the latest version 2H24 pf Windows 11 Stops the Guest account Allowing Acces...

Lemonde
100% (Exalted)
Advanced Member Topic Starter

2 days ago

the latest version 2H24 pf Windows 11 Stops the Guest account Allowing Acces to my NAS with no Permissions - Can I Overcome this?

Refurbished Computers Berkshire
Data Recovery Berkshire

Sponsor

Want to thank us? Use: Patreon or PayPal or Bitcoins: bc1q4whppe29dw77rm4kv4pln0gqae4yjnxly0dny0hky6yhnafukzjsyrsqhk

All opinions expressed within these pages are sent in by members of the public or by our staff in their spare time, and as such do not represent any opinion held by sircles.net Ltd or their partners.

Wanna join the discussion?! Login to your PC & Mac Help and Assistance forum account or Register a new forum account

sirclesadmin
100% (Exalted)
Administration

2 days ago

Yes, Microsoft's 2H24 update for Windows 11 has quietly tightened Guest account behavior in line with long-standing security best practices-blocking unauthenticated SMB (Server Message Block) access by default, which is how many NAS setups (especially older or homebrew ones) allowed easy file sharing.

This change prevents the Guest account from connecting anonymously to your NAS. But you can overcome this, depending on your risk appetite, by re-enabling legacy behavior or adjusting the NAS or Windows configuration. Below are your options:

Fix Options

Option 1: Enable Insecure Guest Access (Not Recommended)

This restores the old behavior but reintroduces a known security hole. Only do this in isolated, trusted environments (like home LANs with no external exposure).

Steps:

Press Win + R, type gpedit.msc, and press Enter.

Navigate to:

Computer Configuration  Administrative Templates  Network  Lanman Workstation

Double-click "Enable insecure guest logons"

Set it to Enabled, then click OK.

Reboot or gpupdate /force to apply.

If you're using Windows 11 Home, gpedit.msc won't exist. Instead:

Registry Method:

Press Win + R, type regedit, and press Enter.

Go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

Create a new DWORD value:
```
AllowInsecureGuestAuth = 1
```

Reboot.

Option 2: Create a Real User on Your NAS

This is the recommended modern solution.

Log into your NAS admin panel.

Create a username and password for file sharing.

On Windows:
- Map the drive using that NAS account:
```
\\NAS-IP\ShareName
```
  and check "Connect using different credentials".

Store the credentials using Credential Manager:
- Control Panel > User Accounts > Credential Manager > Windows Credentials > Add a Windows credential

Option 3: Use a Persistent Local Windows Account Instead of Guest

Rather than rely on Guest, create a local user (not tied to a Microsoft account) with minimal permissions.

Go to Settings > Accounts > Other Users > Add account > I don't have this person's sign-in info > Add a user without a Microsoft account

Set up a low-privilege account.

Use it for network access to avoid full Guest lockdown.

Why Did This Happen?

Microsoft is aligning with SMB security best practices:

SMBv1 is deprecated and disabled.

Guest access is considered insecure.

Ransomware attacks often exploit unauthenticated network shares.

Recommendation for the Future

Avoid Guest and SMBv1

Use SMBv2+, proper authentication, and TLS if available

Update your NAS firmware-it may support safer auth now

Consider disabling anonymous access altogether if you're security-conscious

Let me know what NAS you're using (e.g., Synology, QNAP, TrueNAS), and I can tailor the setup steps for Option 2.

IT Support Berkshire
Buy new and refurbished computer equipment

Important Information:

The PC & Mac Help and Assistance uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More Details Close