After setting up a public Samba share on my WD My Cloud EX2 NAS, I encountered an interesting anomaly. While all my other devices (Windows 10 Pro machines and Android) could access the share without credentials, one freshly installed Windows 10 Home machine kept prompting for authentication. Even more puzzling - it wouldn't accept any credentials I provided.

First, I verified the share configuration was indeed public:
smb.conf excerpt:

[PublicShare]
   path = /mnt/public
   browseable = yes
   read only = no
   guest ok = yes
   force user = nobody

Standard troubleshooting steps I tried:

• Verified network connectivity (ping, traceroute)
• Confirmed SMB1 wasn't disabled in Windows features
• Tried accessing via IP instead of hostname

The temporary workaround using \\ as username suggested a credential caching issue. Windows 10 was trying to authenticate using cached credentials that didn't exist for this fresh install. The solution involved modifying how Windows handles credential prompting.

The key registry modification that worked:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:00000001

After applying this change and rebooting, the public share became accessible without authentication prompts. This setting tells Windows to allow guest access to SMB shares without requiring credentials.

The appearance of the Plex server name in the domain field suggested Windows was trying to authenticate against Plex's SMB service. This happened because:

1. Plex installs its own SMB components
2. Windows sometimes prefers authenticated connections
3. The credential manager gets confused between multiple SMB services

For a more robust solution, I created a PowerShell script to automate the fix:

# Enable insecure guest auth
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" 
    -Name "AllowInsecureGuestAuth" -Value 1 -Type DWORD

# Clear any cached credentials
cmdkey /list | ForEach-Object {
    if ($_ -like "*target=*") {
        $target = ($_ -split 'target=')[1].Trim()
        cmdkey /delete:$target
    }
}

# Restart SMB client services
Restart-Service -Name LanmanWorkstation -Force

For environments where registry modifications aren't desirable, you can create explicit credentials for the share:

net use \\NAS\PublicShare /user:guest ""

Or create a credential file:

cmdkey /add:NAS /user:guest /pass:""

---

After battling this issue for days across multiple Windows 10 builds, I've documented a comprehensive solution when Windows insists on authenticating public Samba shares. Here's what I learned from troubleshooting my WD My Cloud EX2 NAS scenario.

Several peculiar behaviors emerged during debugging:

• Pro vs Home edition made no difference (contrary to initial suspicion)
• Manual credentials (\\ + blank password) worked temporarily
• Plex server name appearing in domain field hinted at protocol negotiation issues
• Other devices maintained persistent access

The magic combination for permanent access:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LmCompatibilityLevel"=dword:00000001
"RestrictSendingNTLMTraffic"=dword:00000000

After applying these changes, restart the Workstation service:

net stop workstation /y
net start workstation

Windows 10's SMB 3.1.1 sometimes clashes with NAS devices. Force SMB1 with this PowerShell command:

Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart

Then modify the share mounting command:

net use Z: \\NAS\Public /user:"" "" /persistent:yes

Packet analysis showed my system was attempting NTLMv2 when the NAS expected:

• Plaintext authentication
• LAN Manager compatibility
• No encryption requirement

Create a scheduled task that runs at login:

$action = New-ScheduledTaskAction -Execute "net.exe" -Argument "use Z: \\NAS\Public /user:"" """
$trigger = New-ScheduledTaskTrigger -AtLogon
Register-ScheduledTask -TaskName "MapPublicNAS" -Action $action -Trigger $trigger

For Pro/Enterprise editions:

1. Run secpol.msc
2. Navigate to: Local Policies → Security Options
3. Set "Network security: LAN Manager authentication level" to "Send LM & NTLM - use NTLMv2 if negotiated"
4. Set "Network security: Restrict NTLM" to "Disable"