• July 17, 2017
    Announcement: New site design for Microsoft Community

    In July, Microsoft will roll out the first of ongoing site improvements aimed to modernize Microsoft Community and help customers get the most out of their community experience.

    • During the roll out period, you may see the old or new site design depending on your location

    • We expect the roll out to finish by 31 July

    Note: Past private message conversations will not move to the new site design. Please save any private messages you would like to keep.

     Learn more about the upcoming site improvements in this thread.

    Thank you for being part of Microsoft Community!

 
Discussion
14854 views

Error: “The account is not authorized to login from this station.”

Bennet Martin started on

Error:  The account is not authorized to login from this station”

 

In the January release of Windows 10 Technical Preview (build 9926) we made a change related to security and remote file access that may affect you.  Remote file access has always included a way of connecting to a file server without a username and password.  This was termed “guest access,” and it allowed you to put a file server up without worrying about user accounts.  The most common scenario originally was a small office, but this model gained traction in recent years in the home and home office with the availability of Network Attached Storage, or NAS devices.  These devices are typically small devices that are not much larger than the disk drive inside with a Windows compatible file server.  Often, the default configuration allowed for guest access with no username and password.

 

The security change is intended to address a weakness when using guest access.  While the server may be fine not distinguishing among clients for files (and, you can imagine in the home scenario that it doesn’t matter to you which of your family members is looking at the shared folder of pictures from your last vacation), this can actually put you at risk elsewhere.  Without an account and password, the client doesn’t end up with a secure connection to the server.  A malicious server can put itself in the middle (also known as the Man-In-The-Middle attack), and trick the client into sending files or accepting malicious data.  This is not necessarily a big concern in your home, but can be an issue when you take your laptop to your local coffee shop and someone there is lurking, ready to compromise your automatic connections to a server that you can’t verify.  Or when your child goes back to the dorm at the university.  The change we made removes the ability to connect to NAS devices with guest access, but the error message which is shown in build 9926 does not clearly explain what happened. We are working on a better experience for the final product which will help people who are in this situation.  As a Windows Insider you’re seeing our work in progress; we’re sorry for any inconvenience it may have caused.

 

You may see suggested workarounds where making a registry change restores your ability to connect with guest access. We do NOT recommend making that change as it leaves you vulnerable to the kinds of attacks this change was meant to protect you from.

 

The recommended solution is to add an explicit account and password on your NAS device, and use that for the connections.  It is a one-time inconvenience, but the long term benefits are worthwhile.  If you are having trouble configuring your system, send us your feedback via the Feedback App and post your information here so we can document additional affected scenarios.

Cheers,
Ben.
11 people have recommended this discussion

Abuse history


progress