G
Gordon
Baseline Analyzer shows Guest Account enabled when it's NOT! Win XP Pro
SP2 fully patched. What's going on? Is it a bug?
SP2 fully patched. What's going on? Is it a bug?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Guest
That sounds like a bug to me.
N
Nepatsfan
It's not a bug. Rerun the Baseline Analyzer. This time, in the
Guest account section, click on the "What was scanned" link. An
explanation will appear which may clarify this situation for you.
When Simple File Sharing is enabled it uses the Guest account to
provide network access to shared resources on your computer. The
Guest account being disabled (in User Accounts or the Users
folder in Computer Management) means that no one can sit down in
front of your PC and logon using the Guest account. Simply put
the Guest account has remote access enabled but local access
disabled.
Guest account section, click on the "What was scanned" link. An
explanation will appear which may clarify this situation for you.
When Simple File Sharing is enabled it uses the Guest account to
provide network access to shared resources on your computer. The
Guest account being disabled (in User Accounts or the Users
folder in Computer Management) means that no one can sit down in
front of your PC and logon using the Guest account. Simply put
the Guest account has remote access enabled but local access
disabled.
G
Gordon
Simple file sharing is not enabled. I turn that off immediately to useNepatsfan said:It's not a bug. Rerun the Baseline Analyzer. This time, in the
Guest account section, click on the "What was scanned" link. An
explanation will appear which may clarify this situation for you.
When Simple File Sharing is enabled it uses the Guest account to
provide network access to shared resources on your computer. The
Guest account being disabled (in User Accounts or the Users
folder in Computer Management) means that no one can sit down in
front of your PC and logon using the Guest account. Simply put
the Guest account has remote access enabled but local access
disabled.
the "security" settings for files and folders.
N
Nepatsfan
Here are the results I get on my XPPro box running MBSA 1.2.1
Scenario 1
Simple File Sharing enabled.
Control Panel/User accounts -> Guest account is off.
Computer Management/Users -> Guest account is not disabled.
Results: Green check mark - Guest account is not disabled on this
computer.
Scenario 2
Simple File Sharing disabled.
Control Panel/User accounts -> Guest account is off.
Computer Management/Users -> Guest account is not disabled.
Results: Red X - Guest account is not disabled on this computer.
Scenario 3
Simple File Sharing disabled.
Control Panel/User accounts -> Guest account is off.
Computer Management/Users -> Guest account is disabled.
Results: Green check mark - Guest account is disabled on this
computer.
All three scenarios yield the expected results.
You could try uninstalling/reinstalling MBSA. Make sure you're
using the latest version. Also, have you made any changes in the
Local Security Policy with respect to the Guest account? If so,
that may have an impact on your results.
If you want to make a case that MBSA is not an accurate gauge of
the security of a PC, you won't get an argument from me. I've run
it on a number of machines and found it to yield inaccurate
results in other areas. I wouldn't rely on it to guarantee the
security of your machine.
Scenario 1
Simple File Sharing enabled.
Control Panel/User accounts -> Guest account is off.
Computer Management/Users -> Guest account is not disabled.
Results: Green check mark - Guest account is not disabled on this
computer.
Scenario 2
Simple File Sharing disabled.
Control Panel/User accounts -> Guest account is off.
Computer Management/Users -> Guest account is not disabled.
Results: Red X - Guest account is not disabled on this computer.
Scenario 3
Simple File Sharing disabled.
Control Panel/User accounts -> Guest account is off.
Computer Management/Users -> Guest account is disabled.
Results: Green check mark - Guest account is disabled on this
computer.
All three scenarios yield the expected results.
You could try uninstalling/reinstalling MBSA. Make sure you're
using the latest version. Also, have you made any changes in the
Local Security Policy with respect to the Guest account? If so,
that may have an impact on your results.
If you want to make a case that MBSA is not an accurate gauge of
the security of a PC, you won't get an argument from me. I've run
it on a number of machines and found it to yield inaccurate
results in other areas. I wouldn't rely on it to guarantee the
security of your machine.
G
Gordon
Nepatsfan said:Control Panel/User accounts -> Guest account is off.
Computer Management/Users -> Guest account is not disabled.
If the guest account is OFF (ie in my book disabled) in Control panel,
why the hell is it "Not disabled" in Computer management/Users?
Totally and completely illogical, isn't it?
N
Nepatsfan
You're right. But that's the default setup in order to provide
network access when Simple File sharing is enabled. No Guest
account, no network access. Go figure!
I seem to recall reading that when MS was developing XP, they
wanted to give there customers a method of sharing files in a
workgroup that was easier to configure than it was in W2K, where
matching user accounts needed to exist on both computers. That
led them to validate any user trying to access shared resources
by using the built-in Guest account. The result was Simple File
Sharing. It works fine
for many but is turned off by users, such as yourself, who want
to operate in a more secure environment.
Getting back to MBSA, it seems that version 2.0 will be available
soon as a Beta. Maybe they'll get your bug fixed. I'll be happy
when it stops telling me to apply updates that I know have
already been installed.
network access when Simple File sharing is enabled. No Guest
account, no network access. Go figure!
I seem to recall reading that when MS was developing XP, they
wanted to give there customers a method of sharing files in a
workgroup that was easier to configure than it was in W2K, where
matching user accounts needed to exist on both computers. That
led them to validate any user trying to access shared resources
by using the built-in Guest account. The result was Simple File
Sharing. It works fine
for many but is turned off by users, such as yourself, who want
to operate in a more secure environment.
Getting back to MBSA, it seems that version 2.0 will be available
soon as a Beta. Maybe they'll get your bug fixed. I'll be happy
when it stops telling me to apply updates that I know have
already been installed.
G
Gordon
Nepatsfan said:You're right. But that's the default setup in order to provide
network access when Simple File sharing is enabled. No Guest
account, no network access. Go figure!
But simple file sharing is OFF! (Or is there another setting somewhere
that shows it ON? )
I seem to recall reading that when MS was developing XP, they
wanted to give there customers a method of sharing files in a
workgroup that was easier to configure than it was in W2K,
I'd heard that that was the idea in XP Home, but I've got Pro!
Getting back to MBSA, it seems that version 2.0 will be available
soon as a Beta. Maybe they'll get your bug fixed. I'll be happy
when it stops telling me to apply updates that I know have
already been installed.
LOL!
N
Nepatsfan
Gordon said:But simple file sharing is OFF! (Or is there another setting
somewhere that shows it ON? )
Folder Options is the only location I'm aware of to turn it off.
The steps you've taken (SFS off, Guest disabled) should result in
MBSA showing a green check mark with "The Guest account is
disabled on this computer". That's what I get on my XPPro
machine. I don't know why your results differ. I've tried
changing a number of different settings on my machine (registry,
local group policy, created a user that was a member of only the
Guests group) and can't recreate your results. You may be right,
it could be a bug.
I'd heard that that was the idea in XP Home, but I've got Pro!
I know you're using Pro. I only mentioned that to point out the
fact that I think Microsoft sacrificed security for ease of use.
LOL!
Hey! They could be hard at work right now fixing your bug.
FYI, From the latest issue of the Microsoft Technet newsletter:
Announcing MBSA 2.0 Beta
http://go.microsoft.com/?linkid=2167605
Please help us improve the quality of the next version of the
Microsoft Baseline Security Analyzer. We are currently accepting
nominations into the MBSA 2.0 beta program. Customers can
nominate themselves for the beta. They will need to log on to the
system using their Microsoft .NET Passport and a guest ID of
"MBSA20" and then complete the survey. Microsoft will contact
customers who are selected for the private beta directly; those
not selected will automatically be notified of the public beta at
the end of March.
Sorry I couldn't shed more light on your problem. Good luck.
Nepatsfan
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.