Enter network credentials (almost) every time I access a network share (NAS SMB)

Since Windows 10 version 1709 and forward SMB2 and SMB3 disables guest access by default for it as a client connecting to an SMB server that forces guest or an unauthenticated credential.

Quoted and referenced below are portions of a Microsoft post that’s relevant to your issue. I encourage you to read through its entire contents for thoroughness still.

I’ve also posted below some “potential solutions” for an answer even though for security reasons Microsoft says to not do this. You should ensure your network is locked down to prevent man-in-middle attacks for related systems.

Symptoms

Starting in Windows 10, version 1709 and Windows Server 2019, SMB2 and
SMB3 clients no longer allow the following actions by default:

  • Guest account access to a remote server.
  • Fall back to the Guest account after invalid credentials are provided.

SMB2 and SMB3 has the following behavior in these versions of Windows:

  • Windows 10 Enterprise and Windows 10 Education no longer allow a user to connect to a remote share by using guest credentials by
    default, even if the remote server requests guest credentials.

Note: This Windows 10 behavior occurs in Windows 10 1709, Windows 10 1803, Windows 10 1903, Windows 10 1909 as well as Windows 10 2004,
Windows 10 20H2, & Windows 10 21H1 as long as
KB5003173
is installed.

If you try to connect to devices that request credentials of a guest
instead of appropriate authenticated principals, you may receive error
messages.

Also, if a remote server tries to force you to use guest access, or if
an administrator enables guest access, the following entries are
logged in the SMB Client event log:

Log Name: Microsoft-Windows-SmbClient/Security  
Source: Microsoft-Windows-SMBClient  
Date: Date/Time  
Event ID: 31017  
Task Category: None  
Level: Error  
Keywords: (128)  
User: NETWORK SERVICE  
Computer: ServerName.contoso.com  
Description: Rejected an insecure guest logon.  
User name: Ned  
Server name: ServerName

Guidance

This event indicates that the server tried to log on the user as an
unauthenticated guest but was denied by the client. Guest logons do
not support standard security features such as signing and encryption.
So, guest logons are vulnerable to man-in-the-middle attacks that can
expose sensitive data on the network. Windows disables insecure
(nonsecure) guest logons by default. We recommend that you don’t
enable insecure guest logons.

Cause

This change in default behavior is by design and is recommended by
Microsoft for security.

Source

Potential Solutions

Note: Restart the system if you make any of these changes and then try again after the reboot. Sometimes to become effective in Windows, a reboot is required after making a registry or Group Policy change.

First, use this PowerShell to enable, disable, or remove the AllowInsecureGuestAuth

$x = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "AllowInsecureGuestAuth";
If ($x) {
    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "AllowInsecureGuestAuth" -Value 1 -Force;
    } Else {
    New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" -Name "AllowInsecureGuestAuth" -PropertyType "DWORD" -Value 1 -Force;
    }

Note: You can undo this by changing the -Value 1 code to -Value 0

Second, you can try to uninstall the KB5003173 as per the post that says this is the update that makes this security change effective.

Third, you could try to set the local or domain Group Policy to enable insecure guest access with settings:

  1. Open the Local Group Policy Editor (gpedit.msc).
  2. In the console tree, select Computer Configuration > Administrative Templates > Network > Lanman Workstation.
  3. For the setting, right-click Enable insecure guest logons and select Edit.
  4. Select Enabled and select OK.

Fourth, following applicable steps on the How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows post you could try to enabled SMBv1. Or you could enable SMBv1 and then disable SMBv2, and SMBv3 to see if that forces the SMBv1 to be used that doesn’t have the security constraint.

Fifth, an additional thing to try while having the registry options set per the above steps, and after a reboot once that is set, would to run a command line or two but NOT elevated as admin.

  1. Delete all existing mappings (in case of conflicts)
net use * /delete
  1. Next run one of these variations but /user:guest may need to be /user:<remoteMachineIPAddress>\guest
net use \\serverName\shareName "" /user:guest /persistent:yes 
net use \\serverName\shareName /user:guest "" /persistent:yes

Using one of those two formats above while considering the note regarding /user:XX.XX.XX.XX\guest making that match the actual IP of the remote SMB/NAS system, this might allow subsequent connections without needing to retype the credential each time.

You should test with a reboot to see if this solution sticks after a reboot. Consider adding it as a login script or dropping applicable logic to the /startup folder in Windows so it runs at each (or the needed) user login if after a reboot it needs rerun again.

Batch Script

Note: Drop a copy into to the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp directory.

@ECHO OFF
IF NOT DEFINED MINIMIZED SET MINIMIZED=1 && START "" /MIN "%~F0" x && EXIT
net use \\serverName\shareName /user:guest "" /persistent:yes
EXIT