Windows 11 Pro in 2023: SMB insecure guest authentication fallbacks disabled

Martin Brinkmann
Jan 14, 2023
Windows 11 News
|
4

Microsoft's work on improving security in Windows 11 and introducing features of Windows 10 in the latest version of Windows continues in 2023.

Yesterday, Windows Server engineering group Principal Program Manager Ned Pyle published an announcement on the Microsoft Tech Community website regarding the disabling SMB insecure guest authentication fallbacks in Windows 11 Pro.

Microsoft made the change "years ago" in Windows 11 Enterprise and Education, and on Windows 10, and is introducing the change in the next major release of Windows 11 Pro.

ADVERTISEMENT

Microsoft landed the change in Windows 10 version 1709 Enterprise and Education, and Windows Server 2019 initially. SMB2 and SMB3 clients do not allow guest account access to remote servers and guest account fallbacks after invalid credentials have been provided after the change landed on the systems.

Windows 10 Home and Pro editions have guest authentication enabled by default. The latest Insider build for Windows 10 Pro editions "no longer allow a user to connect to a remote share by using guest credentials by default, even if the remote server requests guest credentials".

The following error messages may be returned when trying to connect to devices that request guest credentials:

"You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network."

"Error code: 0x80070035
The network path was not found."

Guest logins do not support standard security features such as signing or encryption, and they do not require passwords. Allowing clients to use guest logins may "the user vulnerable to attacker-in-the-middle scenarios or malicious server scenarios" according to Pyle.

Microsoft disabled guest in server scenarios since Windows 2000, but third-party remote devices may require guest access by default.

Pyle recommends changing the third-party device's configuration so that it does not request guest authentication. Microsoft recommends configuring the third-party device to require a username and password for SMB connections.

A temporary workaround is provided for situations in which guest access is required. Administrators find information on this support page.

Summary
Windows 11 Pro in 2023: SMB insecure guest authentication fallbacks disabled
Article Name
Windows 11 Pro in 2023: SMB insecure guest authentication fallbacks disabled
Description
Microsoft will disable SMB insecure guest authentication fallbacks in the next major release for Windows 11 Pro in 2023.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Jody Thornton said on January 14, 2023 at 4:24 pm
    Reply

    Darn! And here I thought Shaun would be all over this one. :p

  2. John G. said on January 14, 2023 at 4:58 pm
    Reply

    There are so many new articles that I can’t barely remember which ones I have read. ._.

  3. mikhoul said on January 14, 2023 at 6:09 pm
    Reply

    @Martin: When I see what have become Ghack since few weeks I think you should start a new tech website/blog.

    It’s really sad, capitalism destroy everything useful to try to make a few bucks :( .

    1. Anonymous said on January 14, 2023 at 11:08 pm
      Reply

      There are probably some tech news sits with socialist or communist angles. Go there.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.