Besides the null session (Item 35), the guest logon is another way to represent an anonymous user. However, a guest logon differs a bit from a null session. First of all, to enable any guest logons on a machine you must first enable the local Guest account. Then you must assign it either a real password or an empty password. If you assign a real password, clients attempting to connect must prove knowledge of that password before being allowed a guest logon. If you assign an empty password, this proof isn't required and any client password will do.

An example will best demonstrate how a guest logon occurs. Take a couple of machines that don't have any domain affiliation, and say one of them has a local account ...