deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-lanmanworkstation.md
Alekhya Jupudi 2ff6454dd5 Windows SE row addition update-bulk 
The updates here are made as per task : 6010065. Thanks!
2022-05-23 12:08:32 +05:30

2.7 KiB
Raw Blame History

title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.localizationpriority, ms.date, ms.reviewer, manager
title description ms.author ms.topic ms.prod ms.technology author ms.localizationpriority ms.date ms.reviewer manager
Policy CSP - LanmanWorkstation Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest sign ins to an SMB server. dansimp article w10 windows dansimp medium 09/27/2019 dansimp

Policy CSP - LanmanWorkstation

LanmanWorkstation policies

LanmanWorkstation/EnableInsecureGuestLogons

LanmanWorkstation/EnableInsecureGuestLogons

Edition Windows 10 Windows 11
Home No No
Pro Yes Yes
Windows SE No Yes
Business Yes Yes
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device

This policy setting determines if the SMB client will allow insecure guest sign ins to an SMB server.

If you enable this policy setting or if you don't configure this policy setting, the SMB client will allow insecure guest sign ins.

If you disable this policy setting, the SMB client will reject insecure guest sign ins.

Insecure guest sign ins are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest sign ins are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest sign ins by default. Since insecure guest sign ins are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest sign ins are vulnerable to various man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest sign in is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest sign ins and configuring file servers to require authenticated access.

ADMX Info:

  • GP Friendly name: Enable insecure guest logons
  • GP name: Pol_EnableInsecureGuestLogons
  • GP path: Network/Lanman Workstation
  • GP ADMX file name: LanmanWorkstation.admx

This setting supports a range of values between 0 and 1.