[DSS V7][JDSS] Cannot access SMB share using guest account from Windows 10

Additional informations

• product name: JovianDSS / DSS V7
• product version: all
• build: all

Problem
Cannot access SMB share using guest account from Windows 10

Symptoms
Starting in Windows 10, version 1709 and Windows Server 2019, SMB2 and SMB3 clients no longer allow the following actions by default:

- Guest account access to a remote server.
- Fall back to the Guest account after invalid credentials are provided.

SMB2 and SMB3 has the following behavior in these versions of Windows:

- Windows 10 Enterprise and Windows 10 Education no longer allow a user to connect to a remote share by using guest credentials by default, even if the remote server requests guest credentials.
- Windows Server 2019 Datacenter and Standard editions no longer allow a user to connect to a remote share by using guest credentials by default, even if the remote server requests guest credentials.
- Windows 10 Home and Pro are unchanged from their previous default behavior; they allow guest authentication by default.

Cause
This change in default behavior is by design and is recommended by Microsoft for security.

A malicious computer that impersonates a legitimate file server could allow users to connect as guests without their knowledge. We recommend that you don't change this default setting. If a remote device is configured to use guest credentials, an administrator should disable guest access to that remote device and configure correct authentication and authorization.

Windows and Windows Server have not enabled guest access or allowed remote users to connect as guest or anonymous users since Windows 2000. Only third-party remote devices might require guest access by default. Microsoft-provided operating systems do not.

Solution
If you want to enable insecure guest access, you can configure the following Group Policy settings:

1. Open the Local Group Policy Editor (gpedit.msc).
2. In the console tree, select Computer Configuration > Administrative Templates > Network > Lanman Workstation.
3. For the setting, right-click Enable insecure guest logons and select Edit.
4. Select Enabled and select OK.

For monitoring and inventory purposes: this group policy is setting the following DWORD registry value to 1 (insecure guest auth enabled) or 0 (insecure guest auth disabled):

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LanmanWorkstation\
AllowInsecureGuestAuth

To set the value without using group policy, set the following following DWORD registry value to 1 (insecure guest auth enabled) or 0 (insecure guest auth disabled):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
AllowInsecureGuestAuth

On Windows 10 1709, Windows 10 1803, Windows 10 1903, Windows 10 1909, and Windows Server 2019, guest authentication is disabled if AllowInsecureGuestAuth exists with a value of 0 in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] AllowInsecureGuestAuth.

On Windows 10 2004, Windows 10 20H2, and Windows 10 21H1 Enterprise and Education editions with KB5003173 installed, guest authentication is disabled if AllowInsecureGuestAuth does not exist or if it exists with a value of 0 in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] AllowInsecureGuestAuth. Home and Pro editions allow guest authentication by default unless you disable it using group policy or registry settings.