The Guest Account and Everyone Group
Evaluate the need for the Guest account. Most administrators agree that it should be disabled, although removing it remove the ability of anonymous users to access a system. In some organizations, the Guest account is very useful. For example, people who don't normally work with computers might need to occasionally access a system to obtain some information. Factory floor workers might want to look up pension plan information on a kiosk system in the break room. This is a good use for the Guest account. However, consider creating a separate domain for these public services where the Guest account is enabled. Alternatively, use a Web server for this type of system.
Note the following:
Users who log on as guests can access any shared folder that the Everyone group has access to (i.e., if the Everyone group has Read permissions to the Private folder, guests can access it with Read permissions).
You don't know who Guest users are and there is no accountability because all guests log in to the same account.
Always disable the Guest account on networks that are connected to untrusted networks such as the Internet. It provides too many opportunities for break-ins.
NOTE: If you have Microsoft Internet Information Server software installed, a special Guest account called IUSR_computername exists with the rights to log on locally. Remove this account if you don't want the general public to access your Web server. Users must then have an account to access the Web server.
Internet FAQ top