Well, if their assertion that the presence of the Guest account is necessary to the proper functioning of shares I'd say it might be more deleterious to security to disable the account. Since they don't specify exactly what they mean when they talk about malfunctioning shares I guess we don't really know whether that could constitute a security issue. It obviously can constitute a threat to the proper operation of the OS, though.
They're not saying that the account has to be active or "on", after all. By default it's not. Assuming that the account name is changed, and that it's prohibited from both local and remote logon, I'm not sure it would matter so much even if a would-be interloper could figure out a way to turn it on. After all, if you had to go through that much trouble to access that account, wouldn't you shoot for an account with better access? The danger of Guest accounts has always been that sysadmins overlooked the Guest account thinking that it was too "weak" to be a danger. If they didn't rename the account and also allowed local and / or remote login it was a toe-in-the-door for would-be invaders.
Sounds almost as though they're saying that this account behaves as a sort of policy template for the system, doesn't it?
- Collin
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)
Discussion Intel current and future Lakes & Rapids thread
Facebook
Twitter