Windows 11 24H2 and Insecure Guest Logins settings

Question

I updated a computer to Windows 11 24H2 in the Release Preview channel. My question is, is Microsoft going to default insecure guest logins to disabled in 24H2? Windows Enterprise already is set this way. After updating a computer to 24H2 from 23H2, I could not connect to shares on another machine that are set up to not require a login (everyone access in the security and shares screen, and password protected sharing turned off). If the shares have a password that is set up and everything, I could get them to work properly, also setting it in group policy to allow insecure guest logins worked too. Is it a bug or is it the new default?

***Moved from Windows Insider Program / Windows Insider Preview / Files, folders, and online storage***

Answer 1

Hello Logan,

Thank you for reaching out with your question regarding insecure guest logins in Windows 11 24H2.

Background:

Microsoft has been progressively increasing the security measures in Windows, and disabling insecure guest logins is one of those steps. Insecure guest logins can pose a significant security risk because they allow access to network shares without requiring a username or password. This change aligns with the security enhancements seen in Windows Enterprise editions.

Your Situation:

After updating to Windows 11 24H2, you found that connecting to network shares without requiring a login (everyone access, password protected sharing turned off) no longer works. Shares with a password and those configured in group policy to allow insecure guest logins function correctly.

Explanation:

Based on the behavior you described, it seems Microsoft is indeed defaulting insecure guest logins to disabled in Windows 11 24H2. This change would enhance security by preventing anonymous access to network shares.

Steps to Address the Issue:

1. Enable Insecure Guest Logins via Group Policy:

• Press **Win + R**, type gpedit.msc, and press Enter to open the Group Policy Editor.
• Navigate to **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation**.
• Double-click **Enable insecure guest logons** and set it to **Enabled**.
• Apply the changes and restart your computer.

2. Enable Insecure Guest Logins via Registry Editor:

• Press **Win + R**, type regedit, and press Enter to open the Registry Editor.
• Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters.

• If the AllowInsecureGuestAuth entry does not exist, right-click and select **New** > **DWORD (32-bit) Value**, and name it AllowInsecureGuestAuth.
• Set the value of AllowInsecureGuestAuth to 1.
• Close the Registry Editor and restart your computer.

3. Consider Alternative Security Measures:

• Instead of enabling insecure guest logins, consider setting up password-protected sharing for better security.
• Ensure that all users have appropriate permissions to access the necessary shares.

Best regards,

Rosy

Answer 2

Hello Logan,

Thank you for reaching out with your question regarding insecure guest logins in Windows 11 24H2.

Background:

Microsoft has been progressively increasing the security measures in Windows, and disabling insecure guest logins is one of those steps. Insecure guest logins can pose a significant security risk because they allow access to network shares without requiring a username or password. This change aligns with the security enhancements seen in Windows Enterprise editions.

Your Situation:

After updating to Windows 11 24H2, you found that connecting to network shares without requiring a login (everyone access, password protected sharing turned off) no longer works. Shares with a password and those configured in group policy to allow insecure guest logins function correctly.

Explanation:

Based on the behavior you described, it seems Microsoft is indeed defaulting insecure guest logins to disabled in Windows 11 24H2. This change would enhance security by preventing anonymous access to network shares.

Steps to Address the Issue:

1. Enable Insecure Guest Logins via Group Policy:

• Press **Win + R**, type gpedit.msc, and press Enter to open the Group Policy Editor.
• Navigate to **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation**.
• Double-click **Enable insecure guest logons** and set it to **Enabled**.
• Apply the changes and restart your computer.

2. Enable Insecure Guest Logins via Registry Editor:

• Press **Win + R**, type regedit, and press Enter to open the Registry Editor.
• Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters.

• If the AllowInsecureGuestAuth entry does not exist, right-click and select **New** > **DWORD (32-bit) Value**, and name it AllowInsecureGuestAuth.
• Set the value of AllowInsecureGuestAuth to 1.
• Close the Registry Editor and restart your computer.

3. Consider Alternative Security Measures:

• Instead of enabling insecure guest logins, consider setting up password-protected sharing for better security.
• Ensure that all users have appropriate permissions to access the necessary shares.

Best regards,

Rosy

We are also experiencing the same issues, with all Windows/Microsoft 'best practice' security policies applied via GPO. New devices with these settings have been deployed to locations that utilise a direct attached NAS (attached to site router).

We have amended the group policy as per above guidance AND checked the reg key (also deleted and re-added) and the access is still being denied. Any further ideas and or advise?

Answer 3

My advice with a NAS of this nature, is to ensure that SMB3 is enabled on the device if possible. Have you tried using a username and password for the shares on it? If it works why not just do that? Even if it's the same user name and password that everyone uses.