Windows 11 24H2 to impact drive mapping with NAS using SMB, confirms Microsoft

Unsecure third-party NAS or routers with USB storage set will be affected

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

drive mapping Windows 11 24h2

When Windows 11 24H2 was first released in the Insider channels, most of us focused on AI integration and features like Windows Recall and AI Explorer. But as we got more insights into the security-related upgrades, it became apparent that drive mapping on Windows 11 24H2 is set to undergo a major change!

Microsoft’s Ned Pyle, in an official blog post, outlined the two changes that might affect drive mapping to NAS (Network Attached Storage) when using the SMB (Server Message Block) protocol,

1. By default, SMB signing is required on all connections: This increases your security by preventing tampering on the network and stops relay attacks that send your credentials to malicious servers.
2. Guest fallback is disabled on Windows 11 Pro edition: This increases your security when connecting to untrustworthy devices. Guest allows you to connect to an SMB server with no username or password. While convenient for the maker of your NAS, it means that your device can be tricked into connecting to a malicious server without prompting for credentials, then given ransomware or having your data stolen.

This improves the security manifolds in two critical aspects: it protects your data and files from tampering and theft, and prevents threat actors from deploying malware on the device via an unsecured server.

Depending on whether the configuration conflict lies with the SMB signing requirement or Guest fallback, you can encounter a host of different errors. Common ones include STATUS_INVALID_SIGNATURE, The cryptographic signature is invalid, 0x80070035 The network path was not found, or System error 3227320323 has occurred, according to Microsoft.

0x80070035 error

Microsoft’s recommended solutions for drive mapping errors in Windows 11 24H2

Microsoft suggests that you verify whether the NAS supports SMB and enable it via the management software. Similarly, disable Guest Access and add a username and password in your NAS. The steps for all three should be available on the manufacturer’s official website.

If that’s not a possibility, Microsoft recommends installing any available firmware updates or replacing the NAS altogether. Because that’s the secure way!

However, if you are willing to take the risk, there’s a way to disable SMB client signing and guest fallback protection (not recommended), according to Microsoft.

Tip icon Tip
You can make these changes both via the Local Group Policy Editor (gpedit.msc) and Windows PowerShell. Go with the former if you have the Pro edition of Windows 11, and use the latter on the Home edition. Although, you can manually install gpedit.msc on Windows 11 Home.

Disable SMB client signing requirement

  • Via Group Policy Editor: Open the Local Group Policy Editor > go to Computer Configuration/ Windows Settings/ Security Settings/ Local Policies/ Security Options > expand the Microsoft network client: Digitally sign communications (always) policy > select Disabled > click Apply and OK to save the changes.
  • Via PowerShell: Execute this command in an elevated (run as administrator) Windows PowerShell: Set-SmbClientConfiguration -RequireSecuritySignature $false
Disabling SMB client signing requirement

Disable guest fallback protection

  • Via Group Policy Editor: Open the gpedit.msc console > go to Computer Configuration/ Administrative Templates/ Network/ Lanman Workstation > double-click the Enable insecure guest logons policy > select Enabled > click Apply and OK to save the changes.
  • Via PowerShell: Execute the following command in an elevated Windows PowerShell: Set-SmbClientConfiguration -EnableInsecureGuestLogons $true
Disabling guest fallback protection

While these changes will allow you to perform drive mapping with NAS using SMB on Windows 11 24H2, they will render your device vulnerable and expose it to threats. That’s the reason Microsoft made the security upgrades in the first place!

If you haven’t yet been able to try out the latest version of the OS, discover how to install Windows 11 24H2 in the Release Preview channel.

What do you think about the changes to drive mapping in Windows 11 24H2? Share with our readers in the comments section.

More about the topics: 24h2, Network drive, Windows 11

User forum

0 messages