To reduce to surface vulnerable to malicious attack. This is accomplished by removing, disabling unused services and/or increasing the encryption level of communication protocol. Microsoft has provided three types of templates: Compatible, Secure and Highly Secure.
Compatible relax security for operations with legacy NT servers and 9X clients. The secure type will enable operations with Windows 2000 servers/NT SP4 servers and Windows XP clients. Highly Secure type will disable both LAN Manager and NTLM together with other restrictions.
It is highly advisable to read through the templates and understand the significance the registry entries and change of rights before applying. Some registry entries may not break your application, but it will affect overall system performance. For example, disabling cached logins will require the domain controllers to be always available.
Listed below are all templates available in %SystemRoot%\Security\Templates
Setup security.inf
DC security.inf
Compatws.inf
Securews.inf
Securedc.inf
hisecws.inf
hisecdc.inf
Notssid.inf
How to apply security templates guide is here. If you want to do-it-your own, the guide is here, though it is much more eaiser to copy a template and modify.
Some third-party templates contain SIDS, the guides here and here are useful.