Scorpion99 wrote: Did you try Host-Only (private network with the host) instead of NAT?
The OP states "The Guest is also Windows (in this case) and needs to have Internet access, but not have access to other machines on the LAN" so using Host-Only by itself will not allow the Guest to have the required Internet access although it will isolate it from the Host's LAN! 