Enable Access for Assistive Devices and Try Again 10.13

If you cannot open or map network shared folders on your NAS, Samba Linux server, computers with legacy Windows versions (Windows 7/XP/Server 2003) from Windows 10 or 11, almost likely the problem is that legacy and insecure versions of the SMB protocol are disabled in the current Windows builds (SMB protocol is used in Windows to admission shared network folders and files).

Microsoft is systematically disabling legacy and insecure versions of the SMB protocol in all recent versions of Windows. Starting with Windows ten 1709 and Windows Server 2019 (both in Datacenter and Standard editions), the unsafe SMBv1 protocol is disabled by default as well as anonymous (guest) admission to network shared folders.

The specific steps to take depend on the fault that appears in Windows when accessing a shared binder, and on the settings of the remote SMB server that hosts the network shares.

Contents:

• Can't Admission Shared Binder Considering Security Policies Cake Unauthenticated Guest Admission
• Can't Connect to the File Share Because It'due south Not Secure and Requires the Obsolete SMB1 Protocol
• Windows Cannot Access Shared Folder: You Don't Have Permissions
• Other Fixes: Windows Cannot Access Shared Folders

Can't Access Shared Folder Because Security Policies Block Unauthenticated Guest Access

Starting with Windows x build 1709 Fall Creators Update (Enterprise and Education editions), users began to complain that when they tried to open a network shared folder on a neighboring computer, an fault appeared:

Restoring Network Connections An fault occurs when yous try to open a network folder: An error occurred while reconnecting Y: to \\nas1\share Microsoft Windows Network: Yous tin can't access this shared binder because your system's security policies cake unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.

Moreover, on other computers with Windows viii.ane, Windows 7, or Windows 10 with a build of up to 1709, the same shared network folders open up normally. The signal is that in modernistic versions of Windows x (build 1709+), the invitee access to the shared folders using the SMBv2 protocol is disabled by default. Guest (anonymous) ways access to a shared network folder without authentication. When accessing a network binder under a guest account over the SMBv1/v2 protocol, such methods of traffic protection equally SMB signing and encryption are not used, which makes your session vulnerable to the MiTM (homo-in-the-middle) attacks.

These changes are non applied on Windows x Home editions and the network admission under the guest account is working fine.

If you endeavour to open a shared network folder using the SMB v2 protocol nether the guest account, the following error will announced in the Event Viewer of your calculator (SMB client):

Log Name: Microsoft-Windows-SmbClient/Security   Source: Microsoft-Windows-SMBClient Event ID: 31017 Rejected an insecure invitee logon.

This error says that your reckoner (client) blocks non-authenticated access nether the Guest account.

In most cases, you lot can face this problem when accessing sometime NAS devices (ordinarily guest access is enabled on them for ease of setup) or when opening shared folders on legacy Windows 7/2008 R2/Windows XP/2003 devices with anonymous (guest) access enabled (encounter the table of supported SMB protocol versions in unlike Windows editions).

Microsoft recommends changing the settings on a remote computer or NAS device that hosts the shared network folders. It is advisable to switch the network share to the SMBv3 style. Or configure access with authentication if simply the SMBv2 protocol is supported by the device. This is the about correct and safest fashion to gear up the problem.

Disable invitee admission on the device where your shared folders are stored:

• NAS devices – disable guest access in the settings of your NAS device (depending on vendor and model);
• Samba server on Linux — if you are sharing a network folder with Samba on Linux, add the following string to the smb.conf configuration file under the section [global]: map to invitee = never
  And restrict anonymous access in the shared binder configuration section: guest ok = no
• In Windows, you can enable sharing of network folders and printers with password protection via the Control Panel -> Network and Sharing Center -> Advanced sharing settings. For All Networks in the "Password Protected Sharing" section, change the value to the "Plough on password protected sharing". In this case, bearding (guest) admission to the network shared folders will be disabled and you will accept to create local users, grant them access permissions to the shared folders and printers and apply these accounts to connect to the shared folders on a remote computer.

There is another manner – you lot can change the settings on your Windows device to permit access to shared network folders under the guest account. This method should be used only as a temporary workaround (!!!), because access to folders without authentication significantly reduces your computer security.

To enable invitee access from your reckoner, you need to use the Grouping Policy Editor (gpedit.msc). Get to the section: Calculator Configuration -> Administrative templates -> Network -> Lanman Workstation. Find and enable the policy Enable insecure guest logons.This policy option determines whether the SMB client will allow an dangerous guest logon to the SMB server.

Update the Group Policy settings in Windows with the command:

gpupdate /force

In Windows 10 Home, which does non have a local GPO editor, you lot can make a similar change through the Registry Editor manually:

HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters "AllowInsecureGuestAuth"=dword:1

Or with these commands:

reg add HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters /5 AllowInsecureGuestAuth /t reg_dword /d 00000001 /f
reg add HKLM\Software\Policies\Microsoft\Windows\LanmanWorkstation /v AllowInsecureGuestAuth /t reg_dword /d 00000001 /f

Tin't Connect to the File Share Because It's Non Secure and Requires the Obsolete SMB1 Protocol

Another possible problem when accessing a network folder from Windows 10 is that just the SMBv1 protocol version is supported on the server-side. Since the SMBv1 client is disabled by default in Windows 10 1709+ when you attempt to open the shared folder or map a network bulldoze, you may get an mistake:

You tin't connect to the file share because information technology's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could betrayal your system to attack. Your system requires SMB2 or college.

The error message clearly shows that the network shared folder just supports the SMBv1 client access protocol. In this case, you should try to reconfigure the remote SMB device to utilise at least SMBv2 (the correct and safe manner).

If you use Samba server on Linux to share files, you can specify the minimum supported version of SMB protocol in the smb.conf file like this:

[global] server min protocol = SMB2_10 client max protocol = SMB3 customer min protocol = SMB2_10 encrypt passwords = truthful restrict anonymous = 2

On Windows 7/Windows Server 2008 R2, you tin disable the SMB 1 protocol and enable SMBv2 through the registry with the following PowerShell commands:

Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
Ready-ItemProperty -Path "HKLM:\Organisation\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 1 –Force

On Windows eight.1/Windows Server 2012 R2, you tin disable SMBv1, allow SMBv2 and SMBv3 with the following command (verify that a individual or domain profile is used for your network connectedness):

Disable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"
Set-SmbServerConfiguration –EnableSMB2Protocol $true

If your network device (NAS, Windows XP, Windows Server 2003) supports only the SMB1 protocol, yous can enable a divide SMB1Protocol-Client feature on Windows 10/11 or Windows Server. Just this is non recommended!!!

If the remote device requires SMBv1 to connect, and this protocol is disabled on your Windows device, an mistake appears in the Event Viewer:

Log Name: Microsoft-Windows-SmbClient/Security Source: Microsoft-Windows-SMBClient Event ID: 32000 Description:  SMB1 negotiate response received from a remote device when SMB1 cannot exist negotiated by the local figurer.

Run the elevated PowerShell prompt and verify that the SMB1Protocol-Client is disabled (State: Disabled):

Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Customer

Enable the SMBv1 customer protocol (a reboot is required):

Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Client

You can likewise enable/disable additional features in Windows 10 and eleven from the optionalfeatures.exe. Expand SMB one.0/CIFS File Sharing Support and enable the SMB 1.0/CIFS Client.

On Windows 10 1809 and newer, the SMBv1 client is automatically removed if information technology has non been used for more than than fifteen days (the SMB 1.0/CIFS Automated Removal component is responsible for this).

In this instance, I enabled only the SMBv1 client. Do not enable the SMB1Protocol-Server feature if your computer is not used by legacy clients every bit an SMB server to host shared folders.

After installing the SMBv1 customer, you should be able to connect to a shared folder or printer without any problems. Withal, yous should understand this workaround is not recommended, because it reduces the security of your computer.

Windows Cannot Admission Shared Binder: Y'all Don't Have Permissions

When connecting to a shared network folder on a remote figurer, an error may appear:

Network Error Windows cannot access \\PC12\Share You practise not have permission to access \\PC12\Share. Contact your network administrator to asking access.

When this error occurs, you need to:

1. Make sure that the user you are using to admission the shared folder is granted access permissions on the remote share. Open the properties of the shared folder on the server and make sure your user has at least read permissions. Also,  y'all tin cheque the share permissions on the remote host using PowerShell:
   Get-SmbShareAccess -Proper name "tools"
   Then check the NTFS folder permissions:
   get-acl C:\tools\ |fl If necessary, edit the permissions in the folder and/or share backdrop;
2. Brand sure you are using the correct username and countersign to access the network binder. If you're not prompted for a username and countersign, try removing saved (cached) credentials for remote shares in Windows Credential Manager. Run the command rundll32.exe keymgr.dll, KRShowKeyMgr and delete buried credentials for the remote computer yous are trying to access.
   The adjacent time you connect to the shared folder, you will exist prompted for a username and password. Specify the credentials to admission the network shared folder on the remote computer. Y'all can save information technology in Credential Manager or add it manually.

Other Fixes: Windows Cannot Admission Shared Folders

This department provides boosted ways to troubleshoot a problem opening network folders in Windows:

griffinanyther.blogspot.com

Source: http://woshub.com/cannot-access-smb-network-shares-windows-10-1709/

Share this post