Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Best Practices for Creating a Secure Guest Account


20 Oct 2010   #1

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 
Best Practices for Creating a Secure Guest Account

Best Practices for Creating a Secure Guest Account



In some environments, you might need to set up a Guest account that can be used by visitors. Most of the time, you’ll want to configure the Guest account on a specific computer or computers and carefully control how the account can be used. Here are some best practices to follow when creating a secure Guest account:

Enable the Guest account for use
By default, the Guest account is disabled, so you must enable it to make it available. To do this, access Local Users And Groups in Computer Management, select the Users folder, double-click Guest, and then clear the Account Is Disabled check box. Click OK.

Set a secure password for the Guest account
By default, the Guest account has a blank password. To improve security on the computer, you should set a password for the account. In Local Users And Groups, right-click Guest, and then select Set Password. Click Proceed at the warning prompt. Type the new password and then confirm it. Click OK twice.

Ensure that the Guest account cannot be used over the network
The Guest account shouldn’t be accessible from other computers. If it is, users at another computer could log on over the network as a guest. To prevent this, start the Local Security Policy tool from the Administrative Tools menu, or type secpol.msc at the command prompt. Then, under Local Policies\User Rights Assignment, check that the Deny Access To This Computer From The Network policy lists Guest as a restricted account.

Prevent the Guest account from shutting down the computer
When a computer is shutting down or starting up, it is possible that a guest user (or anyone with local access) could gain unauthorized access to the computer. To help deter this, you should be sure that the Guest account doesn’t have the Shut Down The System user right. In the Local Security Policy tool, expand Local Policies\User Rights Assignment and ensure that the Shut Down The System policy doesn’t list the Guest account.

Prevent the Guest account from viewing event logs
To help maintain the security of the system, the Guest account shouldn’t be allowed to view the event logs. To be sure this is the case, start Registry Editor by typing regedit at a command prompt, and then access the HKLM\SYSTEM\Cur-rentControlSet\services\Eventlog key. Here, among others, you’ll find three important subkeys: Application, Security, and System. Make sure each of these subkeys has a DWORD value named RestrictGuestAccess with a value of 1.



Source: Best Practices for Creating a Secure Guest Account


My System SpecsSystem Spec
.

20 Oct 2010   #2

Windows 7 Ultimate 32 bit
 
 

Very well done, Shyam. I shall implement this. Thank you.
My System SpecsSystem Spec
20 Oct 2010   #3

Windows 7 Ultimate x64, Mint 9
 
 

Awesome tutorial, thanks!

Would rep, but cant.

~Lordbob
My System SpecsSystem Spec
.


20 Oct 2010   #4

Windows 7 Ultimate x64 x2 + x86 + Windows 8.1 x64 x2
 
 

In addition to the above also check what options are available in other applications - for example MSE has an option to allow all users access to logs and information, make sure this is disabled. Other applications may have similar options

You can also secure sensitive data more securely by removing the everyone group from the folder permissions completely and adding in only your specific users plus system and the administrators group
My System SpecsSystem Spec
20 Oct 2010   #5

Microsoft Community Contributor Award Recipient

Windows 7 Pro 64 SP1
 
 

Excellent Capt., Thanks!
My System SpecsSystem Spec
20 Oct 2010   #6
Microsoft MVP

W 7 64-bit Ultimate
 
 

Well done Shyam!
My System SpecsSystem Spec
20 Oct 2010   #7

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 

Thanks
My System SpecsSystem Spec
20 Oct 2010   #8

MS Windows 7 Ultimate SP1 64-bit
 
 

and where is the disabling of Win R key combo?

Where is the disabling of running regedit?

Personally, I think that article only scratches the surface. They should turn the computer over to a 12yr old and watch him beat the system.
My System SpecsSystem Spec
20 Oct 2010   #9

Windows 7 Ultimate 32 bit
 
 

Quote   Quote: Originally Posted by karlsnooks View Post
and where is the disabling of Win R key combo?

Where is the disabling of running regedit?

Personally, I think that article only scratches the surface. They should turn the computer over to a 12yr old and watch him beat the system.
I have not played with the guest account; but wouldn't UAC block regedit? I'm asking. not arguing.
My System SpecsSystem Spec
20 Oct 2010   #10

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 

Yup .. With UAC turned on most of admin task will be disabled.
My System SpecsSystem Spec
Reply

 Best Practices for Creating a Secure Guest Account




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:23 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33