FAQ Błędna nazwa użytkownika lub hasło podczas logowania do udziału sieciowego z Windows 10

Silas Mariusz

rm -rf /
Help us, GOD!
Apr 5, 2008
10,236
31
2,411
153
39
Nowy Sącz
forum.qnap.net.pl
QNAP
TS-x77
Ethernet
1 GbE
Dotyczy:
Windows 10 Technical Preview (build 9926) i późniejszych wersji

Objawy:
Brak możliwości zalogowania się do udziału sieciowego jako gość.

Error: “The account is not authorized to login from this station

In the January release of Windows 10 Technical Preview (build 9926) we made a change related to security and remote file access that may affect you. Remote file access has always included a way of connecting to a file server without a username and password. This was termed “guest access,” and it allowed you to put a file server up without worrying about user accounts. The most common scenario originally was a small office, but this model gained traction in recent years in the home and home office with the availability of Network Attached Storage, or NAS devices. These devices are typically small devices that are not much larger than the disk drive inside with a Windows compatible file server. Often, the default configuration allowed for guest access with no username and password.

The security change is intended to address a weakness when using guest access. While the server may be fine not distinguishing among clients for files (and, you can imagine in the home scenario that it doesn’t matter to you which of your family members is looking at the shared folder of pictures from your last vacation), this can actually put you at risk elsewhere. Without an account and password, the client doesn’t end up with a secure connection to the server. A malicious server can put itself in the middle (also known as the Man-In-The-Middle attack), and trick the client into sending files or accepting malicious data. This is not necessarily a big concern in your home, but can be an issue when you take your laptop to your local coffee shop and someone there is lurking, ready to compromise your automatic connections to a server that you can’t verify. Or when your child goes back to the dorm at the university. The change we made removes the ability to connect to NAS devices with guest access, but the error message which is shown in build 9926 does not clearly explain what happened. We are working on a better experience for the final product which will help people who are in this situation. As a Windows Insider you’re seeing our work in progress; we’re sorry for any inconvenience it may have caused.

You may see suggested workarounds where making a registry change restores your ability to connect with guest access. We do NOT recommend making that change as it leaves you vulnerable to the kinds of attacks this change was meant to protect you from.

The recommended solution is to add an explicit account and password on your NAS device, and use that for the connections. It is a one-time inconvenience, but the long term benefits are worthwhile. If you are having trouble configuring your system, send us your feedback via the Feedback App and post your information here so we can document additional affected scenarios.

Source: Error: “The account is not authorized to login from this station.”


Rozwiązanie:
A fix for this issue appears to be setting HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\AllowInsecureGuestAuth (DWORD) to 1.

Together with this event the following error appears in the event logs, however this setting is not exposed in the Local Security Policy options in this build yet:
Code:
Rejected an insecure guest logon.

User name:
Server name: \tohjo

Guidance:
This event indicates that the server attempted to log the user on as an unauthenticated guest and was denied by the client. Guest logons do not support standard security features such as signing and encryption. As a result, guest logons are vulnerable to man-in-the-middle attacks that can expose sensitive data on the network. Windows disables insecure guest logons by default. Microsoft does not recommend enabling insecure guest logons.
 

Attachments

  • AllowInsecureGuestAuth.reg
    338 bytes · Views: 95