After Upgrading to Windows 10 1709 (Fall Creators Update) I couldn’t access my Synology NAS anymore. Therefore I started troubleshooting the Windows 10 1709 Cannot Access SMB2 Share Guest Access error:
An error occurred while reconnecting X: to
\\nas\dataMicrosoft Windows Network: You can’t access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.
Cause
Starting with Windows 10 1709, Windows prevents you from accessing network shares with guest access enabled. Guest access means connecting to network shares without authentication, using the built-in “guest” account.
This has no reference to the SMB1 protocol which was disabled in the latest Windows 10 release.
Resolution
To enable guest access again, configure the following GPO:
Computer configuration > administrative templates > network > Lanman Workstation: "Enable insecure guest logons" = Enabled
Registry Key
The according registry key is located under:
| |
Download
You can also download the reg file to simply click and set the registry key from here:AllowInsecureGuestAuth.Reg
MDM Policy
Theres also an MDM Policy available, starting with Windows 10 1803: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-lanmanworkstation
About guest access
Guest access is often used to access data stored on Network Attached Storage, e.g. on a Synology NAS. Every user from any device has access to these shares. Generally it’s never recommended to use guest access because it’s a huge security risk. Within the time of ransomware, encrypting whole drives it’s definitely not a good idea. I strongly recommend to use LDAP Support to authenticate against your NAS.
Reference
- Microsoft Support: guest-access-smb2-disabled-by-default-in-windows-10-server-2016