Swif’s Windows Guest Account Policy controls whether the built‑in Windows guest account can be used to log on to a device. Disabling guest logon prevents anonymous or shared access, reduces the risk of unauthorized use, and helps you meet security and compliance requirements (for example, LOGIN‑1 / ACC‑1 controls that require disabling guest accounts).
What this policy does
When applied, this setting determines whether the Windows guest account is allowed to log on to the system. In most environments, you should keep the guest account disabled.
1. What Does the Policy Do?
Guest Account Status (disableGuestAccount)
Field name (internal):
disableGuestAccountDisplay name (UI): Guest Account Status
Type: Integer (0 or 1)
Minimum OS: Windows 10+
This field controls whether the Windows guest account can be used to log on:
Disabled (guest account cannot log on) – value
0The Windows guest account is blocked from logging in.
This is the recommended setting for security and compliance.
Enabled (guest account can log on) – value
1The Windows guest account is allowed to log in.
This increases risk and is generally not recommended except for very specific use cases (e.g., tightly controlled kiosk scenarios).
Default behavior
By default, Swif sets this field to: Disabled (guest account cannot log on) (value: 0).
2. When Should You Use This Policy?
Use the Windows Guest Account Policy when you want to:
Enforce unique, named user accounts on every Windows device.
Disable guest login to align with internal security baselines and external frameworks (e.g., NIST, CIS, SOC 2, ISO 27001, HIPAA).
Meet Swif’s LOGIN‑1 recommendations, which call out:
Disabling guest account login.
Ensuring each device user has a unique account.
Avoiding shared/local admin or guest accounts.
This policy can be used on both BYOD and company‑owned Windows devices (Windows 10+).
3. Creating or Editing the Policy in Swif
Go to Policies
In the Swif Admin Console, navigate to:
Device Management → Policy.
Create or Edit a Policy
Click Create New Policy or edit an existing policy that includes the Windows guest account setting.
Choose the appropriate Windows policy profile that exposes Guest Account Status (e.g., within User Authorization Policy for Windows).
Configure Guest Account Status
Find Guest Account Status.
Select one of:
Disabled (guest account cannot log on) – recommended.
Enabled (guest account can log on) – only if you explicitly need guest access.
Assign to Devices
Click Continue to move to assignment.
Choose the Windows 10+ devices or device groups where you want to apply this setting.
Review your configuration and click Save (or Finish).
Swif will apply the policy at the next device check‑in.
4. Verifying the Policy on a Device
After the policy is pushed and devices have checked in:
On a device targeted by the policy:
Attempt to sign in using the Guest account or any configured guest session.
Expected behavior:
If Guest Account Status = Disabled (0):
The guest account cannot log on (login is blocked / unavailable).
If Guest Account Status = Enabled (1):
The guest account can log on (guest session is allowed).
Check Swif console / compliance view:
Use Swif’s dashboards, device details, or compliance center to confirm the device has:
Successfully received the policy.
Reported the guest account state as expected.
5. Troubleshooting & Tips
Devices did not update yet
Ensure the device is online and has the latest Swif Agent.
Policies apply at the next check‑in; you may need to wait a few minutes.
Guest login still appears
Confirm the correct policy is assigned to the device or group.
Verify Guest Account Status is set to:
Disabled (guest account cannot log on) for secure deployments.
If you previously allowed guest login via other tools (e.g., Intune, on‑device local changes), ensure those configurations are not overriding Swif’s setting.
Compliance alignment (LOGIN‑1 / ACC‑1)
For Swif Compliance Center, this setting supports:
LOGIN‑1 – Login Window Configuration