The Guest account, a special managed account, is considered a security vulnerability in most situations because it has no password associated with it. Once an attacker has gained guest-level access, the attacker can try to elevate privileges to further exploit a system. We recommend that the Guest account be disabled on all macOS systems unless there is a clearly demonstrated need to use a Guest account. The Guest account is not allowed to log in to a computer by default. However, guest users can access shared folders remotely by default. This setting is called "Allow guest users to connect to shared folders" and should be disabled. Both of these settings are available under System Preferences / Users and Groups / Guest Userand are disabled by default. Note that when a guest logs out of a macOS system, the guest's environment is destroyed and reinitialized. Fix: defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool FALSE

[Hide/Display]

defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool FALSE