How to Disable the Guest Account with Microsoft Intune (Including Scripting Option)

  • Post
    • March 12, 2019 at 5:20 pm
    Weekend Wiki
    Keymaster

    2How to Disable the Guest Account with Microsoft Intune (Including Scripting Option)

    Disabling the Guest Account on Windows devices is an essential security measure for organizations, as it prevents unauthorized users from accessing the system. While Microsoft Intune offers a simple way to manage this through Device Configuration Profiles, you can also achieve this using custom PowerShell scripts for more advanced control.

    Here’s a step-by-step guide to disabling the Guest Account on Windows devices using Microsoft Intune, along with a PowerShell script option for more granular control.

    Option 1: Disabling the Guest Account Using Device Configuration Profile

    Step 1: Create a Device Configuration Profile

    1. Log in to the Microsoft Intune Admin Center at https://endpoint.microsoft.com.
    2. Navigate to DevicesConfiguration Profiles.
    3. Click + Create Profile.
    4. Choose Windows 10 and later as the platform.
    5. Select Device Restrictions as the profile type.
    6. Click Create.

    Step 2: Configure Restrictions to Disable the Guest Account

    1. In the Profile Name field, enter a descriptive name (e.g., Disable Guest Account).
    2. Under Configuration Settings, scroll down to the Local Device Security Options section.
    3. Find the setting Accounts: Guest account status.
    4. Set the option to Disabled to prevent users from accessing the guest account.
      • This setting will disable the guest account and remove it from the login screen.

    Step 3: Assign the Profile to Devices

    1. After configuring the settings, click Next to proceed to Assignments.
    2. Choose the device groups or user groups you want to apply this policy to.
    3. Click Next to review your settings, then click Create to deploy the profile.

    Step 4: Monitor the Deployment

    1. Go to DevicesMonitorDevice Configuration to check the deployment status.
    2. Verify that the policy has been successfully applied to the target devices.

    Step 5: Verify on End Devices

    1. Once deployed, verify that the Guest Account is disabled:
      • Navigate to Control PanelUser AccountsManage Accounts. The Guest Account should no longer appear.
    2. You can also run the following PowerShell command to check: 
      Get-LocalUser -Name "Guest"

      The Account Status should show as Disabled if the policy is successfully applied.

    Option 2: Disabling the Guest Account Using PowerShell Script

    If you prefer more granular control or need to deploy the change using a script, you can disable the Guest Account by running a PowerShell script through Intune.

    Step 1: Create the PowerShell Script

    1. Open PowerShell on your local machine and create a script with the following content to disable the Guest account: 
      # PowerShell script to disable the Guest account

# Check if the Guest account exists
$guestUser = Get-LocalUser -Name "Guest"

# Disable the Guest account if it exists
if ($guestUser) {
    Disable-LocalUser -Name "Guest"
    Write-Output "Guest account disabled successfully."
} else {
    Write-Output "Guest account not found."
}

      This script will check if the Guest account exists on the system and disable it.

    Step 2: Upload the Script to Intune

    1. Navigate to DevicesScripts+ Add in the Intune Admin Center.
    2. Choose Windows 10 and later as the platform.
    3. Upload your PowerShell script.
    4. Configure the script settings to run in 64-bit mode.
    5. Assign the script to the appropriate device groups or user groups.

    Step 3: Monitor the Script Deployment

    1. After deployment, navigate to DevicesMonitorDevice Configuration to verify the script has been executed successfully.
    2. Check the output of the script in the intune logs to ensure that the Guest account was disabled.

    Step 4: Verify on End Devices

    Once the script is deployed, you can verify by checking the Guest account status:

    • Use the Control PanelUser AccountsManage Accounts. The Guest Account should not appear.
    • You can also check the account status using the PowerShell command mentioned earlier: 
      Get-LocalUser -Name "Guest"

      If the account is disabled, you should see the Disabled status.

    Conclusion

    There are two main ways to disable the Guest Account on Windows devices using Microsoft Intune:

    1. Device Configuration Profiles: This is the simplest and most straightforward method. You configure the Guest account status setting to Disabled.
    2. PowerShell Script: This provides more control and flexibility, especially when you need to automate the process across multiple devices or implement additional logic.

    Both methods are effective and can be deployed across your organization’s devices to ensure that unauthorized users cannot access the Guest account. Choose the method that best fits your organization’s needs and policies.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Replies
    • March 12, 2019 at 5:52 pm
    Weekend Wiki
    Keymaster
    Nostrud transferrem si admodum sed aut amet incididunt ea quid doctrina voluptatibus ut sed eu quis nisi noster, culpa quibusdam incurreret, eram o nescius ita aliqua se velit exercitation vidisse veniam ullamco de cernantur iis cillum appellat. Nostrud irure excepteur mandaremus ita malis praetermissum pariatur fugiat possumus a te noster nescius aliquip, pariatur sint tempor eu iis an legam fabulas, non multos incididunt, duis firmissimum cernantur fore litteris, quis te e magna tempor.
    • March 12, 2019 at 7:03 pm
    Weekend Wiki
    Keymaster

    Eu cillum labore dolor laboris qui et anim vidisse, e fugiat mentitum comprehenderit, nostrud firmissimum an eiusmod. Incurreret quis quamquam nostrud. Doctrina legam incurreret admodum, voluptate minim ubi ullamco voluptatibus.

Viewing 2 replies - 1 through 2 (of 2 total)

Tagged: , ,

  • You must be logged in to reply to this topic.
en_USEnglish
arArabic en_USEnglish