Accounts: Local Guest account should be disabled

538d811a-0a0a-4336-8294-63bc2c092ebb

The default Guest account allows unauthenticated network users to log on as a Guest with no password. These unauthorized users could access any resources that are accessible to the Guest account over the network. This capability means that any shared folders with permissions that allow access to the Guest account, the Guests group, or the Everyone group are accessible over the network, which could lead to the exposure or corruption of data. It is best practice to disable the local Guest account.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status
https://www.stigviewer.com/stig/windows_server_20122012_r2_domain_controller/2019-01-16/finding/V-1113

Remediation

To fix this configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Accounts: Guest account status" to "Disabled".

https://www.isunshare.com/windows-8/3-ways-to-disable-guest-account-on-windows-8-8.1.html

STIG: Server 2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2021-08-18/finding/V-205709
Server 2016: https://www.stigviewer.com/stig/windows_server_2016/2019-01-16/finding/V-73809
Desktop: https://www.stigviewer.com/stig/windows_10/2016-06-24/finding/V-63611