After Upgrading to Windows 10 1709 (Fall Creators Update) I couldn’t access my Synology NAS anymore. Therefore I started troubleshooting the Windows 10 1709 Cannot Access SMB2 Share Guest Access error:
An error occurred while reconnecting X: to
\\nas\dataMicrosoft Windows Network: You can’t access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.
Cause#
Starting with Windows 10 1709, Windows prevents you from accessing network shares with guest access enabled. Guest access means connecting to network shares without authentication, using the built-in “guest” account.
This has no reference to the SMB1 protocol which was disabled in the latest Windows 10 release.
Resolution#
To enable guest access again, configure the following GPO:
Computer configuration > administrative templates > network > Lanman Workstation: "Enable insecure guest logons" = Enabled
Registry Key#
The according registry key is located under:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]"AllowInsecureGuestAuth"=dword:1Download#
You can also download the reg file to simply click and set the registry key from here:AllowInsecureGuestAuth.Reg
MDM Policy#
Theres also an MDM Policy available, starting with Windows 10 1803: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-lanmanworkstation
About guest access#
Guest access is often used to access data stored on Network Attached Storage, e.g. on a Synology NAS. Every user from any device has access to these shares. Generally it’s never recommended to use guest access because it’s a huge security risk. Within the time of ransomware, encrypting whole drives it’s definitely not a good idea. I strongly recommend to use LDAP Support to authenticate against your NAS.
Reference#
- Microsoft Support: guest-access-smb2-disabled-by-default-in-windows-10-server-2016
