Policy
Enable insecure guest logons
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
This policy setting determines if the SMB client will allow insecure guest logons to an SMB server. If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons. If you disable this policy setting, the SMB client will reject insecure guest logons. If you enable signing, the SMB client will reject insecure guest logons. Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and do not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access."
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAlternative Port MappingsAt least Windows Server 2025, Windows 11
- ComputerAudit insecure guest logonAt least Windows Server 2025, Windows 11
- ComputerAudit server does not support encryptionAt least Windows Server 2025, Windows 11
- ComputerAudit server does not support signingAt least Windows Server 2025, Windows 11
- ComputerBlock NTLM (LM, NTLM, NTLMv2)At least Windows Server 2025, Windows 11
- ComputerBlock NTLM Server Exception ListAt least Windows Server 2025, Windows 11
- ComputerCipher suite orderAt least Windows Server 2016, Windows 10
- ComputerDisable SMB compressionAt least Windows Server 2022, Windows 11
- ComputerDisabled SMB over QUIC Server Exception ListAt least Windows Server 2025, Windows 11
- ComputerEnable Alternative PortsAt least Windows Server 2025, Windows 11
- ComputerEnable remote mailslotsAt least Windows Server 2025, Windows 11
- ComputerEnable SMB over QUICAt least Windows Server 2025, Windows 11