Guest account in 2k

Zucarita9000

Golden Member
Aug 24, 2001
1,590
0
0
Why is it disabled by default? I find it very useful to browse 2k machines without having to either tell people my password or add user accounts for each machine. Is there any security considerations I should be aware of?
 

techwanabe

Diamond Member
May 24, 2000
3,145
0
0
It used to be enabled by default in Win NT. So many sysadmins had to go in and disable it for security purposes in organizations that MS changed the default to disabled in Win 2k, according to my instructor.

I think the idea was that if people did do something about it purposefully, then someone could log into a workstation with the guest account, assuming the password is blank by default. Regardless, either you would have to disable the Guest account or change the password... if it is disabled by default, you don't have to "remember" to do anything. The possible loophole is closed "out of the box".
 

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
Originally posted by: Zucarita9000
Is there any security considerations I should be aware of?
Yes, if it's enabled anyone will be able to use it. Granted they wont have much rights but they would still be able to use it.

If this is your home machine than it isnt a big concern that you enable the guest account. Here we make sure it's disabled so that the only way someone could use the machines here is to have a network account, and of course to have a network account they have to sign our usage policy.

-Spy
 

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Originally posted by: Zucarita9000
Why is it disabled by default? I find it very useful to browse 2k machines without having to either tell people my password or add user accounts for each machine. Is there any security considerations I should be aware of?

With the account enabled it can be used to provide some recon of the machine (information that otherwise wouldn't be obtainable without any account), as such it's off by default. If your in a secure environment (read: behind a firewall and trust those other machines (further read: not on a college dorm network ;)) you can turn it back on.

Bill
 

Zucarita9000

Golden Member
Aug 24, 2001
1,590
0
0
If this is your home machine than it isnt a big concern

Yeah, it's my home lan. I only want the other boxes to have access to my shares (my printer, zip drive and so on.) I don't have to worry a lot about security, but I would probably set it a password, to be sure.

Thanks a lot.

 

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
than I would just make sure you are behind a firewall and enable it. The only way someone could make use of it would be if they were connected to your network so there isnt much harm of that on your home network (if you are hardware firewalled off).

-Spy
 

Zucarita9000

Golden Member
Aug 24, 2001
1,590
0
0
Originally posted by: spyordie007
than I would just make sure you are behind a firewall and enable it. The only way someone could make use of it would be if they were connected to your network so there isnt much harm of that on your home network (if you are hardware firewalled off).

-Spy

Well, I'm on DSL with a NAT firewall, is that enough?

 

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
Originally posted by: Zucarita9000
Originally posted by: spyordie007
than I would just make sure you are behind a firewall and enable it. The only way someone could make use of it would be if they were connected to your network so there isnt much harm of that on your home network (if you are hardware firewalled off).

-Spy

Well, I'm on DSL with a NAT firewall, is that enough?
Should be, the only way someone could make use of the guest account with a setup such as that would be a connection to the inside of your network (ie they plug something into your hub/switch.

I wouldnt worry about it.

-Spy