Windows 11 Enterprise Edition enables SMB authentication by default, causing an error. Microsoft now provides a solution

News on June 14, more than a year ago, Microsoft announced that it would no longer provide Server Message Block (SMB1) for Windows 11 Home Edition because it is a very old The network security protocol is no longer secure, but SMB still exists in Windows 11.

In fact, the company also made SMB signing the default behavior for Windows Insider Enterprise earlier this month, however this move seems to have led to a lot of bugs. Microsoft is aware of the issue where authentication errors can occur with SMB under certain circumstances, so they are now providing a solution.

Microsoft recommends that you immediately stop using guest credentials to access your third-party devices and warns: Continuing this behavior puts your data at risk because anyone can exploit it. This technology captures your data without leaving a trace.

Because device manufacturers are unwilling to deal with complex security issues, Microsoft emphasized that device manufacturers often enable access to guests by default. It is recommended that you review your vendor's documentation to enable password-based authentication. If it is not supported, it is recommended to completely eliminate the relevant products.

However, if your organization is unable to disable SMB client access, the only recourse is to disable SMB signing, but Microsoft does not recommend this because of the negative impact it has on your company's security. Microsoft currently provides three methods that allow users to disable SMB signing. IT House has translated this report

Local Group Policy

• Open the Local Group Policy Editor (gpedit.msc) on the Windows device.
• In the console, select Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
• Double-click Microsoft Network Client: Digitally sign communications (always).
• Select Disable > OK.

Command line

• Open PowerShell with administrator privileges.
• Run:

Set-SmbClientConfiguration -RequireSecuritySignature $false

Domain-Based Group Policy

• Locate the security policy that applies this setting to your Windows device (you can find it in the client Use GPRESULT /H on the client to generate a set of resulting policy reports to show which group policies require SMB signing.
• In GPMC.MSC
• set Microsoft network client: Digital sign communications (always) is Disabled.
• Apply the updated policy to Windows devices that require guest access over SMB.

The above is the detailed content of Windows 11 Enterprise Edition enables SMB authentication by default, causing an error. Microsoft now provides a solution. For more information, please follow other related articles on the PHP Chinese website!