Windows 10 (1709) – Guest Access Issue with SMB2

Windows 10 (1709) – Guest Access Issue with SMB2

No Comments on Windows 10 (1709) – Guest Access Issue with SMB2

Sometimes the small things are the biggest issue when moving to a new Operating System. So a small change in the OS configuration or the security settings can lead to work blocking issues.

Last seen after Upgarde to 1709 in a small office…but let’s have a look at the basics first:

Background:

In most companies nobody would recognize this change….but this time it was one of the smaller ones. So imagine a small construction office, an architect or a startup. Working with 2 – 6 people on small projects…IT is not the center of their life. Also there is no dedicated IT staff. But even with 2 employees the requirement of sharing data and working together is a day to day topic. Maybe Office 365 is part of the business…but often we see a NAS in a corner of the office. This NAS has been configured to host a share for data exchange.

so far so good

But there is no AD-infrastructure, no EDP, no managed FileShare…

But there are some Windows 10 Enterprise Clients and they are receiving Feature Updates twice a year. And so they did with 1709

Problem:

The Upgrade worked like a charm without any issue. The required Software was still running and also E-Mail is still working. yeha everything is fine….But when accessing the Team Share they receive the following message (sorry but German)

Gastzugriff Fehler

 

 

 

 

 

 

 

 

also seen:

You can’t access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.

But everything was working fine before…and nobody has done anything…

Reason:

This time it is really nobodys fault. This time the issue came with 1709. Because it is shipped with a new security setting, which is explained here:

Guest access in SMB2 disabled by default in Windows 10 Fall Creators Update and Windows Server 2016 version 1709

To be honest…the issue is a bit stranger than thought….Because the change to guest access in SMB2 is just done in Windows 10 Enterprise and Education and Windows Server. Windows 10 Home and Pro are not changed. So the main issue is that we are talking about Enterprise Systems that are used to be member of a domain and to work in a managed environment…

Solution:

So there are two solutions now…the right one and the easy one:

The easy way means to reactivate insecure guest logon…

Computer configuration\administrative templates\network\Lanman Workstation –>”Enable insecure guest logons”

Gastzugriff GGPO

 

 

 

 

 

 

 

 

 

 

 

 

 

The better way would be to activate authentication at the NAS…but we all know what really happens

So enjoy SMB2 🙂

P.S.: SMB1 is diabled per default in 1709 … yeha

About the author:

Ich bin Eric Berg und bin Principal IT-Architekt im Bereich Microsoft Modern Workplace and Datacenter un Microsoft P-TSP für Azure und Modern Desktop. Seit 2015 bin ich Cloud and Datacenter Management MVP. Ich bin Organisator des Azure Thüringen Meetups und Sprecher auf Events wie der ExpertsLive Europe, CDC Germany und Microsoft Ignite. Alle Gedanken, Meinungen und Ideen auf dieser Website sind von mir und spiegeln nicht die Haltung meines Arbeitgebers oder von Microsoft wieder.

Related Posts

Leave a comment

Back to Top