Disabling the guest account

What is the Guest account in Windows?

Windows guest account is a special user account designed to provide users with limited rights to the computer. It allows basic use, such as running programs and browsing the internet, but prevents system-wide changes, such as installing programs, changing settings, and accessing other users' files.

Although a guest account can be useful for temporary users or in public computers, it poses security risks that can expose the system to attacks.

How to Disable a Guest Account in Windows?

From PowerShell

Windows 10 and newer versions do not by default include an active guest account in the same way as earlier versions, but if the account is activated or you want to ensure that it cannot be used, you can follow these instructions.

• Open PowerShell with administrative privileges (Run as... Administrator)
• Check if the Guest account is enabled using the Get-LocalUser cmdlet.
• If enabled, disable it with the Disable-Localuser cmdlet.

PS C:\Windows\system32> Get-LocalUser Guest

Name Enabled Description
---- ------- -----------
Guest True Built-in account for guest access to the computer/domain


PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32> Disable-LocalUser Guest
PS C:\Windows\system32> Get-LocalUser Guest

Name Enabled Description
---- ------- -----------
Guest False Built-in account for guest access to the computer/domain

Group Policy

You can, and should, make the change centrally with a group policy. The path is Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Accounts: Guest account status

Tasks

Disable guest account

You can do it either with group policy or directly locally with PowerShell. When the account is disabled, run Check.ps1 and enter flag 7.