The built-in guest account will be renamed.

From Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide

Part of Rename Built-in Guest Account

Associated with IA controls: IAAC-1

SV-32292r1_rule The built-in guest account will be renamed.

Vulnerability discussion

A system faces an increased vulnerability threat if the built-in guest account is not renamed or disabled. The built-in guest account is a known user account on all Windows systems, and as initially installed, does not require a password. This can allow access to system resources by unauthorized users. This account is a member of the group Everyone and has all the rights and permissions associated with that group and could provide access to system resources to unauthorized users.

Check content

Fix text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Accounts: Rename guest account” to a value other than “Guest”.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer