Ahh, I guess some of these were valid for some versions of Windows XP.
All of these require that you have exposed incoming ports. If you don't (i.e. you're a typical person with a router) then
This disables ICMP redirects. Apparently already defaulted to disabled in Windows XP
This attempts to correct for a common form of DOS attack known as 'SYN flooding'. A value of 2 isn't even valid for Windows XP, and 1 was the default eventually.
Number of attempts to retry an unanswered SYN-ACK response, for preventing SYN flooding. 2 has been the default for some time.
How many half open connections to allow before SYN flood protection is turned on.
How many retired """""
According to Microsoft:
The SynAttackProtect, TcpMaxHalfOpen, and TcpMaxHalfOpenRetried registry entries are no longer used with Windows Vista and Windows Server 2008. The TCP/IP protocol suite implementation in Windows Vista and Windows Server 2008 was redesigned to provide improved performance and does not require manual modification of these registry entries.
If the system is somehow forced to refuse connection requests, how many before it turns on Syn attack protection. This should probably be included in the above as 'no longer applying at all'.
This just makes your computer more aggressively terminate connections that might be dead. 3 is okay. But again, assuming you're behind a router and you probably are, lowering this hurts you more than it helps you.
This is only relevant if you have multiple gateways configured. Turning it off as you are trying to do here would mean that if one of your networks failed, it wouldn't automatically try to switch to another. I'm not sure why disabling this explicitly is supposed to be a 'good idea'.
Whether or not Windows should attempt to discover the maximum packet size along a given path. It's no longer possible to trick Windows into setting this below 576 so this is pointless.
By default, TCP connections have a rather ridiculous time-to-live, roughly five days according to spec, or three hours by MS's default - this sets it to five minutes (300,000 milliseconds). I actually set this lower for E's server, but again, it's my server - it's directly accessible by the rest of the world and it has to be. For most people, who are behind a hardware router of some sort, this hurts more than it helps, as it may drop potentially good connections.
Disables tolerating packet source spoofing... apparently this is still actually relevant in windows 7. WTF. No harm in adding this manually, but again, your router will generally intercept this, not your pc.
Only relevant if you're using WINS and NetBIOS, and running a network as such where you'd fear to be subjected to such attacks. I don't think I've seen WINS in over a decade, even in Microsoft shops. Microsoft itself suggests against this.
If you're really this paranoid, rather than ganking an important function of DHCP you should really just set your own static IP address.
Dynamic SYN backlog settings for dealing with SYN flood attacks. Again, as of Vista, this gets managed automagically, these settings no longer do anything.