Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
By default, the Windows Server 2003 family includes a user account called Guest. With guest authentication, during the authentication process, the caller does not send a user name or password. If unauthenticated access is enabled, by default the Guest account is used as the identity of the caller.
To enable Guest account access, you must do the following:
Enable unauthenticated access on the remote access server. For more information, see Enable authentication protocols.
Enable unauthenticated access on the appropriate remote access policy. For more information, see Configure authentication.
Enable the Guest account. For more information, see To enable a disabled user account.
Set the remote access permission on the Guest account to either Allow access or Control access through Remote Access Policy depending on your remote access policy administrative model. For more information, see Remote Access Policies Examples and Configure remote access permission for a user.
If you want to enable a guest account that is not named Guest, create a user account and set the remote access permission to either Allow access or Control access through Remote Access Policy. Then, set the following registry value on the authenticating server (either the remote access server or the IAS server) to the name of the account:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Policy\Default User Identity
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
Changes to the registry setting will not take effect until the Routing and Remote Access service or the Internet Authentication Service are restarted.
For more information about how to modify registry keys and set values, see "Remote Access Server" at the Microsoft Windows Resource Kits Web site.