/Me)
-Disable the Automatic Creation of a Default Network Route (Windows NT)
-Disable System Restore Tools and Settings (Windows XP)
-Secure Access to Floppy Drives (Windows NT/2000/XP)
-Secure Access to CD-ROM Drives (Windows NT/2000/XP)
-Specify Executable Files to be Lauched by Winlogon (Windows NT/2000/XP)
-Disable CD Burning (Windows XP)
-Clear Download Accelerator History (All Windows)
-Disable Recent Files in Media Player (All Windows)
-Clear the Cached Run Commands (All Windows)
-Clear the Internet Explorer Typed Address History (All Windows)
-Disable User Tracking (Windows 2000/XP)
________________________________________________
________________________________________________

Disable the Properties Option For Recycle Bin(Windows 2000/XP)
This tweak allows you to restrict access to the "Properties" option on the Recycle Bin right-click context menu.

Location:[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
LABEL: NoPropertiesRecycleBin
TYPE: REG_DWORD
VALUE: (0 = disable restriction, 1 = enable restriction)
[gloworange]--------------------------------------------------------------------------------[/gloworange] Automatic Administrative Logon to Recovery Console (Windows 2000/XP)
The recovery console is a command line environment that is used to recover from system problems. This setting controls whether the administrator account will be logged on automatically or be required to enter a password when the recovery console is invoked during startup.

LOCATION: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\
RecoveryConsole]
LABEL: SecurityLevel
TYPE: REG_DWORD
VALUE: (0 = require password, 1 = no password)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable Password Caching in Internet Explorer (All Windows)
When you attempt to view a password-protected site, you are normally prompted to type your username and password with an option to "Save this password in your password list". This tweak can be used to disable the ability for users to save passwords.

LOCATION: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings]
LABEL: DisablePasswordCaching
TYPE: REG_DWORD
VALUE: (0 = default, 1 = disable password cache)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Limit the Number of Automatic Logins (Windows NT/2000/XP)
This setting is used to limit the number of automatic logins, once the limit has been reached the auto logon feature will be disabled and the system will display the standard authentication box.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
LABEL: AutoLogonCount
TYPE: REG_DWORD
VALUE: Number of Automatic Logins
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Legal Notice Dialog Box Before Logon (All Windows)
Use these fields to create a dialog box that will be presented to any user before logging onto the system. This is useful where you are required by law to warn people that it is illegal to attempt to logon without being an authorized user.

Windows 95, 98 and Me:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon

Windows NT, 2000 and XP:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

LABEL: LegalNoticeCaption
TYPE: REG_SZ (String Value)
VALUE : <CAPTION OF WINDOW>

LABEL: LegalNoticeText
TYPE: REG_SZ (String Value)
VALUE : <MESSAGE>
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable Password Caching (All Windows)
Normally Windows caches a copy of the users password on the local system to allow for additional automation, this leads to a possible security threat on some systems. Disabling caching means the users passwords are not cached locally. This setting also removes the second Windows password screen and also remove the possibility of networks passwords to get out of sync.

LOCATION: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Network]
LABEL: DisablePwdCaching
TYPE: REG_DWORD
VALUE: (0 = disabled, 1=enabled)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Require Alphanumeric Windows Password (All Windows)
Windows by default will accept anything as a password, including nothing. This setting controls whether Windows will require a alphanumeric password, i.e. a password made from a combination of alpha (A, B, C...) and numeric (1, 2 ,3 ...) characters.

LOCATION: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Network]
LABEL: AlphanumPwds
TYPE: REG_DWORD
VALUE: (0 = disabled, 1=enabled)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable the Change Password Button (Windows NT/2000)
This setting disables the 'Change Password' button on the Windows Security dialog box. Enabling this setting stops casual users from being able to change the password.

LOCATION: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
LABEL: DisableChangePassword
TYPE: REG_DWORD
VALUE: (0 = disabled, 1 = enabled)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable the Auto Logon Shift Override Feature (Windows NT/2000/XP)
When using the automatic login feature it is possible for a user to hold the Shift key to bypass the login sequence and enter a username and password. This feature disables the ability to override the function.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
LABEL: IgnoreShiftOverride
TYPE: REG_SZ (String Value)
VALUE: (1 = Ignore Shift)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Require Users to Press Ctrl+Alt+Delete Before Logon (Windows 2000/XP)
This setting controls whether users are required to press Ctrl + Alt + Delete as a security precaution before logging into the system.

LOCATION: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
LABEL: DisableCAD
TYPE: REG_DWORD
VALUE: (0 = Require Ctrl+Alt+Delete, 1 = Disable)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Restrict Showing the Last Username (Windows 2000/XP)
This restriction removes the ability to view which user was last logged onto a computer by clearing the username box on the login screen.

LOCATION: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
System]
LABEL: DontDisplayLastUserName
TYPE: REG_DWORD
VALUE: (1 = remove username)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Change the Message Shown on the Logon Box (Windows NT/2000/XP)
You can personalize (or legalize) the message displayed on the logon box above the user name and password.

LOCATION: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
LABEL: LogonPrompt
TYPE: REG_SZ (String Value)
VALUE: <MESSAGE>
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable the Lock Workstation Button (Windows NT/2000/XP)
Add this setting to the registry to stop unauthorized users from locking machines from the Windows Security dialog box.

LOCATION: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System]
LABEL: DisableLockWorkstation
TYPE: REG_DWORD (DWORD Value)
VALUE: (0 = disabled, 1 = enabled)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Network Connection Restrictions (Windows 2000/XP)
These restrictions control access to the features and properties of LAN, RAS and other network connections.
LOCATION: [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\
Network Connections]
TYPE: REG_DWORD
LABELS:
NC_AddRemoveComponents - Restrict add and remove network components
NC_AdvancedSettings - Restrict changes to Advanced Settings
NC_AllowAdvancedTCPIPConfig - Restrict changes to advanced TCPIP configuration
NC_ChangeBindState - Restrict changes to protocol and service bindings
NC_DeleteAllUserConnection - Restrict deletion of public RAS connections
NC_DeleteConnection - Restrict deletion of RAS connections
NC_DialupPrefs - Restrict changes to the Dial-up Preferences
NC_EnableAdminProhibits - Enable Windows 2000 network connections for administrators
NC_LanChangeProperties - Restrict access to component properties of a LAN connection
NC_LanConnect - Restrict connecting and disconnecting a LAN connection
NC_LanProperties - Restrict access to properties of a LAN connection
NC_NewConnectionWizard - Disable the Network Connection wizard
NC_RasAllUserProperties - Restrict access to properties of public RAS connections
NC_RasChangeProperties - Restrict access to properties of a RAS connection
NC_RasConnect - Restrict connecting and disconnecting a RAS connection
NC_RasMyProperties - Restrict access to private RAS connection properties
NC_RenameAllUserRasConnection - Restrict renaming of public RAS connections
NC_RenameConnection - Restrict renaming of connections
NC_RenameLanConnection - Restrict renaming of LAN connections
NC_RenameMyRasConnection - Restrict renaming of private RAS connections
NC_Statistics - Disable status statistics for an active connection
VALUE: (0 = enable restriction)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Remove Log Off from the Start Menu (All Windows)
This tweak allows you to remove the Log Off [Username] option from the Start menu.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
VALUE: NoLogOff
TYPE: REG_DWORD
VALUE: (1 = no log off, 0 = show log off)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable File and Printer Sharing (Windows 95/98/Me)
When file and printer sharing is installed it allows users to make services available to other users on a network, this functionality can be disabled by changing this setting.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Network]
LABELS: NoFileSharing, NoPrintSharing
TYPE: REG_DWORD
VALUE: (0 = file sharing, 1 = disabled)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Harden the TCP/IP Stack for Denial of Service Attacks (Windows 2000/XP)
Denial of service attacks are network attacks that are aimed at making a computer or a particular service unavailable to network users. These settings can be used to increase the ability for Windows to defend against these attacks when connected directly to the Internet.

LOCATION: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
TYPES: REG_DWORD
VALUES:
EnableDeadGWDetect = "0" (default = 1)
Disables dead-gateway detection as an attack could force the server to switch gateways.

EnableICMPRedirect = "0" (default = 1)
Stops Windows from altering its route table in response to ICMP redirect messages. Some documentation has this listed as "EnableICMPRedirects" but according to Microsoft it should be "EnableICMPRedirect" no "s".

EnablePMTUDiscovery = "0" (default = 1)
Disables maximum transmission unit (MTU) discovery as an attacker could force the MTU value to a very small value and overwork the stack.

KeepAliveTime = "300,000" (default = 7,200,000)
Reduces how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.

NoNameReleaseOnDemand = "1" (default = 0)
Protects the computer against malicious NetBIOS name-release attacks.

PerformRouterDiscovery = "0" (default = 1)
Disables ICMP Router Discovery Protocol (IRDP) where an an attacker may remotely add default route entries on a remote system.

SynAttackProtect = "2" (default = 0)
Automatically adds additional delays to connection indications, and TCP connection requests quickly timeout when a SYN attack is in progress.
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Protect Against SYN Flood Attacks (Windows NT/2000/XP)
Windows includes protection that allows it to detect and adjust when the system is being targeted with a SYN flood attack (a type of denial of service attack). When enabled the connection responses time out more quickly in the event of an attack.

LOCATION: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
LABELS: SynAttackProtect,
TYPE: REG_DWORD
VALUES:
0 (default) - typical protection against SYN attacks
1 - better protection against SYN attacks that uses the advanced values below.
2 (recommended) - best protection against SYN attacks. This value adds additional delays to connection indications, and TCP connection requests quickly timeout when a SYN attack is in progress.
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable Save Password Option in Dial-Up Networking (Windows NT/2000)
When you dial a phonebook entry in Dial-Up Networking (DUN), you can use the 'Save Password' option so that your DUN password is cached and you will not need to enter it on successive dial attempts. This key disables that option.

LOCATION: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters]
LABEL: DisableSavePassword
TYPE: REG_DWORD
VALUE: (0=disable, 1=enable)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Restrict Anonymous User Access (Windows NT/2000/XP)
Windows has a feature where anonymous users can list domain user names and enumerate share names. Users who want enhanced security may optionally restrict this functionality.

LOCATION: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]
LABEL: RestrictAnonymous
TYPE: REG_DWORD
VALUE: (0 = allowed, 1 = restricted, 2 = require anonymous permissions)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Remove the Map and Disconnect Network Drive Options (Windows NT/2000/XP)
Prevents users from making additional network connections by removing the Map Network Drive and Disconnect Network Drive buttons from the toolbar in Explorer and also removing them from the Context menu of My Computer and the Tools menu of Explorer.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
LABEL: NoNetConnectDisconnect
TYPE: REG_DWORD
VALUE: (0 = disabled, 1 = enabled)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Require Validation by Network for Windows Access (Windows 95/98/Me)
By default Windows 9x doesn't require a valid network username and password combination for a user to bypass the logon and gain access to the local machine. This functionality can be changed to require validation by the network before allowing access.

LOCATION: [HKEY_LOCAL_MACHINE\Network\Logon]
LABEL: MustBeValidated
TYPE: REG_DWORD
VALUE: (0 = disabled, 1 = enabled)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable the Automatic Creation of a Default Network Route (Windows NT)
This tweak controls the default behavior of Windows to add a network route to 0.0.0.0 on multi-homed machines (e.g. proxy or firewall).

LOCATION: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{Adapter}\
Parameters]
LABEL: DontAddDefaultRoute
TYPE: REG_DWORD
VALUE: (0 = disable restriction, 1 = enable restriction)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable System Restore Tools and Settings (Windows XP)

System Restore allows users to revert Windows settings and configuration changes to an earlier point in time (called Restore Points). This tweak can be used to restrict user access to the System Restore tools and settings.

LOCATION: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
LABELS: DisableConfig, DisableSR
TYPE: REG_DWORD
VALUE: (1 = enable restriction)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Secure Access to Floppy Drives (Windows NT/2000/XP)

This setting determines whether data in the floppy disk drive is accessible to other users.

LOCATION: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
LABEL: AllocateFloppies
TYPE: REG_SZ (String Value)
VALUE: (0 = enabled, 1 = disabled)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Secure Access to CD-ROM Drives (Windows NT/2000/XP)

This setting determines whether data in the CD-ROM drive is accessible to other users.

LOCATION: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
LABEL: AllocateCDRoms
TYPE: REG_SZ (String Value)
VALUE: (0 = enabled, 1 = disabled)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Specify Executable Files to be Lauched by Winlogon (Windows NT/2000/XP)

This setting specifies a list of executable files to be run by Winlogon in the system context when Windows starts.

LOCATION: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
LABEL: System
TYPE: REG_SZ (String Value)
VALUE: (default = lsass.exe)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable CD Burning (Windows XP)

This restriction is used to disable the use of the inbuilt CD recording functions of Windows.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
LABEL: NoCDBurning
TYPE: REG_DWORD
VALUE: (0 = Allow CDR, 1 = Disable CDR)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Clear Download Accelerator History (All Windows)

Download Accelerator Plus (DAP) is a tool used to retrieve files from Internet servers. It stores a history of the files downloaded and URLs visited. To increase privacy and security this tweak allows you to clear the history.

GOTO [HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList].
Delete the sub-keys under the key to clear the download history.

GOTO [HKEY_CURRENT_USER\Software\SpeedBit\Download Accelerator\HistoryCombo].
Delete the data in the value called "URLHistory" to clear the URL combobox history.

Data Type: REG_SZ (String Value)
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable Recent Files in Media Player (All Windows)

This restriction will stop Windows Media Player from storing the names of the played media in the recent file list.

LOCATION: [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences]
LABEL: AddToMRU
TYPE: REG_BINARY (Binary Value)
VALUE: 00 = disabled, 01 = enabled
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Clear the Cached Run Commands (All Windows)

Do you have a lot of items in the run command history on Start Menu? This tweak will allow you to clear the most-recently-used (MRU) list.

LOCATION: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
RunMRU]
DELETE: THE KEYS YOU DO NOT WANT
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Clear the Internet Explorer Typed Address History (All Windows)

Internet Explorer caches any URLs that are typed into the address bar. This may become a privacy issue on a shared computer, or a nuisance if there is a particular URL you want to remove without clearing the whole history.

LOACTION: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
DELETE: THE KEYS YOU DO NOT WANT
[gloworange]--------------------------------------------------------------------------------[/gloworange]
Disable User Tracking (Windows 2000/XP)

This setting stops Windows from recording user tracking information including which applications a user runs and which files and documents are being accessed.

LOCATION: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
LABEL: NoInstrumentation
TYPE: REG_DWORD
VALUE: (1 = enable restriction)