Author Topic: Best Practices for Creating a Secure Guest Account  (Read 2350 times)

0 Members and 1 Guest are viewing this topic.

Best Practices for Creating a Secure Guest Account
« on: June 16, 2010, 06:21:05 PM »

Offline Nick

  • Administrator
  • Platinum Member
  • *
  • Posts: 46028
  • Karma: +1000/-0
  • Gender: Male
  • NickCS
    • http://www.facebook.com/nickcomputerservices
    • http://www.twitter.com/nickcomputer
    • Computer Chiangmai

Best Practices for Creating a Secure Guest Account

These best practices will help keep your systems more secure when you need to enable a Guest account.

In some environments, you might need to set up a Guest account that can be used by visitors. Most of the time, you’ll want to configure the Guest account on a specific computer or computers and carefully control how the account can be used. Here are some best practices to follow when creating a secure Guest account:

Enable the Guest account for use
By default, the Guest account is disabled, so you must enable it to make it available. To do this, access Local Users And Groups in Computer Management, select the Users folder, double-click Guest, and then clear the Account Is Disabled check box. Click OK.

Set a secure password for the Guest account
By default, the Guest account has a blank password. To improve security on the computer, you should set a password for the account. In Local Users And Groups, right-click Guest, and then select Set Password. Click Proceed at the warning prompt. Type the new password and then confirm it. Click OK twice.

Ensure that the Guest account cannot be used over the network
The Guest account shouldn’t be accessible from other computers. If it is, users at another computer could log on over the network as a guest. To prevent this, start the Local Security Policy tool from the Administrative Tools menu, or type secpol.msc at the command prompt. Then, under Local Policies\User Rights Assignment, check that the Deny Access To This Computer From The Network policy lists Guest as a restricted account.

Prevent the Guest account from shutting down the computer
When a computer is shutting down or starting up, it is possible that a guest user (or anyone with local access) could gain unauthorized access to the computer. To help deter this, you should be sure that the Guest account doesn’t have the Shut Down The System user right. In the Local Security Policy tool, expand Local Policies\User Rights Assignment and ensure that the Shut Down The System policy doesn’t list the Guest account.

Prevent the Guest account from viewing event logs
To help maintain the security of the system, the Guest account shouldn’t be allowed to view the event logs. To be sure this is the case, start Registry Editor by typing regedit at a command prompt, and then access the HKLM\SYSTEM\Cur-rentControlSet\services\Eventlog key. Here, among others, you’ll find three important subkeys: Application, Security, and System. Make sure each of these subkeys has a DWORD value named RestrictGuestAccess with a value of 1.

From the Microsoft Press book Windows 7 Administrator’s Pocket Consultant by William R. Stanek.

credit: technet.microsoft.com


 
Share this topic...
In a forum
(BBCode)
In a site/blog
(HTML)


Related Topics

  Subject / Started by Replies Last post
0 Replies
2185 Views
Last post April 23, 2009, 08:49:32 AM
by Reporter
0 Replies
1738 Views
Last post February 02, 2011, 01:33:15 PM
by Nick
0 Replies
4843 Views
Last post May 12, 2011, 01:44:06 PM
by Nick
0 Replies
2464 Views
Last post June 23, 2011, 08:01:42 PM
by Nick
0 Replies
1329 Views
Last post February 20, 2013, 07:24:25 PM
by Nick
0 Replies
2298 Views
Last post April 04, 2013, 04:25:33 PM
by Nick
0 Replies
1541 Views
Last post June 10, 2013, 02:05:57 PM
by Nick
0 Replies
1576 Views
Last post August 09, 2013, 02:11:30 AM
by Nick
0 Replies
1578 Views
Last post September 12, 2013, 09:01:36 PM
by Nick
0 Replies
1535 Views
Last post March 23, 2016, 02:06:17 PM
by Nick