Best Practices for Creating a Secure Guest Account

Page 1 of 2 12 LastLast

  1. Posts : 4,772
    Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
       #1

    Best Practices for Creating a Secure Guest Account


    Best Practices for Creating a Secure Guest Account



    In some environments, you might need to set up a Guest account that can be used by visitors. Most of the time, you’ll want to configure the Guest account on a specific computer or computers and carefully control how the account can be used. Here are some best practices to follow when creating a secure Guest account:

    Enable the Guest account for use
    By default, the Guest account is disabled, so you must enable it to make it available. To do this, access Local Users And Groups in Computer Management, select the Users folder, double-click Guest, and then clear the Account Is Disabled check box. Click OK.

    Set a secure password for the Guest account
    By default, the Guest account has a blank password. To improve security on the computer, you should set a password for the account. In Local Users And Groups, right-click Guest, and then select Set Password. Click Proceed at the warning prompt. Type the new password and then confirm it. Click OK twice.

    Ensure that the Guest account cannot be used over the network
    The Guest account shouldn’t be accessible from other computers. If it is, users at another computer could log on over the network as a guest. To prevent this, start the Local Security Policy tool from the Administrative Tools menu, or type secpol.msc at the command prompt. Then, under Local Policies\User Rights Assignment, check that the Deny Access To This Computer From The Network policy lists Guest as a restricted account.

    Prevent the Guest account from shutting down the computer
    When a computer is shutting down or starting up, it is possible that a guest user (or anyone with local access) could gain unauthorized access to the computer. To help deter this, you should be sure that the Guest account doesn’t have the Shut Down The System user right. In the Local Security Policy tool, expand Local Policies\User Rights Assignment and ensure that the Shut Down The System policy doesn’t list the Guest account.

    Prevent the Guest account from viewing event logs
    To help maintain the security of the system, the Guest account shouldn’t be allowed to view the event logs. To be sure this is the case, start Registry Editor by typing regedit at a command prompt, and then access the HKLM\SYSTEM\Cur-rentControlSet\services\Eventlog key. Here, among others, you’ll find three important subkeys: Application, Security, and System. Make sure each of these subkeys has a DWORD value named RestrictGuestAccess with a value of 1.



    Source: Best Practices for Creating a Secure Guest Account
      My Computer


  2. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #2

    Very well done, Shyam. I shall implement this. Thank you.
      My Computer


  3. Posts : 6,885
    Windows 7 Ultimate x64, Mint 9
       #3

    Awesome tutorial, thanks!

    Would rep, but cant.

    ~Lordbob
      My Computer


  4. Posts : 31,242
    Windows 11 Pro x64 [Latest Release and Release Preview]
       #4

    In addition to the above also check what options are available in other applications - for example MSE has an option to allow all users access to logs and information, make sure this is disabled. Other applications may have similar options

    You can also secure sensitive data more securely by removing the everyone group from the folder permissions completely and adding in only your specific users plus system and the administrators group
      My Computers


  5. Posts : 17,322
    Win 10 Pro x64
       #5

    Excellent Capt., Thanks!
      My Computer


  6. Posts : 22,814
    W 7 64-bit Ultimate
       #6

    Well done Shyam!
      My Computer


  7. Posts : 4,772
    Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
    Thread Starter
       #7

    Thanks :)
      My Computer


  8. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #8

    and where is the disabling of Win R key combo?

    Where is the disabling of running regedit?

    Personally, I think that article only scratches the surface. They should turn the computer over to a 12yr old and watch him beat the system.
      My Computer


  9. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #9

    karlsnooks said:
    and where is the disabling of Win R key combo?

    Where is the disabling of running regedit?

    Personally, I think that article only scratches the surface. They should turn the computer over to a 12yr old and watch him beat the system.
    I have not played with the guest account; but wouldn't UAC block regedit? I'm asking. not arguing.
      My Computer


  10. Posts : 4,772
    Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
    Thread Starter
       #10

    Yup .. With UAC turned on most of admin task will be disabled.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:45.
Find Us