Guest Account

Issue

The Guest account is intended for users who require temporary access to the system. However, if you enable this account, you can create a security risk because an unauthorized user could gain anonymous access to your system through this account.

Solution

Disable the guest account.

Note: If you are running Windows XP with simple file sharing enabled, you do not have to disable the guest account because it does not pose a risk. Refer to the "What's New in Security for Windows XP Professional and Windows XP Home Edition" white paper listed below for more details.

Instructions

To disable the Guest account in Windows 2000

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Administrative Tools, and then double-click Computer Management.
3. Double-click the Local Users and Groups folder, and then click the Users folder.
4. In the right pane, double-click the Guest account.
5. In the Guest Properties dialog box, select the Account is disabled check box.

To disable the Guest account in Windows NT

1. Click Start, point to Programs, and then click Administrative Tools.
2. Click User Manager for Domains.
3. Under the User menu, click Select Domain, and then type the local computer name.
4. Double-click the Guest account.
5. In the User Properties dialog box, select the Account Disabled check box.

Additional Information

What's New in Security for Windows XP Professional and Windows XP Home Edition (details use of the Guest account in the Windows XP simple sharing model)

Users overview (Microsoft Windows 2000 Advanced Server Documentation: Windows 2000)

⌐ 2002 Microsoft Corporation. All rights reserved.