Disable: 'Recovery console: Allow floppy copy and access to all drives and all folders' for setcommand This policy setting makes the Recovery Console SET command available, which allows you to set the following recovery console environment variables: - AllowWildCards. Enables wildcard support for some commands (such as the DEL command). - AllowAllPaths. Allows access to all files and folders on the computer. - AllowRemovableMedia. Allows files to be copied to removable media, such as a floppy disk. - NoCopyPrompt. Does not prompt when overwriting an existing file. Counter Measure: Disable the Recovery Console: Allow floppy copy and access to drives and folders setting. Potential Impact: Users who have started a server through the Recovery Console and logged in with the built-in Administrator account will not be able to copy files and folders to a floppy disk.

(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders (2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\setcommand