Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft to Block SMB Guest Authentication By Default in Windows 11 Pro

Microsoft is planning to disable insecure SMB (Server Message Block) guest authentication fallbacks by default in Windows 11 Pro. The company has announced that this security improvement is already included in the Windows 11 Insider Preview Build 25276 released this month

According to Microsoft, the guest authentication method doesn’t provide support for inspection trails and other security mechanisms like certificates and signing. This makes it easier for attackers to exploit the flaws through man-in-the-middle attacks and gain access to enterprise networks. Moreover, attackers could abuse the guest authentication feature to get read or copy access over the entire network.

Notably, the guest access feature has been disabled by default in the operating system since Windows 2000. Moreover, PCs running Windows 10 Education and Enterprise editions prevent SMB2 and SMB3 from fallback to guest authentication due to invalid login attempts. However, Microsoft notes that only a legitimate third-party remote device may require guest access by default.

Microsoft plans to disable default guest access for network shares in the next major release of Windows 11

Microsoft notes that users with network-attached storage (NAS) using the guest authentication access will see the following error in future versions of Windows 11 Pro. “You can’t access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.” Users might also encounter the “0x80070035” and “The network path was not found” errors.

“The recommended solution when seeing these errors is to configure the remote device to stop requiring guest authentication. It will be a third-party device, not Windows, so you’ll need to locate their documentation and possibly update or replace the device. If your device allows guest access, any device or person on your network can read or copy all of your shared data without any audit trail or credentials,” said Ned Pyle, Principal Program Manager at Microsoft.

Overall, this move is a part of Microsoft’s ongoing efforts to improve the security of its Windows operating system. The company expects to roll out the new default setting to all customers in the next major release of Windows 11.

by Rabia Noureen
Jan 18, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Upgrade to Windows 11 – The Road Ahead

Nov 28, 2023
What is a Roaming User Profile on Windows?

Sep 1, 2023
Oct 24, 2023
How to Add Microsoft Store Apps to Intune

May 5, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.