@IRJ said in Local Guest Account:
@NattNatt said in Local Guest Account:
@scottalanmiller said in Local Guest Account:
@NattNatt said in Local Guest Account:
@IRJ said in Local Guest Account:
@NattNatt said in Local Guest Account:
@IRJ said in Local Guest Account:
@DustinB3403 said in Local Guest Account:
We disable it.
According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.
The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.
Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?
Internal IT poses a risk as well.
Depends who you work with...I trust all my team I work with. If I didn't, I wouldn't work with them...
Right, so why watch your vendor like that, they are part of your team.
Not always, we are told by clients to allow some vendors onto their systems, they were never recommended by us, therefore not part of our team, they're an external third party. Not saying sit there and just do that, but we are always on the server at the same time with a recorded session in those instances, can still do other tickets etc in the background, but keep an eye on for opening stuff they shouldn't be doing/have a recording to prove stuff that was done etc
You can give yourself a local admin rights in about 60 seconds through the GUI. If you script it, you are talking about 3-5 seconds. If you are going to let someone on your system, you better be auditing them.
That was my point, we do that, we record everything as well to make sure we don't miss anything/can play back and see exactly what was done, covering ourselves in case something they do breaks the system//creates a backdoor//loophole like this