Audit insecure guest logon
Supported on: At least Windows Server 2025, Windows 11
Registry
HKLM
Software\Policies\Microsoft\Windows\LanmanWorkstation Value name: AuditInsecureGuestLogon
Enabled: AuditInsecureGuestLogon = 1
Disabled: AuditInsecureGuestLogon = 0
Description
This policy controls whether the SMB client will enable the audit event when the client is logged on as guest account. If you enable this policy setting, the SMB client will log the event when the client is logged on as guest account. If you disable or do not configure this policy setting, the SMB client will not log the event.