guest account and its mitigation

D

Doug Fox

What can I do to migitate the risk having a guest account enabled on a
member server? Any pointers are appreciated.

Thanks,
 
S

Steven L Umbach

Do you mean intentionally enabled for the use of it or in case it does become enabled
when it is not supposed to? --- Steve
 
D

Doug Fox

Some OS/2-based and DOS-based applications require the guest account on a
member server, not on the domain.
 
S

Steven L Umbach

Hi Doug.

I am not sure how those accounts require access, but a couple of things you could do.
You could add the guest account to deny local logon and/or deny access this computer
from the network in Local Security Policy depending on which one does not interfere
with the applications. The other thing is to remove everyone/user from folders where
you do not want guest account to access and replace it with authenticated users which
does not include the guest account or giving the guest account specific deny
permissions. I do not recommend changing any permissions on the \winnt folder or
subfolders themselves, but it is OK to lock down specific executables like the IIS
Lockdown tool does. Be sure to back up before making changes just in case. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can runas be used in the guest account? 0
By mistake Delete User Guest from windows 10 2
Guest account and power profile question 3
guest account 1
Second try: Guest account and power profile question 3
Telnet logon as guest 1
Guest account - internet access 3
Windows XP Changing power scheme in windows XP 2

Top