After Upgrading to Windows 10 1709 (Fall Creators Update) you may not be able to connect to network shares or your NAS with the guest account. Windows 10 1709 onwards (including Server 2016 and Server 2019) Cannot Access SMB2 Shares via the Guest account. The following error may be shown:
An error occurred while reconnecting X: to Share
Microsoft Windows Network: You can’t access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.
Cause
Starting with Windows 10 1709, Windows prevents you from accessing network shares with guest access enabled. Guest access means connecting to network shares without authentication, using the built-in “guest” account.
This has no reference to the SMB1 protocol which was disabled in the latest Windows 10 release and all new Server installs from 2016.
Resolution
To enable guest access again, configure the following GPO:
Computer configuration > administrative templates > network > Lanman Workstation: "Enable insecure guest logons" = Enabled
Registry Key
The corresponding registry key is located under:
[HKEY_LOCAL_MACHINESYSTEM>CurrentControlSet>Services>LanmanWorkstationParameters]"AllowInsecureGuestAuth"=dword:1
Download
You can also download the reg file to simply click and set the registry key from here: AllowInsecureGuestAuth
MDM Policy
There is also an MDM Policy available, starting with Windows 10 1803: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-lanmanworkstation
About guest access
Guest access is often used to access data stored on Network Attached Storage, e.g. on a Synology NAS. Every user from any device has access to these shares. Generally it’s never recommended to use guest access because it’s a huge security risk. Within the time of ransomware, encrypting whole drives it’s definitely not a good idea. I strongly recommend to use LDAP Support to authenticate against your NAS.
Reference
- Microsoft Support: guest-access-smb2-disabled-by-default-in-windows-10-server-2016