Results 1 to 5 of 5

Thread: Guest Account Question

  1. February 24th, 2004, 06:08 PM #1
    SDK
    SDK is offline
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Guest Account Question

    In the last 2 days, I been connecting by the Computer Management console to every single Nt/2000/Xp computer in my domain. I rename the local administrator account and change it password. I also rename the guest account and I had a very strong password. I was so suggest to create an account with guest as username with a very strong password and to disable it after.

    So basically, I had a NT guest account disable and now, I have a guest account rename with very a strong password and a new account with the username "Guest" with a very strong password.

    Why does having a new account with the username "Guest" with a very strong password help when you allready rename it? Auditing who try to log with it that account?
    -Simon \"SDK\"
    Reply With Quote Reply With Quote
  2. February 24th, 2004, 06:43 PM #2
    mohaughn
    mohaughn is offline
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Changing the name of the account just makes it so that somebody cannot have the account name to bruteforce. You do know that you can change both the administrative and guest account names through GPO? This way you don't have to log into each machine. I would also suggest just disabling the guest account and not worrying about a strong password.

    I would never recommend that you have an account called guest or administrator on the machine if you are concerned about security.
    Reply With Quote Reply With Quote
  3. February 24th, 2004, 06:52 PM #3
    nihil
    nihil is offline
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi,

    The idea, as I understand it, is that you will see attempts to connect to this "default" guest account without incurring the security risk normally associated with leaving the Microsoft default in place. The "guest" account that you renamed can still be used for that purpose?

    Cheers
    Reply With Quote Reply With Quote
  4. February 24th, 2004, 07:08 PM #4
    mohaughn
    mohaughn is offline
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    You will see failed login attempts for an account that doesn't exist anyways.

    I would expect to see an event ID 529 or 681 with the following error code:

    3221225572 C0000064 User logon with misspelled or bad user account


    So if there is no guest account on the system, and somebody is trying to login as guest, that will generate an error that you can correlate to somebody trying to bruteforce. If you see enough of the events.


    Description of security log event IDs----

    http://support.microsoft.com/default...roduct=win2000

    http://support.microsoft.com/default...b;EN-US;301677

    681 error codes-
    http://support.microsoft.com/default...roduct=win2000
    Reply With Quote Reply With Quote
  5. February 26th, 2004, 10:19 PM #5
    SDK
    SDK is offline
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    My domain is still on NT 4.0 for now. That why I had to use Computer Management console to connect to each computer. But good info, thank.
    -Simon \"SDK\"
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules