Windows Vista and 7 has this switch in Network and Sharing Center. It\'s on by default, and that prevents unauthenticated access to shares even if they\'re shared with Every
Probably too late :) , but hopefully useful for others.
The following steps worked just fine for me (it worked on W8 consumer preview too).
to turn it off:
1 - Enable guest account by running
net user guest /active:yes
2 - Obtain guest user SID by running, for example,
wmic useraccount where name='guest' get sid
3 - Obtain write access to registry folder HKLM\SECURITY
4 - Modify the following key, where $SID is the sid obtained in point 2, to:
[HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\$SID\ActSysAc]
@=hex(0):41,00,00,00
5 - restart the machine (until now, I didn't find a better way to make the change effective)
to turn it on again:
[HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\$SID\ActSysAc]
@=hex(0):c1,00,00,00
then restart
Export the complete register as 1.reg, turn sharing on (or off, if it was on), export to 2.reg and check for the differences?
To be able to use the diff
utility, export the files in Win9X/NT4 registration files (*.reg)
-format
Take a look at this file (disable_password_protected_sharing.bat)
@echo off
echo 12- get sid gust variable
for /f "delims= " %%a in ('"wmic useraccount where name='guest' get sid"') do (
if not "%%a"=="SID" (
set sid_guest=%%a
goto :loop_end
)
)
:loop_end
echo 13- create script for regini
@echo \Registry\Machine\SECURITY [1 5 7 11 17 21]> x
@echo \Registry\Machine\SECURITY\policy [1 5 7 11 17 21]>> x
@echo \Registry\Machine\SECURITY\policy\accounts [1 5 7 11 17 21]>> x
@echo \Registry\Machine\SECURITY\policy\accounts\%sid_guest% [1 5 7 11 17 21]>> x
@echo \Registry\Machine\SECURITY\policy\accounts\%sid_guest%\ActSysAc [1 5 7 11 17 21]>> x
echo 14- add permission for machine/security
net user guest /active:yes
regini x
del x
@echo Windows Registry Editor Version 5.00 > y.reg
@echo [HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\%sid_guest%\ActSysAc] >> y.reg
@echo @=hex(0):41,00,00,00 >> y.reg
reg import y.reg
del y.reg
echo Windows will now reboot.
Pause
shutdown -r
it works fine in windows7
Here is a powershell script that implements paolos answer. It is unpolished as it permits everybody write access to the specific registry key (The [7] part specifies this with regini syntax) and uses a file in C:\ root but works flawless:
# Get guest user id
$SID = & "wmic" "useraccount" "where" "name='guest'" "get" "sid" "/Value" | Out-String
$SID = $SID.Trim().Substring(4)
# Generate regini script
$PATH = "\Registry\Machine\Security\Policy\Accounts\" + $SID + "\ActSysAc"
$PATH + " [7]`r`n" + $PATH + "`r`n@ = REG_NONE 4 0x41 0x00 0x00 0x00" >> "C:\firstrun.regini"
# Execute regini script
& "regini" "C:\firstrun.regini"
It is in the registry just not necessarily in the place you are expecting (it is in the SAM). From what I can tell all that setting does is enable or disable the guest account, so, well, just enable or disable the account.
You didn't say what you programming language you are using, so here is some simple C code to enable an account, if you need anything else I am sure there is plenty around via google.
#include <LM.h>
#pragma comment(lib, "Netapi32.lib")
BOOL EnableUser(LPCWSTR lpUserName, BOOL bEnable)
{
BOOL bRet = FALSE;
DWORD dwLevel = 1008;
LPUSER_INFO_1 ui1;
USER_INFO_1008 ui1008;
NET_API_STATUS nStatus;
nStatus = NetUserGetInfo(NULL, lpUserName, 1, (LPBYTE*)&ui1);
if(nStatus == NERR_Success)
{
ui1008.usri1008_flags = ui1->usri1_flags;
if(bEnable)
{
ui1008.usri1008_flags &= ~UF_ACCOUNTDISABLE;
}
else
{
ui1008.usri1008_flags |= UF_ACCOUNTDISABLE;
}
nStatus = NetUserSetInfo(NULL, lpUserName, dwLevel, (LPBYTE)&ui1008, NULL);
NetApiBufferFree(ui1);
if(nStatus == NERR_Success)
{
bRet = TRUE;
}
}
return bRet;
}
I tested Paolo's answer on windows 7 Home without success.
Comparing the .reg
extraction of the registry before and after turning off the password protected sharing, I noticed modifications in 3 values:
[HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-21-3207962671-1026919178-1165869658-501\ActSysAc] REG_NONE
value's first byte changed from c1
to 41
(this SID is the guest account's SID)
[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account] REG_BINARY "F"
value's 17th byte changed from 3b
to 3c
[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\000001F5] REG_BINARY "F"
value's 57th byte changed from 15
to 14
(0x1F5
is the type of the guest's Names value)
I tried changing only the first value as indicated by Paolo. This did not change the password protected sharing even after reboot.
But I had success when changing the 57th byte between 14
and 15
only for the third value:
[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\000001F5] REG_BINARY "F".
I tested with success on another windows 7 computer.