For security measures then one should consider disabling the ability to launch the 16 bit subsystem.
USB makes it easy to attach a storage device and steal valuable data from a computer.
Enabling automatic login so one doesn't have to type username and password at every boot.
The system event log can contain information, which can be used compromise the security.
Example of how to list shares and user accounts with anonymous access.
How to prevent access for anonymous to see available shares and user accounts.
Manage what accounts that have remote access to the registry.
Protect against DLL injections to avoid performing malicous code.
Protecting the Administrator account from unauthorized access.
Audit policies can be created to record unsuccessful logon attempts in the event log.
Using access control lists to improve the security for NTFS partitions.
Extend the login dialog with the option to shutdown the computer without having given credentials.
Disable legacy subsystems to prevent attackers from using these subsystems as base of attack.