Rename Win2K Guest Account


Reader to Reader

Rename Win2K Guest Account

To improve security, my organization usually renames the Windows 2000 Guest account. We run compmgmt.msc and change the Guest account name under System Tools/Local Users and Groups/Users.

I recently found the System Access switch in the Windows Security template file when I edited a security template. If you want to rename only the Guest account, you can use a standard text editor to create the file that Listing 1 shows. You can change "GuestName" in this file, then use the built-in Windows Secedit command to apply the change. For example, go to a command prompt and enter


secedit /configure /db c:\winnt\rename.sdb /cfg rename.inf /log c:\rename.log /quiet


To check your work, go to the command line and enter

net user

You'll see that the Guest account's name has changed.

You can use the same method to rename the Administrator account. Simply use NewAdminName instead of NewGuestName in the file rename.inf.

Attackers can still connect anonymously and determine the Guest and Administrator accounts' known SIDs to find the renamed accounts. To prevent attacks, you must enable the Additional Restrictions for Anonymous Connections option under Security Options in a Group Policy Object (GPO).39990

—Fu Zheng

[email protected]

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.