Bootstrap FreeKB - Windows - Resolve "You can't access this shared folder because your organization's security policies block unauthenticated guest access"
Windows - Resolve "You can't access this shared folder because your organization's security policies block unauthenticated guest access"
Updated:   |  Windows articles

This error appears when attempting to map a network drive.

 

The most common cause of this problem is that the network drive is configured to allow Guest access, and there is a Group Policy Object that is configured to deny access to a network drive that is configured to allow Guest access. Guest access means that the network drive can be mapped without providing a username and password. To determine if your PC has this configuration, select the Windows start icon, type gpedit.msc in search, and launch Local Group Policy Editor. Expand Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options. If Network access: Shares that can be accessed anonymously is Not Defined, this means that the network drive cannot be mapped as a Guest.

It is not a good idea to configure the Active Directory GPO to allow guest access to network drives, because this allows anyone to connect to the drive, and the files in the share may be able to be deleted or modifyied by anyone. Even more seriously, a guest network drive can open up the potential for attacks, such as a man-in-the-middle attack.

 

On the server that contains the network drive being shared, the shared folder may be configured to allow Guest access. In this example, on the server that contains C:\myShare, the myShare folder is configured to allow Guest access.

 

If the network drive is being shared by a Windows server, ensure the network drive does not allow Guest access.

  1. On the Windows server that contains the folder being shared, right-click on the drive that is being shared and select Properties.
  2. Select the Security Tab.
  3. In Group or user names, remove guest and ANONYMOUS LOGINS.
  4. Select OK.
  5. If the Everyone group is not listed, select Add, enter Everyone with Read/Write access, and select OK.

 

If the network drive is being shared using Samba on a Linux server, configure the Samba share to require a username and password. It may also be beneficial to integrate the Samba server with an Active Directory Domain Controller.

If the network drive is being shared using NFS on a Linux server, configure the NFS share.

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 847fac in the box below so that we can be sure you are a human.