Gpo

After Upgrading to Windows 10 1709 (Fall Creators Update) I couldn’t access my Synology NAS anymore. Therefore I started troubleshooting the Windows 10 1709 Cannot Access SMB2 Share Guest Access error: An error occurred while reconnecting X: to \\nas\data Microsoft Windows Network: You can’t access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network. Cause # Starting with Windows 10 1709, Windows prevents you from accessing network shares with guest access enabled. Guest access means connecting to network shares without authentication, using the built-in “guest” account. This has no reference to the SMB1 protocol which was disabled in the latest Windows 10 release. Resolution # To enable guest access again, configure the following GPO: Computer configuration > administrative templates > network > Lanman Workstation: "Enable insecure guest logons" = Enabled Registry Key # The according registry key is located under:

If you imagine that your users or administrators have uncontrolled local administrator rights it’s a nightmare. They have (certainly) full control over their computer, and could do a lot of harm. So managing local administrator rights is definitely a must. Manage Local Administrator Rights # The Active Directory Group Policies offer a great possibility to manage local groups on clients or servers. All the magic happens with “Restricted Groups”. Adding a group or users to a local group # If you want to add a certain group to a built-in group add the group to the restricted groups under the “This group is a member of” sections: When the GPO is no longer applied, the restricted group is being removed from the clients. Overwrite local group members # When you wan’t take full control over a local group, you can choose the “Members of this group” option. Then all group members are replaced with the specified users or groups here, except the built-in local Administrator account.