guest account and its mitigation

  • Thread starter Thread starter Doug Fox
  • Start date Start date
D

Doug Fox

What can I do to migitate the risk having a guest account enabled on a
member server? Any pointers are appreciated.

Thanks,
 
Do you mean intentionally enabled for the use of it or in case it does become enabled
when it is not supposed to? --- Steve
 
Some OS/2-based and DOS-based applications require the guest account on a
member server, not on the domain.
 
Hi Doug.

I am not sure how those accounts require access, but a couple of things you could do.
You could add the guest account to deny local logon and/or deny access this computer
from the network in Local Security Policy depending on which one does not interfere
with the applications. The other thing is to remove everyone/user from folders where
you do not want guest account to access and replace it with authenticated users which
does not include the guest account or giving the guest account specific deny
permissions. I do not recommend changing any permissions on the \winnt folder or
subfolders themselves, but it is OK to lock down specific executables like the IIS
Lockdown tool does. Be sure to back up before making changes just in case. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can runas be used in the guest account? 0
Second try: Guest account and power profile question 3
Guest account and power profile question 3
guest account 1
Guest account: how enable network access 5
A "secure" Guest account for ISA server 5
Telnet logon as guest 1
Guest account - internet access 3

Back
Top