Check or Attack Name: Interactive Guest Logon

The Guest account is allowed to log on from the console. The console user may modify many sensitive settings in the registry, and it is best to prohibit the Guest account from logging in locally. By default, Windows NT 4.0 comes with the guest account disabled, so many administrators may find it sufficient to leave the account disabled.

Prevent the Everyone group from logging in locally:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select User Rights to display the User Rights Policy dialog box.
3. From the Right list, select Log on locally.
4. Remove Everyone from the name list, and add any users who should be allowed to log in locally.