NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS 526X allowing Windows 11 unauthorized SMB access
I have a ReadyNAS 526X running 6.10.7 and I just recently discovered that any Windows 11 computer can just type in \\NAS-IP-ADDRESS in Windows Explorer and have full unauthorized access. At first I thought someone must have logged in previously and somehow it was stored in Windows, but I reinstalled Windows 11, and then I also tried a brand new ThinkPad right out of the box and it behaves the same as well. I have spent literally 3 days trying every variation of permissions/user/group/network access/file access setting I can think of and can't restrict it in Windows 11 without disabling access for everyone.
To reproduce the issue:
- Create a user, assign a group (either default 'users' or a different group doesn't matter, group restrictions also don't work)
- Create a share and under 'Network Access' enable SMB, under 'Security' and restrict either by user or group
- Leave 'Hosts', 'DFS', and 'Advanced' tabs at default settings
- Under File Access >> Security if you either select 'Everyone' (like we used to in the past), or 'Folder Group', then Windows 11 allows full anonymous/guest access even though these options are disabled. If you try to restrict to only specific users, then this disables access to everyone (including the selected users you chose to authorize, and also Windows 11 gets locked out)
- Doesn't matter what you set the Owner and Group to, I used to leave these at default guest/guest but I have tried changing this to admin/various groups with no success
- 'Grant rename/delete privileges to non-owner' doesn't change anything
- For good measure I keep trying to 'Reset' permissions but that doesn't make any difference
I have tried creating new users, new groups, new shares in all sorts of different variations but any scenario that locks out Windows 11, also locks out all of the legitimate users on any device.
For what it's worth I do have FTP and rsync enabled, and FTP will not allow anonymous connections (including on Windows 11)
I have tested Mac OS, Windows 7, and Windows 10 machines and they do not allow unauthorized access (they all prompt for a username and password as expected).
I was debating whether I should try downgrading the firmware, but figured before I do that I would post here and see if anyone else has any suggestions I haven't tried.
Thanks in advance!
4 Replies
Replies have been turned off for this discussion
Just to update this, I just tried an older Windows 10 Pro laptop and it allows full access to SMB as well without logging in, so it's not just limited to Windows 11 I guess.
I retried the newer Windows 10 laptop I had previously tested and still asks for user/pass authentication as expected. Very strange.
Nothing? No one else having this issue?
I don't see any behavior on any of my NAS where unauthorized users can gain access. Your situation sounds like "everyone" access is still permitted, though perhaps it's not properly shown in the GUI.
Your issue with users being "locked out" sounds a lot like something I discovered changed in Windows 10 several months ago (though I forget which update). When you log into the NAS from Windows, Windows tries to log on using your Windows credentials. If those match a NAS user, all is well. If the user name doesn't match a user name on the NAS, then it prompts for a user name and password. But if the user name matches, but the password doesn't, then it doesn't prompt you. And it will never prompt you again until you re-boot. "Everyone" access doesn't change this. That lack of prompting is what changed -- it used to prompt you in this case as well. You aren't really "locked out" by the NAS, but you might as well be because you are not given another opportunity by Windows to enter credentials. Note that this is a Windows issue (and how it works with Linux SAMBA), and you can find people reporting it in forums not associated with the ReadyNAS. Oddly, it doesn't seem to affect everyone, but nobody seems to have figured out what's different when it does.
Since I don't want my NAS password to be stored in the Windows credential manager and changing my user name on my PCs or NAS would be a PITA, I now have a batch file on my desktop that uses the net use command, which still does prompt for a name and password:
net use * /delete net use M: \\192.168.0.30\Music /persistent:no net use N: \\192.168.0.30\Documents /persistent:no net use O: \\192.168.0.30\Other /persistent:no net use V: \\192.168.0.30\Videos /persistent:noNote that if you make them persistent, then Windows will have the same issue on the next boot, and you'll appear to be "locked out" because it will not ask you for a user name and password again. It's a work-around, not a solution, because I gave up on finding a real solution.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
