STIG V-278195 | Windows Server 2025 must have the bui...

Microsoft Windows Server 2025

Windows Server 2025 must have the built-in guest account disabled

STIG ID: WN25-SO-000010 | SRG: SRG-OS-000121-GPOS-00062 | Severity: Medium | CCI: CCI-000804 | Vulnerability ID: V-278195

Description

A system faces an increased vulnerability threat if the built-in guest account is not disabled. This is a known account that exists on all Windows systems and cannot be deleted. This account is initialized during the installation of the operating system with no password assigned.

Check

C-82725r1181289_chk

Verify the effective setting in Local Group Policy Editor.

Run gpedit.msc.

Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options.

If the value for "Accounts: Guest account status" is not set to "Disabled", this is a finding.

For server core installations, run the following command:

Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt

If "EnableGuestAccount" equals "1" in the file, this is a finding.

Fix

F-82630r1181290_fix

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Accounts: Guest account status to "Disabled".