Author Topic: Best Practices for Creating a Secure Guest Account  (Read 2335 times)

0 Members and 1 Guest are viewing this topic.

Best Practices for Creating a Secure Guest Account
« on: June 16, 2010, 06:21:05 PM »

Offline Nick

  • Administrator
  • Platinum Member
  • *
  • Posts: 46028
  • Karma: +1000/-0
  • Gender: Male
  • NickCS
    • http://www.facebook.com/nickcomputerservices
    • http://www.twitter.com/nickcomputer
    • Computer Chiangmai

Best Practices for Creating a Secure Guest Account

These best practices will help keep your systems more secure when you need to enable a Guest account.

In some environments, you might need to set up a Guest account that can be used by visitors. Most of the time, you’ll want to configure the Guest account on a specific computer or computers and carefully control how the account can be used. Here are some best practices to follow when creating a secure Guest account:

Enable the Guest account for use
By default, the Guest account is disabled, so you must enable it to make it available. To do this, access Local Users And Groups in Computer Management, select the Users folder, double-click Guest, and then clear the Account Is Disabled check box. Click OK.

Set a secure password for the Guest account
By default, the Guest account has a blank password. To improve security on the computer, you should set a password for the account. In Local Users And Groups, right-click Guest, and then select Set Password. Click Proceed at the warning prompt. Type the new password and then confirm it. Click OK twice.

Ensure that the Guest account cannot be used over the network
The Guest account shouldn’t be accessible from other computers. If it is, users at another computer could log on over the network as a guest. To prevent this, start the Local Security Policy tool from the Administrative Tools menu, or type secpol.msc at the command prompt. Then, under Local Policies\User Rights Assignment, check that the Deny Access To This Computer From The Network policy lists Guest as a restricted account.

Prevent the Guest account from shutting down the computer
When a computer is shutting down or starting up, it is possible that a guest user (or anyone with local access) could gain unauthorized access to the computer. To help deter this, you should be sure that the Guest account doesn’t have the Shut Down The System user right. In the Local Security Policy tool, expand Local Policies\User Rights Assignment and ensure that the Shut Down The System policy doesn’t list the Guest account.

Prevent the Guest account from viewing event logs
To help maintain the security of the system, the Guest account shouldn’t be allowed to view the event logs. To be sure this is the case, start Registry Editor by typing regedit at a command prompt, and then access the HKLM\SYSTEM\Cur-rentControlSet\services\Eventlog key. Here, among others, you’ll find three important subkeys: Application, Security, and System. Make sure each of these subkeys has a DWORD value named RestrictGuestAccess with a value of 1.

From the Microsoft Press book Windows 7 Administrator’s Pocket Consultant by William R. Stanek.

credit: technet.microsoft.com


 
Share this topic...
In a forum
(BBCode)
In a site/blog
(HTML)


Related Topics

  Subject / Started by Replies Last post
0 Replies
2163 Views
Last post April 23, 2009, 08:49:32 AM
by Reporter
0 Replies
1722 Views
Last post February 02, 2011, 01:33:15 PM
by Nick
0 Replies
4808 Views
Last post May 12, 2011, 01:44:06 PM
by Nick
0 Replies
2442 Views
Last post June 23, 2011, 08:01:42 PM
by Nick
0 Replies
1314 Views
Last post February 20, 2013, 07:24:25 PM
by Nick
0 Replies
2267 Views
Last post April 04, 2013, 04:25:33 PM
by Nick
0 Replies
1521 Views
Last post June 10, 2013, 02:05:57 PM
by Nick
0 Replies
1554 Views
Last post August 09, 2013, 02:11:30 AM
by Nick
0 Replies
1556 Views
Last post September 12, 2013, 09:01:36 PM
by Nick
0 Replies
1510 Views
Last post March 23, 2016, 02:06:17 PM
by Nick