If the Host is installed on a non-domain (workgroup) machine and you have selected Windows Security Management as the Guest Access Method, you will have the option to select from the machine’s local users and groups. You can make use of these local Windows user accounts to differentiate the Guest access rights to the Host for different users or groups.

However, when you then try to authenticate through Impero Connect using one of these local accounts (by typing in username, password, and in the domain field, the Host PC name), you might get a “Password is incorrect” error message.  The only account that you can make use of is the built-in account named Guest, provided you have this account enabled and added to a security role in the Host’s configuration.

The reason for the "Password is incorrect" message is a setting in the Host computer’s local security policy manager (secpol.msc) under Local Policies > Security Options called “Network access: Sharing and security model for local accounts”.  By default, on non-domain machines, it is set to “Guest only”, which means that network logons that use local accounts are automatically mapped to the Guest account.

If this option is changed to “Classic”, network logons that use local account credentials authenticate by using those credentials. After making this change, the other Windows accounts that have been added to security roles in the Host will now start functioning correctly when used to authenticate to the Host from the Guest.