AD Join Windows Server 2019에서 공유된 폴더에 접근



아래와 같이 오류가 발생

You can't access this shared folder because your organization's security policies block unauthenticated guest access.  These policies help protect your PC from unsafe or malicious devices on the network.


조직의 보안 정책에서 인증되지 않은 게스트 액세스를 차단하므로 공유 폴더에 액세스할 없습니다. 이러한 정책은 안전하지 않거나 악의적인 장치로부터 PC 보호하도록 도와줍니다.


Guest access in SMB2 disabled by default in Windows

https://support.microsoft.com/en-us/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser

Symptoms

In Windows 10, version 1709, Windows 10, version 1903, Windows Server, version 1709, Windows  Server, version 1903, and Windows Server 2019, the SMB2 client no longer allows the following actions:

 

  • Guest account access to a remote server
  • Fallback to the Guest account after invalid credentials are provided

SMBv2 has the following behavior in these versions of Windows:

  • Windows 10 Enterprise and Windows 10 Education no longer allow a user to connect to a remote share by using guest credentials by default, even if the remote server requests guest credentials.
  • Windows Server 2016 Datacenter and Standard edition no longer allow a user to connect to a remote share by using guest credentials by default, even if the remote server requests guest credentials.

Windows 10 Home and Professional editions are unchanged from their previous default behavior.

If you try to connect to devices that request credentials of a guest instead of appropriate authenticated principals, you may receive the following error message:

 

Cause

This change in default behavior is by design and is recommended by Microsoft for security.

 

A malicious computer that impersonates a legitimate file server could allow users to connect as guests without their knowledge. Microsoft recommends that you do not change this default setting. If a remote device is configured to use guest credentials, an administrator should disable guest access to that remote device and configure correct authentication and authorization.

 

Windows and Windows Server have not enabled guest access or allowed remote users to connect as guest or anonymous users since Windows 2000. Only third-party remote devices might require guest access by default. Microsoft-provided operating systems do not.

- 1709 빌드 이후에 보안정책의 기본값이 변경되어 발생되는 증상임을 있습니다.

 

해결 방법은 다음과 같이 Group Policy 변경하면 된다고 나와 있습니다.

Resolution

If you want to enable insecure guest access, you can configure the following Group Policy settings:

 

Computer configuration\administrative templates\network\Lanman Workstation

"Enable insecure guest logons"

 

DC에서 gpmc.msc 실행 (만약 로컬PC 정책일 경우 gpedit.msc)


수정할 정책을 Edit


Computer configuration\administrative templates\network\Lanman Workstation - Enable insecure guest logons


한글 버전에서는 보안되지 않은 게스트 로그온 사용


Enable - OK


Gpupdate /force 업데이트를 진행합니다.


정상적으로 접근되는 것을 확인할 있습니다.


+ Recent posts