Should we delete the Guest account on our Mac? - NewCydiaTweaks


Post Top Ad

Post Top Ad

Sunday, June 11, 2017

Should we delete the Guest account on our Mac?

The guest user account is a functionality that comes with macOS, and which by default has been disabled. Even so in certain cases it can be useful, but ... is it good to have it on your personal computer active all the time?

Guest account

The guest account allows a user who does not have an account on the computer to access it. In this way, it would be an account that does not have a password , but which is quite limited .
While it may be interesting to have an account on a desktop for anyone to connect, this may not be the safest. It is still an interesting option if you want to allow a person to use your computer for a couple of days or a week, but from there maybe it is a good option to create an account with your own password.

Should we deactivate it?

The short answer would be yes, although the long answer would be yes, but it should not be needed.
Why do I say this? If you use the guest account as it is created by the operating system, whether Windows, MacOS or Linux, there should be no risk . This is because the guest account would have a number of restrictions that would prevent it from running programs that affect the operation of the computer or that modify important files. For example, from a guest account you can not install any program, nor modify any files on the system or another user.
However, not everything is so perfect. While these protections are fine and seem to work, no piece of software is fault- free Thus, there are  already reported bugs that allow scaling permissions . With this we mean that through a guest account in a precise situation and taking advantage of a particular  bug can do actions that should not be able to access.
So, better if we have it disabled .
Is it good to have the guest account activated?
Is it good to have the guest account activated?

The antithesis of what needs to be done

Now I will proceed to tell you a kind of anecdote . It's something I do not usually do, but I think the situation deserves it to give a safety lesson.
A few weeks ago I started with internships in a company whose name I will not say. In my workstation I had a Mac Mini , and instead of creating a user account, I was told to use the guest account (although in the end they created a greater comfort).
The fact is that since I would need to be able to install programs on the computer and be able to execute commands as administrator (with "sudo"), what they did was force the guest account to have such privileges. And this is what in no case can be done. Why? Because an administrator account has full access to the entire computer, and since the guest account does not have a password, anyone who has physical access to the computer could do whatever he wanted.
Or physical access would not be necessary ... Well no! The computer had activated remote access enabled for all accounts. In this way, from another computer on the same network a person can connect with any user, including the guest account. And how can we do to be in the same network? Well in the case of this company, just as they had the Wi-Fi network configured and all the computers were connected to the same subnet. So now the complication is based on accessing the Wi-Fi network . Well it is not so complicated, because I guess the password myself the first attempt without being told.
In short, as they had it configured, it was enough to be close enough to the office to have full access to that computer and all its data ...

How to disable guest user

Turning off (or activating) the guest account is the simplest thing in the world. Simply open the System Preferences, go to "Users and Groups" .
"Users and Groups" in System Preferences.
"Users and Groups" in System Preferences.
There we will have to unlock the settings with the padlock (if it comes out closed we press and write our password). Then select "Guest User" in the sidebar and activate (checking the first box) or disable (unchecking the first box) the guest account.
Enable / Disable guest user in maOS.
Enable / Disable guest user in maOS.


In conclusion, the guest user account is not bad . But it is also not good to have it activated when we are not using it as it can pose a safety hazard . And of course, what can not be done in any case is to give administrator permissions (in fact, you will see that it is not immediate to do so).

Post Top Ad