How secure is the 'Guest' account in XP Pro SP3?
On my system, I have the built-in Administrator account (which is password-protected) and two other accounts, which were created as limited users. I used the lusrmgr.msc snap-in to lower their privileges from "Users" to "Guests".
How much additional security, if any, does that provide? Can that cause any problems?
If I need to install any software or run an app that needs admin rights, I use the right-click "Run As..." option and run it under the Administrator account credentials.
Each user browses the web via the most current version of Firefox, and all Windows Updates have been applied. Any downloaded files are scanned by the most up-to-date version of AVG Anti-Virus.
It has been the general consensus that a Windows machine using the guest account is as secure as a Linux computer that also happens to be using the guest account. The "Windows" and "My Programs" folders and the registry are write protected and the computer cannot become infected with malware. If Microsoft had made the limited user account default then we would live in a whole different world right now !
said by Matunga3 :False. The Windows "guest account" should be secured. See below.
It has been the general consensus that a Windows machine using the guest account is as secure as a Linux computer that also happens to be using the guest account.
There is no "guest account" in Linux. Every user may have an individual user account established with restricted privilege controls.
Link to support "general consensus" statement?
Windows Guest Account Best Practices
Q: Whats the reason for the existence of the Windows Guest account? And, more important, how can I secure it?
A: The Guest account is a low-privilege Windows account that exists on every Windows system. It's available to users that dont have an account defined and need occasional access to a Windows system. Users logging on using the Guest account can access local data and applications but can't install software or hardware. By default, the Guest account is disabled and isn't password-protected. It also has the User cannot change password and Password never expires account properties set.
You must secure the guest account. Even though it has a limited set of privileges, malicious anonymous users can use it to access system resources. Here is some advice on how to secure the guest account:
· Disable the guest account if you dont use it. The guest account is disabled by default, but it might be worthwhile to double-check this. When you enable the Guest account occasionally, make sure that you disable it when it's not being used.Password Protect The Guest Account: This security measure is discussed in Microsoft Windows Security 101. However, it is not an easy or intuitive task in Windows XP Home. If you open the Control Panel and select User Accounts you will see a list of the users that are able to log on to the system. Selecting your own user account you will see an option that says "Assign Password" or, if a password is already assigned, "Change My Password". However, if you select the Guest account your options are limited to "Turn On The Guest Account" or "Turn Off The Guest Account" as the case may be.
· Password-protect the guest account. Windows Server 2003 and Windows XP include important restrictions to limit what anonymous users can do on a Windows system, so it also makes sense to password-protect the Guest account.
Windows XP Home uses the Guest account as an integral part of network file and folder sharing. Using Simple File Sharing, when you share out a file or folder it is accessible to anyone who can "see" your computer. If you don't have other security measures in place such as a firewall that means that users on the public Internet may be able to connect to your share using the Guest account.
Even if you select "Turn Off The Guest Account" it will only be turned off in terms of its ability to log on directly to Windows. In the background, the account will still be functional because Windows XP Home uses the Guest account to authenticate users connecting remotely to shared resources on that machine. It is virtually impossible to truly disable the Guest account and doing so would cause a number of problems on a Windows XP Home computer.
So, in order to protect your system and ensure that not just anybody can connect to your file or folder shares- even when using Simple File Sharing- you need to assign a password to the Guest account. Because Windows XP Home offers no "easy" point and click solution to help you, you will have to use the command prompt. Click on Start, then All Programs, then Accessories and finally select Command Prompt. Once you have the black command prompt window open you will type the following:
net user guest <password>
You will of course replace the brackets and the word "password" with the password you wish to · assign. Refer to the Password Security article for tips on choosing a good password.
Disabling the Guest Account in Windows XP, Vista
not in ohio
>There is no "guest account" in Linux.
"The Guest account" is the functional equivalent of anonymous login for ftp. It primarily exists for anonymous SMB access (aka "simple file sharing").
However, this posting is not about the Guest account, regardless of the OP's title. The OP has created a couple of accounts, and made them members of the group Guests rather than members of the group Users. That makes them Guests, not Guest.
This is a convenient way to give them less access; system objects are conventionally tagged with ACLs that give the Guests group less access than the Users group. And, as noted, members of Guests typically have even fewer privileges.
"How secure" is it?
More secure than giving them regular accounts. Less secure than giving them no accounts.
BlackbirdBuilt for SpeedPremiumReviews:
Fort Wayne, IN
|reply to SUMware |
said by SUMware: Thanks, SUMware , for the tip, which has now been put successfully in place! It's yet another of those many security areas where one almost needs to know the answer in order to ask the right question... or that the issue even exists.
... So, in order to protect your system and ensure that not just anybody can connect to your file or folder shares- even when using Simple File Sharing- you need to assign a password to the Guest account. Because Windows XP Home offers no "easy" point and click solution to help you, you will have to use the command prompt. ...
If God wanted us to work with electrons, He'd make them big enough to see...