Windows 11 Pro disables SMB guest access for network shares

Windows 11 will now disable SMB2 and 3 guest access fallback for the Pro edition.

Windows 11 sharing security settings
Windows 11 sharing security settings
  • Microsoft to disable SMB guest access by default on Windows 11 Pro.
  • Windows already blocks guest access for remote devices since Windows 2000.
  • The new implementation is to also include SMB2 and 3.
  • The new security change should arrive in the next version of Windows 11.

Microsoft announces that it’s working on disabling the less secure SMB (Server Message Block) guest authentication fallback on Windows 11 Pro to increase security. The implementation is already in the latest preview of Windows 11 in the Dev Channel, but it’s still being determined when it’ll roll out to everyone. Though, this could happen as soon as the next feature update is released.

According to the company, the guest access method for remote network shares on SMB2 and SMB3 does not support inspection trails and other security mechanisms, such as certificates and logging in. As a result, hackers could more easily exploit the vulnerabilities through man-in-the-middle attacks to gain authorized access to the network. It’s also possible for attackers to use the guest authentication feature to gain read and write access to the network.

It’s worth noting that guest access has been disabled by default in the operating system since Windows 2000, and the change available on Windows 10 was to additionally prevent SMB2 and SMB3 from fallback to the guest authentication method without a password the login failed. However, it seems that this additional implementation wasn’t available on Windows 11 Pro.

If you have a network attached storage (NAS) using the guest authentication access, in future updates of Windows 11, you will see the “You can’t access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network. Error code: 0x80070035” error message.

If this is the case, Microsoft recommends looking into the remote device, providing the folder share, and configuring it to stop requiring guest authentication. You shouldn’t try to update the network security on Windows 11. However, if you can’t configure the network device or you need temporary access to migrate the data, you can re-enable the guest access for SMB2 and 3.

About the author

Mauro Huculak is a Windows expert and the Editor-in-Chief who started Pureinfotech in 2010 as an independent online publication. He's also been a Windows Central contributor for nearly a decade. Mauro has over 12 years of experience writing comprehensive guides and creating professional videos about Windows, software, and related technologies, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 20 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ & Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, and LinkedIn.