The February 2025 Windows 11 patch disabled guest SMB authentication. Open gpedit.msc, navigate to Computer Configuration → Administrative Templates → Network → Lanman Workstation, enable Enable insecure guest logons, then run gpupdate /force to restore network share access immediately.
Fix Guide0x80070005Windows 11 SMB Client
Fix Windows 11 SMB Guest Access Error 0x80070005 – Network Shares 2026
Windows 11 February 2025 patch KB5035859 disabled guest SMB authentication by default, causing access denied errors when connecting to network shares. Enable AllowInsecureGuestAuth policy to restore functionality.
Emanuel DE ALMEIDA 0x80070005Windows 11 SMB Client 5 methods 12 min
Instant Solution
Windows 11 SMB Guest Access Blocked After February 2025 Update
The Windows 11 February 2025 cumulative update KB5035859 introduced significant changes to SMB client security settings, effectively disabling guest authentication by default. This security hardening measure prevents anonymous access to network shares that previously worked without credentials, causing widespread connectivity issues for users relying on simple file sharing setups.
The update modified the default behavior of the SMB client to reject guest authentication unless explicitly enabled through the AllowInsecureGuestAuth policy. While this change enhances security by preventing potentially vulnerable anonymous connections, it breaks legitimate use cases where guest access is intentionally configured for convenience in trusted network environments.
This issue primarily affects home networks, small offices, and development environments where password-protected sharing was disabled for ease of access. The error manifests as access denied messages when attempting to connect to previously accessible network shares, even when the share permissions appear correctly configured.
Related: How to Fix Windows Update Errors on Windows 11 (2026
Related: KB5079420 — March 2026 Hotpatch Security Update for Windows
Related: Windows 11 Gets March 2026 Updates KB5079473 and KB5078883
Related: Windows 11 Breaks C: Drive Access on Samsung Laptops
Diagnostic
Symptoms
- Double-clicking mapped network drives returns "Access is denied" error
- Network shares prompt for credentials when none are required
- Command
net use \\server\sharefails with System error 5 - Event ID 4625 logon failures appear in Security log with status 0xC000006D
- Previously accessible guest shares suddenly require authentication
- Explorer shows network folders but cannot open them
Analysis
Root Causes
- Windows 11 KB5035859 patch disabled
AllowInsecureGuestAuthby default - SMB client now rejects guest authentication unless explicitly enabled
- Security hardening prevents anonymous SMB1-style connections
- Group Policy changes applied during February 2025 cumulative update
- Registry value
AllowInsecureGuestAuthset to 0 or missing
Resolution Methods
Solutions
01
Enable Guest Logons via Group Policy Editor
This method works on Windows 11 Pro, Enterprise, and Education editions.
- Press Win + R, type
gpedit.msc, and press Enter - Navigate to Computer Configuration → Administrative Templates → Network → Lanman Workstation
- Double-click Enable insecure guest logons
- Select Enabled and click OK
- Open Command Prompt as administrator and run:
gpupdate /forceVerification: Run the following PowerShell command to confirm the setting:
Get-SmbClientConfiguration | Select-Object EnableInsecureGuestLogonsThe output should show True. Test network share access immediately without rebooting.
02
Registry Edit for Windows 11 Home Edition
Use this method when Group Policy Editor is unavailable on Windows 11 Home.
Warning: Back up your registry before making changes. Incorrect modifications can cause system instability.
- Press Win + R, type
regedit, and press Enter - Navigate to the following registry path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters- Right-click in the right pane and select New → DWORD (32-bit) Value
- Name the new value
AllowInsecureGuestAuth - Double-click the new value and set it to
1 - Click OK and close Registry Editor
- Restart your computer for changes to take effect
Verification: After reboot, check the registry value exists and equals 1:
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "AllowInsecureGuestAuth"03
PowerShell Registry Modification
Automated registry modification using PowerShell for batch deployment or scripting.
- Open PowerShell as administrator
- Run the following command to create the registry entry:
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "AllowInsecureGuestAuth" -Value 1 -PropertyType DWORD -Force- Restart the computer or restart the Workstation service:
Restart-Service -Name "LanmanWorkstation" -ForcePro tip: Use
-WhatIf parameter first to preview changes before execution.Verification: Confirm the setting is applied:
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" | Select-Object AllowInsecureGuestAuth04
Configure Secure SMB Authentication (Recommended)
Instead of enabling guest access, configure proper authentication for better security.
- On the SMB server, create a dedicated user account:
net user shareuser P@ssw0rd123 /add
net localgroup "Users" shareuser /add- Configure share permissions to grant access to the new user
- On the client, map the drive with credentials:
net use Z: \\server\sharename /user:shareuser P@ssw0rd123 /persistent:yes- Alternatively, use Credential Manager to store credentials:
- Open Control Panel → Credential Manager → Windows Credentials
- Click Add a Windows credential
- Enter server address, username, and password
Verification: Test access without credential prompts:
dir Z:\
net use05
Batch Script for Multiple Computers
Deploy the fix across multiple Windows 11 systems using a batch script.
- Create a new text file and save it as
fix-smb-guest.bat:
@echo off
echo Enabling SMB Guest Authentication...
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v AllowInsecureGuestAuth /t REG_DWORD /d 1 /f
if %errorlevel% equ 0 (
echo Registry updated successfully.
echo Restarting Workstation service...
net stop "Workstation" /y
net start "Workstation"
echo SMB guest access enabled.
) else (
echo Failed to update registry. Run as administrator.
)
pause- Run the batch file as administrator on each affected computer
- For domain environments, deploy via Group Policy Preferences or SCCM
Verification: The script will display success messages and restart the Workstation service automatically.
Validation
Verification
After applying any of the above methods, verify the fix using these steps:
- Check the SMB client configuration:
Get-SmbClientConfiguration | Select-Object EnableInsecureGuestLogons- Test network share access directly:
net use \\server\sharename- Verify in Event Viewer that authentication errors (Event ID 4625) are no longer occurring
- Open Event Viewer → Windows Logs → Security and check for recent logon failures
- Test mapped drives by opening them in Explorer or accessing files directly
If verification fails, ensure the Workstation service restarted properly and check that no conflicting Group Policy settings are applied.
If it still fails
Advanced Troubleshooting
If the above methods don't resolve the issue, try these advanced troubleshooting steps:
Check for Conflicting Policies
Run gpresult /h gpresult.html to generate a Group Policy report and check for conflicting SMB settings applied by domain policies.
SMB Protocol Version Issues
Verify SMB protocol versions are compatible:
Get-SmbServerConfiguration | Select-Object EnableSMB1Protocol, EnableSMB2ProtocolNetwork Connectivity Testing
Test basic connectivity to the SMB server:
telnet server-ip 445
ping server-nameWindows Firewall
Temporarily disable Windows Firewall to rule out blocking:
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled FalseRe-enable after testing. If this resolves the issue, configure specific firewall rules for SMB traffic on ports 139 and 445.
Reset SMB Client Configuration
Reset SMB client to default settings:
Reset-SmbClientConfiguration -ForceThen reapply the AllowInsecureGuestAuth setting.
Frequently Asked Questions
Why did Microsoft disable SMB guest authentication in Windows 11?+
Microsoft disabled guest SMB authentication to improve security and prevent potential exploitation of anonymous network connections. Guest authentication allows connections without credentials, which can be a security risk in enterprise environments. The change aligns with Microsoft's broader security hardening initiatives and helps protect against lateral movement attacks in compromised networks.
Is it safe to re-enable AllowInsecureGuestAuth on my Windows 11 computer?+
Re-enabling AllowInsecureGuestAuth is generally safe in trusted network environments like home networks or isolated lab setups. However, it does reduce security by allowing anonymous SMB connections. In enterprise environments, consider implementing proper authentication instead. The risk is minimal on private networks behind firewalls, but avoid enabling this setting on computers that connect to public or untrusted networks.
Will this fix work on Windows 10 computers experiencing similar issues?+
Yes, the same AllowInsecureGuestAuth registry setting and Group Policy configuration applies to Windows 10. However, Windows 10 systems may not have received the same restrictive update as Windows 11. If Windows 10 computers are experiencing SMB guest access issues, apply the same registry modification or Group Policy setting described in the solutions above.
Can I configure this setting through Active Directory Group Policy for multiple computers?+
Yes, you can deploy this setting domain-wide through Active Directory Group Policy. Create or edit a Group Policy Object (GPO), navigate to Computer Configuration → Administrative Templates → Network → Lanman Workstation, and enable the 'Enable insecure guest logons' policy. Link the GPO to the appropriate organizational unit containing the affected computers. Run gpupdate /force on client machines or wait for the next Group Policy refresh cycle.
What's the difference between enabling this on the client versus the server?+
The AllowInsecureGuestAuth setting must be enabled on the SMB client (the computer accessing the share), not the server hosting the share. The February 2025 update changed the client-side behavior to reject guest authentication offers from servers. Server-side guest access settings remain unchanged. This is why many users were confused when modifying server settings didn't resolve the issue - the restriction is now enforced by the client.
Written by
Emanuel DE ALMEIDA
Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.
Further Intelligence
Deepen your knowledge with related resources
Discussion
Share your thoughts and insights
You must be logged in to comment.
Loading comments...