Should a guest account be disabled or deleted?

jabra
Kilo Contributor

When you first install a wireless router in your home you are encouraged to change the password to your admin account so others can't get in using that common id and password.   By the same token should the generic "guest" account in your ServiceNow instance be either disabled, deleted, or have a password changed to prevent a login?   What would be the consequences?

1 ACCEPTED SOLUTION

Chuck Tomasi
Tera Patron

Hi Scott,



I recommend disabling it. There are some esoteric   places in the system that use the guest account. You obviously don't want people to login with that account, but you don't want to lose reference to the account itself. Set the active field to false and perhaps even set Locked out to true, just for good measure.


View solution in original post

9 REPLIES 9

Chuck Tomasi
Tera Patron

Hi Scott,



I recommend disabling it. There are some esoteric   places in the system that use the guest account. You obviously don't want people to login with that account, but you don't want to lose reference to the account itself. Set the active field to false and perhaps even set Locked out to true, just for good measure.


Pradeep Sharma
ServiceNow Employee
ServiceNow Employee

Hi Scott,



Here is one of the use case required for use case of guest account. You can however change the password for security reasons.



When a user from a trusted domain sends an email to the instance, ServiceNow either matches the email to an existing user or creates a new user. Since the incoming email matches a user record (either an existing or new one), the email can trigger an inbound action.


When a user from an untrusted domain sends an email to the instance, ServiceNow attempts to impersonate the guest user. Since the guest user is locked out, the impersonation fails and the incoming email cannot trigger an inbound action.


Inbound Email Actions - ServiceNow Wiki


Interesting... so you COULD use this to ignore email from untrusted domains. But... the trusted domains system property defaults to "*" (all domains).


I enjoy a thorough discussion