Vendors putting and keeping out trash applications.

Rant incoming – I did this about 2 months ago and it is still bothering me!

Stop Blaming Microsoft for Fixing Your Insecure File Shares
You know what pisses me off? Vendors that still rely on guest access SMB shares in 2025.
For those not living in Windows land every day, here’s the short version:
SMB guest access = anyone on your network can walk into a shared folder without a username or password.
It was convenient in the 90s and early 2000s, back when everyone thought “internal network = trusted.”
It’s also one of the easiest ways for ransomware and worms to spread — WannaCry, NotPetya, all those big hits loved abusing open SMB shares.
Microsoft started shutting the door in Windows 10 (1709) and Server 2019, disabling insecure guest logons by default. They didn’t do it to be annoying — they did it because it’s flat-out dangerous.
Fast forward to today. I just finished upgrading a company to Windows 11 24H2. Everything’s solid — until suddenly multiple job functions can’t see a core part of the application. They need to view scanned identifications — thousands of them, stored for compliance — and the app can’t pull them anymore. Why? Because the vendor stuck them in a “secure” subdomain (not even domain-joined), and “secured” it with… a generic guest account.
So what’s the vendor’s answer when it breaks?
“Oh, just turn off that Windows security feature. Or just point everyone directly at the file share where we’ve dumped 64,000+ scanned IDs. No big deal.”
No accountability. No audit trail. Fifty-plus people accessing sensitive data through a generic login, and the vendor’s suggestion is to just roll back the security patch that’s literally there to protect against exactly this kind of nonsense.
And somehow, that’s supposed to be my problem? No. That’s not how this works.
Here’s the reality:
Microsoft isn’t the bad guy here.
The vendor is, for refusing to update their practices.
Making customers weaken their environment to keep your product limping along is unacceptable. My company says “Do it” keep the dollars rolling, we can’t inconvenience our process. So I protest and CC my personal email to try to keep my self clean. Where as integrity driven IT draw the line and says I will not?
My options are either roll us back and never update because of issues (when I arrived DC was still 2008 a YEAR AGO, because of issues like this), or update and then break stuff on purpose.
So here’s my ranty takeaway: If your product still requires insecure guest SMB access in 2025, your product is broken. Stop blaming Microsoft. Stop dumping the problem on your customers. Fix. Your. Stuff.