Reader to Reader
Rename Win2K Guest Account
To improve security, my organization usually renames the Windows 2000 Guest account. We run compmgmt.msc and change the Guest account name under System Tools/Local Users and Groups/Users.
I recently found the System Access switch in the Windows Security template file when I edited a security template. If you want to rename only the Guest account, you can use a standard text editor to create the file that Listing 1 shows. You can change "GuestName" in this file, then use the built-in Windows Secedit command to apply the change. For example, go to a command prompt and enter
secedit /configure /db c:\winnt\rename.sdb /cfg rename.inf /log c:\rename.log /quiet
To check your work, go to the command line and enter
You'll see that the Guest account's name has changed.
You can use the same method to rename the Administrator account. Simply use NewAdminName instead of NewGuestName in the file rename.inf.
Attackers can still connect anonymously and determine the Guest and Administrator accounts' known SIDs to find the renamed accounts. To prevent attacks, you must enable the Additional Restrictions for Anonymous Connections option under Security Options in a Group Policy Object (GPO).39990