Digital enthusiasts know that Microsoft has now released the Windows 11 24H2 preview version, and the official Windows 11 24H2 version will be coming soon. This is a very important version update, and many people are paying close attention to it.
Of course, the most noteworthy aspect of Windows 11 24H2 is the new AI features and improvements, with reports stating that Microsoft will deeply integrate Copilot. However, AI is not the topic of this article. This article aims to introduce readers to two new security rule changes in the Windows 11 24H2 version, which may affect some NAS users.
Specifically, in the Windows 11 24H2 version, Microsoft will change two important network access rules:
- By default, all connections will require SMB signing. This rule can enhance security by preventing network tampering and blocking relay attacks that send credentials to malicious servers.
- Microsoft will disable insecure guest logins in Windows 11 24H2 Professional (and later versions). This rule enhances user security when connecting to untrusted devices.
Previously, guest accounts allowed users to connect to SMB servers without entering a username or password, which was convenient but posed significant security risks. It could lead to users’ devices being tricked by attackers into connecting to malicious servers, stealing or maliciously encrypting user data for ransom.
Adjusting these two security rules can significantly improve security, but every advantage has its downside, and this could also lead to some negative consequences. Some NAS devices are designed based on previous security rules, and when users update to Windows 11 24H2, the new security rules might cause errors and make these NAS devices unusable.
If a user’s NAS device does not support SMB signing, they might encounter various error prompts, including but not limited to:
0x00a000, -1073700864, Invalid Signature (STATUS_INVALID_SIGNATURE), Encrypted Signature Invalid (STATUS_INVALID_SIGNATURE), etc.
If a user’s NAS device requires support for insecure guest logins, they might receive error messages such as:
“You cannot access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network,” 0x80070035, 0x800704f8, “The network path was not found,” “System error 3227320323 has occurred,” etc.
If users encounter the above problems after updating to Windows 11 24H2, they can temporarily resolve them through the following two methods:
- Disable the SMB client signing requirement
In the “Start” menu search, enter gpedit and launch the “Edit Group Policy” application (Local Group Policy Editor), select “Computer Configuration” > “Windows Settings” > “Security Settings” > “Local Policies” > “Security Options,” double-click “Microsoft Network Client: Digitally sign communications (always),” finally select “Disabled” > “OK.”
- Enable insecure guest logins
In the “Start” menu search, enter gpedit and launch the “Edit Group Policy” application (Local Group Policy Editor), select “Computer Configuration” > “Administrative Templates” > “Network” > “Lanman Workstation,” double-click “Enable insecure guest logons,” finally select “Enabled” > “OK.”
It needs to be emphasized that these two solutions are only temporary measures and carry significant security risks. Microsoft will urge NAS device manufacturers to update their product’s firmware and software to comply with Windows 11 24H2’s new network security rules.
Therefore, NAS device users should closely monitor official announcements from Microsoft and NAS device manufacturers shortly, and promptly update the relevant firmware and software. This is the most reliable and secure approach.
Related:
Disclaimer: This article is created by the original author. The content of the article represents their personal opinions. Our reposting is for sharing and discussion purposes only and does not imply our endorsement or agreement. If you have any objections, please get in touch with us through the provided channels.
