If you’re wanting to ensure the local guest account on a Windows computer remains disabled, the easiest way to disable the local guest account is by using a group policy object in your active directory environment. By default, the guest account is disabled. However, anyone with local administrator rights can enable the guest account to allow access to the computer using the guest account. This will allow you to disable local guest
To disable the local guest account using group policy, first logon to a domain controller or a computer with RSAT installed. Next, navigate to our Group Policy Management inside of Administrative Tools. In the policy, navigate to
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. Next, right click on the policy titled Accounts: Guest account status.
Once inside Disable the policy then select Apply and OK. Last apply the policy to the policy to the desired organizational unit.
Last, we can verify that setting has
Local Users and Groups > it will list the guest account. If applied correctly, the Guest account will have a down arrow over the
For testing purposes consider enabling the guest account on the computer and running
gpupdate /force . Refresh the list of users in
Compter Management > Local Groups and Users > Users and see if the guest account has been disabled.
To apply the new setting to the computer, restart the machine or run
. To further verify that the policy is being applied, run