Should a guest account be disabled or deleted?

jabra
Kilo Contributor

When you first install a wireless router in your home you are encouraged to change the password to your admin account so others can't get in using that common id and password.   By the same token should the generic "guest" account in your ServiceNow instance be either disabled, deleted, or have a password changed to prevent a login?   What would be the consequences?

1 ACCEPTED SOLUTION

Chuck Tomasi
Tera Patron

Hi Scott,



I recommend disabling it. There are some esoteric   places in the system that use the guest account. You obviously don't want people to login with that account, but you don't want to lose reference to the account itself. Set the active field to false and perhaps even set Locked out to true, just for good measure.


View solution in original post

9 REPLIES 9

Hopefully we answered your question, Scott.   If so, please mark the appropriate response as correct so that others with the same question can find it quickly in the future and that it gets removed from the Unanswered list. Thank you


Pradeep Sharma
ServiceNow Employee
ServiceNow Employee

When it is good idea to not delete the record, it is good that you are aware of cascade delete rules also. Please refer section 7 here.


Reference Fields - ServiceNow Wiki


Michael Fry1
Kilo Patron

If you leave it on, you can modify the inbound action Create Incident and add something that if you don't recognize the email address, send them a notification letting them know that and what to do:


if (gs.getUserID() == '5136503cc611227c0183e96598c4f706') { // Guest


      gs.eventQueue("email.failed", sys_email, email.from, email.from);


} else {



Also, there's no email address on the account, so they can't reset the password.



If you're using the New Call application, that will insure you capture all inbound emails.


jamesmcwhinney
Giga Guru

Is it actually possible to log in to the guest account?