W11 upgrade to 24H2 - Error code 0x4f8: policies block unauthenticated guest access

[User959]

W11 upgrade to 24H2 - Error code 0x4f8: policies block unauthenticated guest access and only FFS but not Windows mapped drives for example.

FreeFileSync 11.1 and 13.7

W11 23H2 no issues with FFS > login box appears > enter credentials and continue. All good no problems.
W11 24H2 after upgrade no login box but the the error and once proposed fix applied and working then large transfers can cause FFS to freeze and not recover.

Error:
"Cannot find the following folders:

\\192.168.xx.xxx\xxxxxxx\xxxxxxxxxxxxxxxxxxxxxx

Cannot read file attributes of "\\192.168.xxx.xxx\xxxxx".
Error code 0x4f8: You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network. [FindFirstFile]"

According to the internet I need to allow 'Insecure Guest Logons' in either 'Group Policy Editor or Registry'
Computer configuration > Administrative Templates > Network > Lanman Workstation or create registry entry in the registry at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters Both do the same thing and fix the problem. I get the logon box again and can continue.

The problem I have is that in 23H2 and older those settings are also not enabled and FFS still works fine. So I am cautions about enabling settings that were not required enabled prior to me upgrading to 24H2.

Is there something else that's broken between FFS and W11 24H2 instead of enabling the above insecure settings that are not required in 23H2.

[xCSxXenon]

In Windows 11 24H2, we've made two major security changes that can affect mapping drives to third-party consumer NAS or routers with USB storage:

1) By default, SMB signing is required on all connections. This increases your security by preventing tampering on the network and stops relay attacks that send your credentials to malicious servers.
2) Guest fallback is disabled on Windows 11 Pro edition. This increases your security when connecting to untrustworthy devices. Guest allows you to connect to an SMB server with no username or password. While convenient for the maker of your NAS, it means that your device can be tricked into connecting to a malicious server without prompting for credentials, then given ransomware or having your data stolen.

The second change seems very related to what you are experiencing

[User959]

In Windows 11 24H2, we've made two major security changes that can affect mapping drives to third-party consumer NAS or routers with USB storage:

1) By default, SMB signing is required on all connections. This increases your security by preventing tampering on the network and stops relay attacks that send your credentials to malicious servers.
2) Guest fallback is disabled on Windows 11 Pro edition. This increases your security when connecting to untrustworthy devices. Guest allows you to connect to an SMB server with no username or password. While convenient for the maker of your NAS, it means that your device can be tricked into connecting to a malicious server without prompting for credentials, then given ransomware or having your data stolen.

The second change seems very related to what you are experiencing

Number 1 is how I assume it always worked and should continue to work with a login box to enter credentials.

Number 2 I don't understand because:
I always used to get the login box <23H2. So I wasn't using Guest. I needed to login 'User' and 'Password' and what's happened now is the login box has disapeared unless I enable 'Insecure Guest Access'

Why do I have to enable 'Insecure Guest Access' to get a login box to login to a NAS that requires credentials.

Do you understand my confusion. Need to go insecure so I can securely log in? but that then leaves the door open with that setting enabled.

The other thing is why am I the only one experiencing this.

[xCSxXenon]

Because Windows LOL
It likely uses Guest access to connect since the credentials aren't saved. The SMB host then catches this and returns a prompt for valid credentials. Without guest access, the initial connection can't even be established.
Add the credentials in Credential Manager or map the locations as network drives.