Group Policy : Disable Guest Account

If you’re wanting to ensure the local guest account on a Windows computer remains disabled, the easiest way to disable the local guest account is by using a group policy object in your active directory environment. By default, the guest account is disabled. However, anyone with local administrator rights can enable the guest account to allow access to the computer using the guest account. This will allow you to disable local guest account and keep it disabled on several computers in just a few clicks.

To disable the local guest account using group policy, first logon to a domain controller or a computer with RSAT installed. Next, navigate to our Group Policy Management inside of Administrative Tools. In the policy, navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. Next, right click on the policy titled Accounts: Guest account status.


Once inside Disable the policy then select Apply and OK. Last apply the policy to the policy to the desired organizational unit.


Last, we can verify that setting has been applied by going into Computer Management under Administrative Tools. Under Local Users and Groups > Users it will list the guest account. If applied correctly, the Guest account will have a down arrow over the icon, signifying that the account is disabled.


For testing purposes consider enabling the guest account on the computer and running gpupdate /force . Refresh the list of users in Compter Management > Local Groups and Users > Users and see if the guest account has been disabled. 

To apply the new setting to the computer, restart the machine or run gpupdate /force. To further verify that the policy is being applied, run gpresult /r