Reset Password · PC & Mac Help and Assistance

Welcome Guest! To enable all features please Login or Register

Posted by: Lemonde - 28 July 2025 17:36:00
the latest version 2H24 pf Windows 11 Stops the Guest account Allowing Acces to my NAS with no Permissions - Can I Overcome this?

Posted by: sirclesadmin - 28 July 2025 17:36:55
Yes, Microsoft's 2H24 update for Windows 11 has quietly tightened Guest account behavior in line with long-standing security best practices-blocking unauthenticated SMB (Server Message Block) access by default, which is how many NAS setups (especially older or homebrew ones) allowed easy file sharing. This change prevents the Guest account from connecting anonymously to your NAS. But you can overcome this, depending on your risk appetite, by re-enabling legacy behavior or adjusting the NAS or Windows configuration. Below are your options: Fix Options Option 1: Enable Insecure Guest Access (Not Recommended) This restores the old behavior but reintroduces a known security hole. Only do this in isolated, trusted environments (like home LANs with no external exposure). Steps: Press `Win + R`, type `gpedit.msc`, and press Enter. Navigate to: `Computer Configuration Administrative Templates Network Lanman Workstation` Double-click "Enable insecure guest logons" Set it to Enabled, then click OK. Reboot or `gpupdate /force` to apply. If you're using Windows 11 Home, `gpedit.msc` won't exist. Instead: Registry Method: Press `Win + R`, type `regedit`, and press Enter. Go to: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters` Create a new DWORD value: `AllowInsecureGuestAuth = 1` Reboot. Option 2: Create a Real User on Your NAS This is the recommended modern solution. Log into your NAS admin panel. Create a username and password for file sharing. On Windows: Map the drive using that NAS account: `\\NAS-IP\ShareName` and check "Connect using different credentials". Store the credentials using Credential Manager: `Control Panel > User Accounts > Credential Manager > Windows Credentials > Add a Windows credential` Option 3: Use a Persistent Local Windows Account Instead of Guest Rather than rely on `Guest`, create a local user (not tied to a Microsoft account) with minimal permissions. Go to `Settings > Accounts > Other Users > Add account > I don't have this person's sign-in info > Add a user without a Microsoft account` Set up a low-privilege account. Use it for network access to avoid full Guest lockdown. Why Did This Happen? Microsoft is aligning with SMB security best practices: SMBv1 is deprecated and disabled. Guest access is considered insecure. Ransomware attacks often exploit unauthenticated network shares. Recommendation for the Future Avoid Guest and SMBv1 Use SMBv2+, proper authentication, and TLS if available Update your NAS firmware-it may support safer auth now Consider disabling anonymous access altogether if you're security-conscious Let me know what NAS you're using (e.g., Synology, QNAP, TrueNAS), and I can tailor the setup steps for Option 2.

Posted by: sirclesadmin - 28 July 2025 17:36:55

Yes, Microsoft's 2H24 update for Windows 11 has quietly tightened Guest account behavior in line with long-standing security best practices-blocking unauthenticated SMB (Server Message Block) access by default, which is how many NAS setups (especially older or homebrew ones) allowed easy file sharing.

This change prevents the Guest account from connecting anonymously to your NAS. But you can overcome this, depending on your risk appetite, by re-enabling legacy behavior or adjusting the NAS or Windows configuration. Below are your options:

Fix Options

Option 1: Enable Insecure Guest Access (Not Recommended)

This restores the old behavior but reintroduces a known security hole. Only do this in isolated, trusted environments (like home LANs with no external exposure).

Steps:

Press Win + R, type gpedit.msc, and press Enter.

Navigate to:

Computer Configuration  Administrative Templates  Network  Lanman Workstation

Double-click "Enable insecure guest logons"
Set it to Enabled, then click OK.
Reboot or gpupdate /force to apply.

If you're using Windows 11 Home, gpedit.msc won't exist. Instead:

Registry Method:

Press Win + R, type regedit, and press Enter.

Go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

Create a new DWORD value:
```
AllowInsecureGuestAuth = 1
```
Reboot.

Option 2: Create a Real User on Your NAS

This is the recommended modern solution.

Log into your NAS admin panel.
Create a username and password for file sharing.
On Windows:
- Map the drive using that NAS account:
```
\\NAS-IP\ShareName
```
  and check "Connect using different credentials".
Store the credentials using Credential Manager:
- Control Panel > User Accounts > Credential Manager > Windows Credentials > Add a Windows credential

Option 3: Use a Persistent Local Windows Account Instead of Guest

Rather than rely on Guest, create a local user (not tied to a Microsoft account) with minimal permissions.

Go to Settings > Accounts > Other Users > Add account > I don't have this person's sign-in info > Add a user without a Microsoft account
Set up a low-privilege account.
Use it for network access to avoid full Guest lockdown.

Why Did This Happen?

Microsoft is aligning with SMB security best practices:

SMBv1 is deprecated and disabled.
Guest access is considered insecure.
Ransomware attacks often exploit unauthenticated network shares.

Recommendation for the Future

Avoid Guest and SMBv1
Use SMBv2+, proper authentication, and TLS if available
Update your NAS firmware-it may support safer auth now
Consider disabling anonymous access altogether if you're security-conscious

Let me know what NAS you're using (e.g., Synology, QNAP, TrueNAS), and I can tailor the setup steps for Option 2.