deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-lanmanworkstation.md

3.5 KiB
Raw Blame History

title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.localizationpriority, ms.date, ms.reviewer, manager
title description ms.author ms.topic ms.prod ms.technology author ms.localizationpriority ms.date ms.reviewer manager
Policy CSP - LanmanWorkstation Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest logons to an SMB server. dansimp article w10 windows manikadhiman medium 09/27/2019 dansimp

Policy CSP - LanmanWorkstation

LanmanWorkstation policies

LanmanWorkstation/EnableInsecureGuestLogons

LanmanWorkstation/EnableInsecureGuestLogons

Windows Edition Supported?
Home cross mark
Pro check mark4
Business check mark4
Enterprise check mark4
Education check mark4

Scope:

[!div class = "checklist"]

  • Device

Added in Windows 10, version 1803. This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.

If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons.

If you disable this policy setting, the SMB client will reject insecure guest logons.

Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and do not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access.

ADMX Info:

  • GP English name: Enable insecure guest logons
  • GP name: Pol_EnableInsecureGuestLogons
  • GP path: Network/Lanman Workstation
  • GP ADMX file name: LanmanWorkstation.admx

This setting supports a range of values between 0 and 1.

Footnotes:

  • 1 - Available in Windows 10, version 1607.
  • 2 - Available in Windows 10, version 1703.
  • 3 - Available in Windows 10, version 1709.
  • 4 - Available in Windows 10, version 1803.
  • 5 - Available in Windows 10, version 1809.
  • 6 - Available in Windows 10, version 1903.
  • 7 - Available in Windows 10, version 1909.
  • 8 - Available in Windows 10, version 2004.