Guest Account Question
Results 1 to 5 of 5

Thread: Guest Account Question

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Guest Account Question

    In the last 2 days, I been connecting by the Computer Management console to every single Nt/2000/Xp computer in my domain. I rename the local administrator account and change it password. I also rename the guest account and I had a very strong password. I was so suggest to create an account with guest as username with a very strong password and to disable it after.

    So basically, I had a NT guest account disable and now, I have a guest account rename with very a strong password and a new account with the username "Guest" with a very strong password.

    Why does having a new account with the username "Guest" with a very strong password help when you allready rename it? Auditing who try to log with it that account?
    -Simon \"SDK\"

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Changing the name of the account just makes it so that somebody cannot have the account name to bruteforce. You do know that you can change both the administrative and guest account names through GPO? This way you don't have to log into each machine. I would also suggest just disabling the guest account and not worrying about a strong password.

    I would never recommend that you have an account called guest or administrator on the machine if you are concerned about security.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    The idea, as I understand it, is that you will see attempts to connect to this "default" guest account without incurring the security risk normally associated with leaving the Microsoft default in place. The "guest" account that you renamed can still be used for that purpose?

    Cheers

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    You will see failed login attempts for an account that doesn't exist anyways.

    I would expect to see an event ID 529 or 681 with the following error code:

    3221225572 C0000064 User logon with misspelled or bad user account


    So if there is no guest account on the system, and somebody is trying to login as guest, that will generate an error that you can correlate to somebody trying to bruteforce. If you see enough of the events.


    Description of security log event IDs----

    http://support.microsoft.com/default...roduct=win2000

    http://support.microsoft.com/default...b;EN-US;301677

    681 error codes-
    http://support.microsoft.com/default...roduct=win2000

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    My domain is still on NT 4.0 for now. That why I had to use Computer Management console to connect to each computer. But good info, thank.
    -Simon \"SDK\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •