Audit insecure guest logon
Supported on: At least Windows Server 2025, Windows 11
Registry
HKLM
Software\Policies\Microsoft\Windows\LanmanServer Value name: AuditInsecureGuestLogon
Enabled: AuditInsecureGuestLogon = 1
Disabled: AuditInsecureGuestLogon = 0
Description
This policy controls whether the SMB server will enable the audit event when the client is logged on as guest account. If you enable this policy setting, the SMB server will log the event when the client is logged on as guest account. If you disable or do not configure this policy setting, the SMB server will not log the event.