Guest Account

Check Description

This check determines whether the built-in Guest account is enabled on the scanned computer.

The Guest account is a built-in account used to log on to a computer running Microsoft® Windows® Server 2003, Windows XP, Windows 2000, or Windows NT®, when a user does not have an account on the computer or domain, or in any of the domains trusted by the computer's domain. Computers running Windows XP map incoming user connections from across a network to the local Guest account (ForceGuest) when simple file sharing is enabled. This feature is configured under the ForceGuest registry setting. If the Guest account is enabled on computers running Windows NT, Windows 2000, Windows Server 2003, or Windows XP (not using simple file sharing; ForceGuest registry setting is disabled), it will be flagged in the security report as a vulnerability. If the Guest account is enabled on computers running Windows XP that use simple file sharing (ForceGuest registry setting is enabled), it will not be flagged as a vulnerability.

Note

• The Guest account is disabled by default in Windows XP Home Edition. However, only the guest's ability to log on locally is affected. The account itself is not disabled for incoming user connections from across the network and can still be used with simple file sharing.

Additional Information

Description of File Sharing and Permissions in Windows XP

What's New in Security for Windows XP Professional and Windows XP Home Edition

Users overview

How to Set Security in Windows XP Professional That Is Installed in a Workgroup

©2002-2004 Microsoft Corporation. All rights reserved.