Ensure the Built-In Guest Account Is Disabled and Renamed
The built-in Windows Guest account provides unauthenticated local access and is a common target for attackers as a foothold — verify it is disabled on every server.
An attacker who can reach a server with the Guest account enabled can log in without any credentials and gain a foothold on the system. From there, they can exploit local privilege escalation vulnerabilities to gain administrator access.
The built-in Windows Guest account is intended for temporary access without a password. If enabled, it provides local logon access without any credentials. Even if password policies are enforced, the Guest account is exempt from password requirements by default. On servers, the Guest account is a well-known attack target for initial foothold or privilege escalation.
Probably yes if any of these apply:
Affected OS versions
The Guest account is frequently found enabled on servers that were deployed without hardening baselines and never audited. During penetration tests, enabled Guest accounts are trivially exploited as an initial foothold on the network.
Manual remediation steps
⏱ 5 minutesCheck Guest Account Status
$guest = Get-LocalUser -Name 'Guest' -ErrorAction SilentlyContinue
if ($guest) {
if ($guest.Enabled) {
Write-Host "VULNERABLE: Guest account is enabled" -ForegroundColor Red
} else {
Write-Host "SECURE: Guest account is disabled" -ForegroundColor Green
}
} else {
# Guest may have been renamed
Write-Host "INFO: No account named 'Guest' found — may have been renamed" -ForegroundColor Yellow
}
Disable the Guest Account
Disable-LocalUser -Name 'Guest' -ErrorAction SilentlyContinue
Rename the Guest Account (Recommended)
Rename-LocalUser -Name 'Guest' -NewName 'LocalGuest_Disabled'
Verification
Get-LocalUser | Where-Object { $_.Name -like '*guest*' -or $_.SID -like '*-501' } |
Select-Object Name, Enabled, SID
# Enabled must be False
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.