Friday, April 19, 2013

How to create a secure Guest Account

If you’re going to create a Guest account and have some ideas to restrict the account in certain parameters, this article will be very useful for you. Moreover, you can configure the Guest account on a specific Computer or Computers and can control how the account should be used. Follow the following practices when you create a secure Guest account.

Enable the Guest account for use:
It is required to enable the Guest account manually to make it available as by default it is disabled. If you want to enable it, just access the Local Users and Groups in Computer Management, and then select the Users folder, double click on Guest and then clear the Account is Disabled check box. Then, click OK.

Set a secure password for the Guest account:
After creating the Account, it is required to set a secured password. By default, the Guest account is assigned a blank password. Therefore, you can manually set a password on the Computer to improve the security. In Local Users and Groups, right click on Guest and then select Set Password. Now, click Proceed at the warning prompt. Then, type the new Password and then confirm it again. Click on the OK option twice.

Ensure that the Guest account cannot be used over the network:

If the Guest Account is not accessible from other Computer, users on another Computer can log on over the Network as a guest. If you want to prevent it, just start the Local Security Policy tool from the Administrative Tools menu. Instead, you may type secpol.msc at the Command Prompt.  Then, under Local Policies\User Rights Assignment, it is required to check that the Deny Access To This Computer From The Network Policy lists Guest as a restricted account.

Prevent the Guest account from shutting down the computer:
If a Computer is shutting down or starting up, it is possible that a Guest User could gain unauthorized access to the Computer. If you want to turn OFF this, you have to make sure that the Guest Account doesn’t have the Shut Down The System user right. Therefore, open the Local Security Policy Tool, expand the Local Policies\User Rights Assignment and ensure that the Shut Down The System Policy doesn’t list the Guest Account.

Prevent the Guest account from viewing event logs:

At the same time, if you want to help maintain the Security of the System, the Guest account shouldn’t be allowed to view the event logs. If you want to make sure about this, open the Registry Editor by typing “regedit” at the Command Prompt and then navigate to the HKLM\SYSTEM\Cur-rentControlSet\services\Eventlog key.
Now, you can find three important subkeys: Application, Security and System. Moreover, it is required to confirm each of these Subkeys has a DWORD value named RestricGuestAccess with a value of 1.