Hi, We have to be PCI-DSS compliant and have several Windows servers running ISA and TMG. We have: Win 2K3 with ISA 2000 (on it's way out) Win 2K3 with ISA 2006 Win 2K8 R2 with TMG 2010 All of these servers, in the registry have TCP1323Opts set to '0' as per http://technet.microsoft.com/en-us/library/cc938205.aspx to disable TCP Timestamps. This is confirmed using Netsh where RFC 1323 Timestamps : disabled However, for PCI-DSS compliance we have to run vulnerability scans. Although only informational, all these servers come back as giving Timestamp replies. Although vulnerabilities due to this are minimal, from the timestamp is can be calculated how long a server has been running and therefore you can work out if it is missing the latest patches due to a lack of a reboot. I'm mainly puzzled as to why this is showing up when it is meant to be disabled. I've searched high and low across the Internet and can't find anything apart from the instructions as to how to change that reg entry. Do I need to do anything extra for the driver or something? Any help appreciated, Adrian