Many Windows 10 users reported losing access to network shares after installing the Fall Creators Update (version 1709). The root cause? Microsoft disabled guest access in SMB2 by default for security reasons, as documented in KB4046019.
For most users, enabling insecure guest logons through Group Policy solves the issue:
- Press Win+R, type
gpedit.msc - Navigate to:
Computer Configuration > Administrative Templates > Network > Lanman Workstation - Enable "Enable insecure guest logons"
For systems without Group Policy Editor (Windows 10 Home), modify this registry key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:00000001
Save as enable_smb2_guest.reg and double-click to merge.
For admins managing multiple machines, this PowerShell script handles both methods:
# Check current status
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters"
$regValue = Get-ItemProperty -Path $regPath -Name "AllowInsecureGuestAuth" -ErrorAction SilentlyContinue
if ($null -eq $regValue) {
# Set registry value if not exists
New-ItemProperty -Path $regPath -Name "AllowInsecureGuestAuth" -Value 1 -PropertyType DWORD -Force
Write-Host "Registry value created and set to 1"
} elseif ($regValue.AllowInsecureGuestAuth -ne 1) {
# Update existing value
Set-ItemProperty -Path $regPath -Name "AllowInsecureGuestAuth" -Value 1
Write-Host "Registry value updated to 1"
}
While this solution works, be aware it:
- Disables SMB2 security features
- Makes your system vulnerable to man-in-the-middle attacks
- Should only be used in trusted networks
For production environments, Microsoft recommends proper credential configuration instead.
After applying changes, test SMB connectivity with:
Test-NetConnection -ComputerName SERVER_NAME -Port 445
Get-SmbConnection | Format-Table -AutoSize
Microsoft's Fall Creators Update (version 1709) introduced a critical security change affecting network administrators and developers working with shared resources. The update disabled guest access in SMB2 by default through HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\AllowInsecureGuestAuth=0.
You'll encounter these specific errors when attempting to access network shares:
System error 53 has occurred
System error 5 has occurred
ERROR_ACCESS_DENIED (0x80070005)For domain environments or machines with GP edit access:
1. gpedit.msc
2. Computer Configuration → Administrative Templates → Network → Lanman Workstation
3. Enable "Enable insecure guest logons"
4. gpupdate /forceFor standalone machines or scripted deployment:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:00000001Apply changes with net stop workstation && net start workstation
For deployment across multiple servers:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters"
-Name "AllowInsecureGuestAuth" -Value 1 -Type DWORD
Restart-Service workstation -ForceWhile necessary for legacy systems, be aware this:
- Disables SMB signing requirements
- Allows NULL session authentication
- Creates potential man-in-the-middle vulnerabilities
For production environments, consider:
# Configure proper credentials in PowerShell
$cred = New-Object System.Management.Automation.PSCredential ("domain\user", (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force))
New-PSDrive -Name "X" -PSProvider FileSystem -Root "\\server\share" -Credential $cred -Persist