How do I create a secure Guest Account in Windows 7?

In certain situations, you may want to allow guest users access to a PC. Take the proper steps to ensure that the guest access you grant is secure.

In certain environments and situations, you may want to grant guest-user access to a workstation running Microsoft Windows 7. Best practices dictate that such access be as secure as possible. Here are several steps you can, and should, take before giving access to a guest user in Windows 7.

This blog post is also available as a TechRepublic download and a TechRepublic Photo Gallery.

Note: This tip applies to Windows 7 Professional and Ultimate only. It does not apply to Windows 7 Home Premium.

Secure Guest Account

The first step is to enable guest accounts, which is disabled by default. Type computer into the Start Menu search box, as shown in Figure A, and then click on the Computer Management item in the results.

Figure A

Find the guest account setting.
Navigate the left tree hierarchy to the Users Folder under Local Users and Groups (Figure B). Double-click the Guest entry.

Figure B

Enable guest accounts.
On the next configuration screen (Figure C), uncheck the Account Is Disabled box to enable guest accounts.

Figure C

Uncheck to enable.

Set password

By default, the guest account password is blank, but that is an unnecessary security risk, so you should establish a password. Right-click the Guest entry in the Computer Management console and click the Set Password entry (Figure D). The ensuing warnings are not a concern if you just enabled the guest account.

Figure D

Set the guest account password.

No network access

Another potential security problem occurs if the guest account is accessible by other users across the network. To prevent this, type local security into the Start Menu search box and then click the Local Security Policy entry, as shown in Figure E.

Figure E

Modify the Local Security Policy.
Navigate to the Local Policies | User Rights Assignments entry. Scroll down the list of policies until you find Deny Access to This Computer from the Network. Guest should be one of the denied accounts listed. If it isn't, add it (Figure F).

Figure F

Deny access.

Prevent shutdown

Another potential security vulnerability occurs during the PC shutdown process. You should deny the guest account the ability to shut down a PC. Go back to the Local Security Policy consoled as you did before, navigate to Local Policies | User Rights Assignments, and look for the entry Shut Down the System (Figure G). Double-click the entry to make sure the Guest account is not in the list (Figure H).

Figure G

Verify the Shut Down the System entry.

Figure H

Guest is not on the list.

Event logs

One last security concern is the Event logs. You don't want a guest account to have access to that information. The most efficient way to manage these settings is with a Registry edit.

Warning: Editing the Windows Registry should be done with caution; we recommend that you have a verified backup of the file ready in case of a catastrophic failure.

Type regedit into the Start Menu Search box and then click the regedit.exe entry. Navigate down the keys until you reach this entry:


Under this key are three important sub-keys: Application, Security, and System (Figure I). There should be a key under each section: Restrict Guest Access. And each of those keys should have a corresponding DWORD of "1" that enables this restriction.

Figure I

DWORD should be 1.

Bottom line

Guest accounts are sometimes necessary, but they should never be implemented without some configuration for additional security. Have you checked the security settings for all your guest accounts lately?

Thanks to TechNet for the topic idea.

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

By Mark Kaelin

Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to,, and TechRepublic.