Discussion

Error: “The account is not authorized to login from this station.”

Error:  The account is not authorized to login from this station”

 

In the January release of Windows 10 Technical Preview (build 9926) we made a change related to security and remote file access that may affect you.  Remote file access has always included a way of connecting to a file server without a username and password.  This was termed “guest access,” and it allowed you to put a file server up without worrying about user accounts.  The most common scenario originally was a small office, but this model gained traction in recent years in the home and home office with the availability of Network Attached Storage, or NAS devices.  These devices are typically small devices that are not much larger than the disk drive inside with a Windows compatible file server.  Often, the default configuration allowed for guest access with no username and password.

 

The security change is intended to address a weakness when using guest access.  While the server may be fine not distinguishing among clients for files (and, you can imagine in the home scenario that it doesn’t matter to you which of your family members is looking at the shared folder of pictures from your last vacation), this can actually put you at risk elsewhere.  Without an account and password, the client doesn’t end up with a secure connection to the server.  A malicious server can put itself in the middle (also known as the Man-In-The-Middle attack), and trick the client into sending files or accepting malicious data.  This is not necessarily a big concern in your home, but can be an issue when you take your laptop to your local coffee shop and someone there is lurking, ready to compromise your automatic connections to a server that you can’t verify.  Or when your child goes back to the dorm at the university.  The change we made removes the ability to connect to NAS devices with guest access, but the error message which is shown in build 9926 does not clearly explain what happened. We are working on a better experience for the final product which will help people who are in this situation.  As a Windows Insider you’re seeing our work in progress; we’re sorry for any inconvenience it may have caused.

 

You may see suggested workarounds where making a registry change restores your ability to connect with guest access. We do NOT recommend making that change as it leaves you vulnerable to the kinds of attacks this change was meant to protect you from.

 

The recommended solution is to add an explicit account and password on your NAS device, and use that for the connections.  It is a one-time inconvenience, but the long term benefits are worthwhile.  If you are having trouble configuring your system, send us your feedback via the Feedback App and post your information here so we can document additional affected scenarios.



* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

The recommended solution is to add an explicit account and password on your NAS device, and use that for the connections.  It is a one-time inconvenience, but the long term benefits are worthwhile.  If you are having trouble configuring your system, send us your feedback via the Feedback App and post your information here so we can document additional affected scenarios.

Please explain step by step how to do this. I have three wired computers in my house. The network

just makes it easy to transfer pictures, tv programs recorded on windows media center and other personal things within our house.

There is no server just home computers tied together.

Tom j.

Tom j.

Please explain step by step how to do this. I have three wired computers in my house. The network

just makes it easy to transfer pictures, tv programs recorded on windows media center and other personal things within our house.

Hello Tom,

What OS version is running on each of the computers?

If they are all Windows 7 or newer, you might consider using the Homegroup functionality, which will take care of security behind the scenes for you.

Regards,

Tom

Tom
---
Group Software Engineering Mgr
High Availability & Storage
Windows Server Team, Microsoft

Does homegroup fully share printers and Windows media center recorded Tv?

All computers are Win 7 or newer.

Tom j.

Tom j.

Hi Tom,

Here is the step by step tutorial for HomeGroup.

http://windows.microsoft.com/en-us/windows/homegroup-help#homegroup-start-to-finish=windows-7&v1h=win81tab1&v2h=win7tab1

with Step 5 focused on sharing printers

HomeGroup is a feature of Windows 7, Windows 8.1 and Windows 10 Technical Preview.

And to just to check, I took my Dell Duo running Windows 10 Technical Preview build 9926 and added it to my Homegroup. I am now playing "Hold On" by the Alabama Shakes streamed to my desktop.

Charles


Please explain step by step how to do this. I have three wired computers in my house. The network

just makes it easy to transfer pictures, tv programs recorded on windows media center and other personal things within our house.

Hello Tom,

What OS version is running on each of the computers?

If they are all Windows 7 or newer, you might consider using the Homegroup functionality, which will take care of security behind the scenes for you.

Regards,

Tom

And what do I do if one of my home desktops still has Vista on it?  That PC also has 8.1 and the 10 TP (9926), but I'm not quite ready to give up Vista as long as MS is still providing updates for it.  So what's the message for folks like me?  Go with the registry hack?  I don't share folders that have sensitive info on them.  I rarely take my laptop to public places any more either because I have an Android tablet for that now.

  I'll follow the link to read up on homegroups, but I've never understood why they weren't a solution looking for a problem.  Maybe I just need to study some more, but until you clever devils came up with this heretofore undocumented "fix", I've been blissfully sharing folders and printers since Windows 98.  I'm going to assume this was an oversight on your part, but PLEASE try not to make show stopper changes without (1) telling us in advance, and (2) providing something akin to that patch for situations like mine (which I'm sure are not unique).  To do otherwise wastes a lot of folks' time and adds to the ill will MSFT created with Windows 8 that you can ill afford.  I doubt if you and your colleges want to follow the paths that resulted for Sinofsky and Balmer.


I can totally understand the line of thought that led to the decision to can the guest access without authentication. 

On on the other hand, to access my home network, I normally have to authenticate myself, either by knowing the secret for the wifi network or by having a physical key to the room, giving access to the Ethernet cabling.  It does not make much sense to require additional authentication for a shared drive, it only increases administrative overhead at home, where I normally don't have the necessary tools to do this properly.

my suggestion would be to allow for guest access as before, but to limit this to the home network (of which you should only have 1 or 2)

right now, the canning of anonymous file access will result in a bad user experience, huge amount of support and some people no longer being able to access their data because they simply don't know anymore the secret to administer their NAS, without really improving the security situation in the home network where this scenario is applicable.

regards

Frank


Hello, So now I get to reconfigure FreeNas, witch is working just fine as it is right now... How many people have actually had data stolen this way? 1%? Why does MS keep making consumers into babies that need a nanny to decide how we share our data in our homes? I have never met anyone who was happy with the "sequrity Features" that force us to figure out the often malfunctioning home networking sequrity schemes that MS comes up with. I have spent hours of my time over the years trying to get windows to do a simple file share without success because of "sequrity features" I donht need or want. And I have been using computers since the early 90's and have had IT and Programming in college and I still cant get windows to share reliably with anything but guest access on non pc devices, well on other pc either half the time. Well to be honest Homegroup seems to be ok for PC to Pc shareing...Well except there doesn't seem to be a join Homegroup option in Windows 10TP... So now what?


Until MS gets the message I did the reg. hack... I am not going through the hassle this "sequrity feature" requires. We have 4 laptops, 3 pc, 2 servers and several media players and nas boxes... All running different OS's.


This is a dreadful change for home users with several computers of differing age and OS and I don't have, or need, an NAS on my network. I suffered this problem immediately on installing the Technical Preview and it took me several hours of Binging :) to find the solution. If you persist in making this the default then a better explanatory error message is needed and the registry change must always be available to override this stupid limitation.


@Everyone

I'm certainly sorry this change has caused confusion and burned time.  Feedback heard - the error message is inadequate, and setting a regkey is clunky.  Rest assured we're going to be improving this experience.

Balancing raising the security bar against impact and compatibility is not always easy.  Clearly we missed the mark here.

@Hula_Baloo

If you can't use homegroup then:

  • Configuring accounts with same username/password on the machines
  • Granting "Everyone" access to the share and the files/folders concerned

Should enable access between the machines.

Alternatively you can choose to set the regkey which will fall back to old behavior.

@FrankHarenBerg

Thanks for the thoughtful feedback.  You're right that the vulnurability is not so much inside the home or inside the workplace, but in other locations, and we're considering that factor.

As an aside though, there have been many instances of wifi router compromises as well, and having more than one layer of security can be beneficial.

@Randy2112

Homegroup is present in the TP.  Click on search on the taskbar and type homegroup, or look in the control panel under "Control Panel\Network and Internet\HomeGroup"

Tom
---
Group Software Engineering Mgr
High Availability & Storage
Windows Server Team, Microsoft

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
Discussion Info

Views: 18,757 Last updated: June 11, 2018 Applies to: