W11 upgrade to 24H2 - Error code 0x4f8: policies block unauthenticated guest access

[User959]

W11 upgrade to 24H2 - Error code 0x4f8: policies block unauthenticated guest access and only FFS but not Windows mapped drives for example.

FreeFileSync 11.1 and 13.7

W11 23H2 no issues with FFS > login box appears > enter credentials and continue. All good no problems.
W11 24H2 after upgrade no login box but the the error and once proposed fix applied and working then large transfers can cause FFS to freeze and not recover.

Error:
"Cannot find the following folders:

\\192.168.xx.xxx\xxxxxxx\xxxxxxxxxxxxxxxxxxxxxx

Cannot read file attributes of "\\192.168.xxx.xxx\xxxxx".
Error code 0x4f8: You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network. [FindFirstFile]"

According to the internet I need to allow 'Insecure Guest Logons' in either 'Group Policy Editor or Registry'
Computer configuration > Administrative Templates > Network > Lanman Workstation or create registry entry in the registry at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters Both do the same thing and fix the problem. I get the logon box again and can continue.

The problem I have is that in 23H2 and older those settings are also not enabled and FFS still works fine. So I am cautions about enabling settings that were not required enabled prior to me upgrading to 24H2.

Is there something else that's broken between FFS and W11 24H2 instead of enabling the above insecure settings that are not required in 23H2.

[xCSxXenon]

In Windows 11 24H2, we've made two major security changes that can affect mapping drives to third-party consumer NAS or routers with USB storage:

1) By default, SMB signing is required on all connections. This increases your security by preventing tampering on the network and stops relay attacks that send your credentials to malicious servers.
2) Guest fallback is disabled on Windows 11 Pro edition. This increases your security when connecting to untrustworthy devices. Guest allows you to connect to an SMB server with no username or password. While convenient for the maker of your NAS, it means that your device can be tricked into connecting to a malicious server without prompting for credentials, then given ransomware or having your data stolen.

The second change seems very related to what you are experiencing

[User959]

In Windows 11 24H2, we've made two major security changes that can affect mapping drives to third-party consumer NAS or routers with USB storage:

1) By default, SMB signing is required on all connections. This increases your security by preventing tampering on the network and stops relay attacks that send your credentials to malicious servers.
2) Guest fallback is disabled on Windows 11 Pro edition. This increases your security when connecting to untrustworthy devices. Guest allows you to connect to an SMB server with no username or password. While convenient for the maker of your NAS, it means that your device can be tricked into connecting to a malicious server without prompting for credentials, then given ransomware or having your data stolen.

The second change seems very related to what you are experiencing

Number 1 is how I assume it always worked and should continue to work with a login box to enter credentials.

Number 2 I don't understand because:
I always used to get the login box <23H2. So I wasn't using Guest. I needed to login 'User' and 'Password' and what's happened now is the login box has disapeared unless I enable 'Insecure Guest Access'

Why do I have to enable 'Insecure Guest Access' to get a login box to login to a NAS that requires credentials.

Do you understand my confusion. Need to go insecure so I can securely log in? but that then leaves the door open with that setting enabled.

The other thing is why am I the only one experiencing this.

[xCSxXenon]

Because Windows LOL
It likely uses Guest access to connect since the credentials aren't saved. The SMB host then catches this and returns a prompt for valid credentials. Without guest access, the initial connection can't even be established.
Add the credentials in Credential Manager or map the locations as network drives.

[Zenju]

Looks like the 24H2 update introduced a new error code. Can you test the following version and see if you get the login dialog just like before with 23H2: https://www.mediafire.com/file/fjfgozkwn3ibmz4/FreeFileSync_13.8_%255BBeta%255D_Windows_Setup.exe

[User959]

Looks like the 24H2 update introduced a new error code. Can you test the following version and see if you get the login dialog just like before with 23H2: https://www.mediafire.com/file/fjfgozkwn3ibmz4/FreeFileSync_13.8_%255BBeta%255D_Windows_Setup.exe

Ok, first: Success.

You didn't specify any instructions so this is what I did, noting to possibly help other with this issue.

1-Removed custom added Registry entry for insecure logins.
2-Tested that FFS will complain that it cannot read the folders on the NAS
3-Closed FFS
4-Installed 13.8 Beta as linked in your post Zenju
5-Started FFS and confirmed 13.8 Beta overwrote existing FFS.
6-Selected NAS from my list then Compare and Windows Login dialogue box is once again.
7-Loged in and did compare and sync.
8-So far all is good and back to normal with only a few tests.

Thank you.

[Zenju]

Perfect. Thank you for the thorough testing, including the negative test with the old FFS version. The fix will be included in the next release.