A way to Disable the Local Guest Account?

[Mike]

Hi,

Our security folks want me to disable the "Guest" account on all of our
servers.
Is there a way to do that with a batch file? I have the Resource kit for
both W2k
and NT4 but I am not seeing the right tool for this one.

M

 

[Ray at]

Hi Mike,

net user guest /active:no

If you need to do this remotely, I think the simplest way is to use AT to
schedule it to happen on the servers. Like, if you have a list of servers
in a text file or something, like:

server1
server2
server3

you can do:

for /f %j in (C:\listofservers.txt) do (at \\%j 14:00 net user guest
/active:no)

That will disable all the accounts at 2 PM. This you could just enter at
the command prompt. If you put it in a .bat, just change the instances of
%j to %%j in the command.

Ray at home

 

[Richard McCall [MSFT]]

In w2k this can also be accomplished via a group policy

--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."

Hi Mike,

net user guest /active:no

If you need to do this remotely, I think the simplest way is to use AT to
schedule it to happen on the servers. Like, if you have a list of servers
in a text file or something, like:

server1
server2
server3

you can do:

for /f %j in (C:\listofservers.txt) do (at \\%j 14:00 net user guest
/active:no)

That will disable all the accounts at 2 PM. This you could just enter at
the command prompt. If you put it in a .bat, just change the instances of
%j to %%j in the command.

Ray at home

 

[Al Dunbar [MS-MVP]]

Hi, That works. I used RCMD and attached to the servers that way.
They would also like me to Rename the Guest account. Any ideas on that?

I would rename it as "Visitor". Sorry, I couldn't resist.

I don't see how it can be done with NET USER - you may need to use ADSI,
from WSH or some other scripting environment.

/Al

 

[Clay Calvert]

I would rename it as "Visitor". Sorry, I couldn't resist.

I don't see how it can be done with NET USER - you may need to use ADSI,
from WSH or some other scripting environment.

/Al

CusrMgr in the ResKit works for renaming users, but I've never tried
it with the Guest account.

Clay Calvert
(e-mail address removed)
Replace "W" with "L"

 

[Marty List]

They would also like me to Rename the Guest account. Any ideas on that?

Try my freeware utility, "BuiltIn Account Manager":

C:\>BuiltIn.exe /?

BuiltIn Account Manager [Version 1.11]

Displays or manages the builtin Administrator or Guest account, without
knowing
what the current name is.


The syntax of this command is:

BuiltIn [/details] [/newname:name] [/newpwassword] [/disabled:y|n]
[/account:Guest] [\\computer] [/domain:name]

/details: Displays the account details, instead of just the name.
/newname: Allows you to rename the account, 20 characters max.
/newpw: Allows you to change the account password, 256 characters
max.
/disabled: Allows you to disable or enable the account. (If policy
allows)
/account: Specifies the Guest account instead. (Default is
Administrator)
\\computer Allows you to manage the account on a remote system.
/domain: Manages the domain account instead. (Overrides \\computer)

An argument of /? or -? displays this syntax and always returns 1.
A successful completion will return 0.

http://www.optimumx.com/download/