Posts by Molok

    Since I only have one W10 box,and there's been no need to mess with it:(Also, we moved and that box isn't here yet. )


    What do you mean by "reset function"? Are you talking about rolling the system back, or a "reset to factory defaults" in an OEM build?
    Also, what build # are you using?


    Thanks

    Ah yes, sorry, there is a recovery function in W10 so the user does not have to perform a complete reinstall of the OS.
    Instead the OS sort of resets to "default" installation and keeps user files but wipes applications and reverts to Microsoft default settings.
    You can find the different options in START -> Settings -> Update & Security -> Recovery


    I'm on Windows 10 Pro version 1803 build 17134.407.

    That's interesting because mine is set to Not Configured and I can still access my guest SMB shares.


    Weird things can happen. Not sure what my setting was pre reset of Windows but it did work. Unrelated issues forced me to reset the OS and suddenly could not access shares.
    Found the policy setting and changed it to Enabled and could then access the shares again.


    Possibly related to "reset" functionality with Windows 10. Don't know if the same issue would occur after clean install of Windows 10 but Windows 10 patching have not been very successful lately.

    FYI


    I suddenly got cut off from most of my Linux shares at home including OMV SMB full access guest shares after a Windows 10 reset.
    Microsoft have changed a setting to restrict access to "guest" SMB shares since they are considered a security risk.


    Quick fix to allow access is to uses gpedit.msc and change the local policy setting.


    Start CMD prompt in Windows 10 as Administrator:
    Type: gpedit.msc to start the policy editor
    Go to Computer Configuration -> Administrative Templates -> Network -> Lanman Workstation
    Set the value "Enable insecure guest logons" to Enabled.
    Reboot.
    (Run gpedit /force from CMD prompt and reboot if the setting is not saved properly.)


    Note that I had to set the value to "Enabled" from "Not Configured" for this to work although M$ states that it should not be a problem when it is Not Configured...



    Fair warning by Microsoft:
    This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.


    If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons.


    If you disable this policy setting, the SMB client will reject insecure guest logons.


    Insecure guest logons are used by file servers to allow unauthenticated access to shared folders.
    While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer
    Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication
    and do not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security
    features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are
    vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware.
    Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network.
    Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access
    .