Symptoms
In Windows 10 Fall Creators Update and Windows Server version 1709, the SMB2 client no longer allows the following actions:
- Guest account access to a remote server
- Fallback to the Guest account after invalid credentials are provided
SMBv2 has the following behavior in Windows 10 Fall Creators Update and Windows Server 2016 version 1709:
- Windows 10 Enterprise and Windows 10 Education no longer allow a user to connect to a remote share by using guest credentials by default, even if the remote server requests guest credentials.
- Windows Server 2016 Datacenter and Standard edition no longer allow a user to connect to a remote share by using guest credentials by default, even if the remote server requests guest credentials.
- Windows 10 Home and Professional editions are unchanged from their previous default behavior.
If you try to connect to devices that request credentials of a guest instead of appropriate authenticated principals, you may receive the following error message:
You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.
Resolution
If you want to enable insecure guest access, you can configure the following Group Policy settings:
Computer configuration\administrative templates\network\Lanman Workstation
"Enable insecure guest logons"
Note By enabling insecure guest logons, this setting reduces the security of Windows clients.
ไม่มีความคิดเห็น:
แสดงความคิดเห็น