This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Machine is Windows 7 Professional 64-bit. It's joined to a domain.
I recently made the (built-in) Guest account active and gave it the permission to log in interactively.
I then logged in as Guest, but found that IE would not allow me to open HTTPS web pages. The error message is "Internet Explorer cannot display the webpage." If I click Diagnose Connection Problems, I get an error:
An error occurred while troubleshooting:
A problem is preventing the troubleshooter from starting.
Package ID: Unknown
Path: C:\Windows\diagnostics\system\networking
Error code: 0x80096001
Source: Engine
User: MACHINE\Guest
Context: Standard
It doesn't matter which URL I use. It fails for gmail. It fails on my own web site.
The connection succeeds in Firefox, but fails in both 32-bit and 64-bit Internet Explorer.
The connection also succeeds in IE under different user accounts. I even created another local account called "New Guest" and assigned it solely to the Guests group. With this account, I was able to log in and access HTTPS sites through IE.
Based on answers to this problem , I ran "sfc /scannow". It returned with
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection could not perform the requested operation.
I've followed the suggestions in this troubleshooter . Method 9 returns the same error as clicking on the troubleshooter in IE. Disabling the firewall had no effect. Resetting Internet Explorer settings had no effect.
I also made sure all TLS and SSL options were enabled, but that had no effect.
I have confirmed that on a different Windows 7 machine (this one 32-bit Ultimate, but on the same domain), the Guest account can access HTTPS sites without any problems.
It appears there's something corrupt about the Guest account itself (even though presumably it utilizes the same profile as New Guest would).
What can I do to fix IE under the Guest account? Is it safe to delete and re-create the Guest account? If I do so, what are the implications?
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Answer accepted by question author
We ran into the same problem. We needed to use the guest account because we wanted the account to wipe automatically in between guest users, but didn't want to deep freeze our authenticated users. For us, the problem was that Guest didn't have read access to HKLM\SOFTWARE\Policies\Microsoft. Once guest had read access to that key, both Chrome and IE were able to use HTTPS. Also Microsoft's SCEP anti-virus started working again for the guest user.
Thanks. I have seen that article, which is basically a description of the ForeFront security scan information. I've also seen other MVPs and the like giving the advice to provide a proper User Account for guests.
However, I'm still skeptical for two reasons.
I believe if the existence of an enabled Guest account was a serious threat, it would not continue to be included in Windows 7 and documented to users as something to be exercised. That said, I'm not here to argue whether having a guest account is a good idea or not. Let's assume that having the Guest account is not a bad idea - what options do I have to fix the issue that seems to be isolated to this one Guest account on this particular machine?
If the guest account should not be used, please provide a reference as to why this is a security risk.
here you go:
http://technet.microsoft.com/en-us/library/bb418978.aspx
You will find that all advice given is NOT to enable the Guest account but to provide a proper User account for your "guests"...
If you find my response helpful, please click on the "Vote as Helpful" button!Thank you! My Blog
If the guest account should not be used, please provide a reference as to why this is a security risk. My understanding is creating a separate user account named with a synonym for "guest" and with no password is no more secure than enabling the Guest account and is probably less secure.
The advantage to using the guest account is it's transient -- Windows automatically wipes the profile on logout. This means that personal settings, bookmarks, and other settings don't persist between sessions. It's great for letting multiple friends use it temporarily, but without potential for unintended data sharing. In my opinion, having one persistent account for all friends is imposing more of a security risk.
Additionally, the guest account has been explicitly excluded from logging in over the network, a permission granted to User accounts.
Finally, regardless of whether the Guest account is recommended or not, it appears to have sound benefits, so I would like an answer to the question and not a workaround. In other words, "reinstall the computer" is also not a valuable suggestion. I've already described ways that I could obviously work around the problem, demonstrating that I have a strong understanding of what's going on and providing detailed error descriptions to help diagnose the problem.
Machine is Windows 7 Professional 64-bit. It's joined to a domain.
I recently made the (built-in) Guest account active and gave it the permission to log in interactively.
Why? The Guest account should NOT be used - it's a security risk. That's why it's disabled by default.
If you want casual users to use the machine create a Standard User Account and call it "visitor" or some similar name.
If you find my response helpful, please click on the "Vote as Helpful" button!Thank you! My Blog
