Group Policy Archives

Winsage

March 2, 2026

NTLM is going away: what Microsoft’s phaseout means for MSPs and IT teams

The migration from NTLM to Kerberos authentication is essential for improving security in Windows systems, but it faces challenges such as legacy systems and hardcoded authentication. Organizations must identify NTLM usage, conduct testing with NTLM disabled, and make necessary adjustments or upgrades to migrate successfully. Ongoing monitoring is crucial post-migration to prevent NTLM from re-entering the network. NTLM is associated with significant security vulnerabilities and has been exploited by various threat groups, making its elimination a priority for organizations despite potential hesitations to invest in the migration process. Transitioning to Kerberos is seen as a strategic security investment.

Winsage

March 1, 2026

Windows 11 Pro Upgrade Now $12.97 in Rare Deal

A Windows 11 Pro license is available for .97, representing a 93% discount from the standard retail price of 9. This license activates on one machine and includes features such as BitLocker full-disk encryption, Windows Sandbox, Hyper-V virtualization, Remote Desktop host, Group Policy, and Domain join support. Windows 11 Pro also integrates Microsoft’s Copilot for AI-assisted tasks and offers workflow enhancements like Snap Layouts and multiple desktops. To qualify for Windows 11, a PC must have a compatible 64-bit CPU, TPM 2.0, Secure Boot, at least 4GB of RAM, and 64GB of storage. Users upgrading from Windows 11 Home typically retain their files and applications. Caution is advised regarding the purchase source to avoid gray-market or region-locked keys. Key differences between Windows 11 Pro and Home include enhanced security and management features, making Pro suitable for users handling sensitive data or requiring remote access.

Winsage

February 28, 2026

Announcing Windows 11 Insider Preview Build 28020.1673 (Canary Channel)

Windows 11 Insider Preview Build 28020.1673 has been released to the Canary Channel. Key updates include: - Emoji 16.0 release with new emojis available in the emoji panel. - Introduction of a sign-in restore experience for Windows Backup for Organizations, reinstating user settings and Microsoft Store apps. - Quick Machine Recovery (QMR) is now automatically enabled for enterprise-managed Windows Professional devices. - A built-in network speed test accessible from the taskbar for measuring network performance. - Enhanced account menu in the Start menu directing users to Microsoft account benefits. - Pan and tilt controls for supported cameras available in the Settings app. - Widget Settings have been updated to a full-page experience. - Search function in the taskbar now displays group headers with the number of results and allows previewing results. - Support for Remote Server Administration Tools (RSAT) on Windows 11 Arm64 devices. - Improvements to dark mode in File Explorer and fixes for unexpected window behavior. - Reliability improvements in Settings for Bluetooth & Devices options. - Enhanced reliability for sending larger files via nearby sharing. Features are gradually rolled out, and a clean installation is required to exit the Canary Channel.

Winsage

February 27, 2026

Microsoft expands Windows restore to more enterprise devices

Microsoft has introduced a feature that allows enterprise users to restore personal settings and Microsoft Store applications from a previous Windows 11 device during their first login on a new or reimaged device using a Microsoft Entra ID account. This feature is part of Windows Backup for Organizations, which streamlines the migration process to Windows 11. The restore capability has been expanded to support hybrid-managed environments, multi-user device configurations, and Windows 365 Cloud PCs. Users will receive a prompt during the first login to either restore from a previous device's backup or set up the device as new, but those who bypass this step will not receive another prompt. IT administrators can manage this feature through Microsoft Intune or Group Policy. The feature will be available for devices with Windows updates released on February 24, 2026, and later. Windows Backup for Organizations was first announced in November 2024, reached public preview in May 2025, and became generally available in August.

Winsage

February 24, 2026

How to Disable Copilot in Windows 11 — Uninstall, Hide, and Stop It from Coming Back

Microsoft has integrated its AI assistant, Copilot, into various parts of Windows 11, including the taskbar, Edge, and Notepad. Users have expressed a desire to remove Copilot, leading to the creation of a guide detailing methods to disable it. Copilot can be uninstalled through Settings, but additional steps are required to remove it from Edge, Notepad, and Windows Search. Users can also prevent Copilot from reinstalling after updates by adjusting registry settings. The Copilot app is categorized as a standalone application in Windows 11 24H2, making it easier to uninstall compared to previous versions. Methods to disable Copilot include: 1. Uninstalling the app via Settings. 2. Hiding the icon from the taskbar. 3. Using Group Policy Editor (limited to Pro, Enterprise, Education). 4. Removing Copilot for all users using PowerShell. 5. Adjusting settings in Edge and Notepad to disable Copilot features. 6. Editing the registry to remove Copilot from Windows Search and Paint. 7. Remapping the physical Copilot key on newer laptops. 8. Disabling silent reinstallation of Copilot through registry edits. Disabling Copilot will not affect core Windows functionality but will remove AI-specific features such as the chatbot and writing assistance.

Winsage

February 19, 2026

14 simple Windows 11 tweaks that instantly boost your privacy

Windows 11 engages in various background activities that may affect user privacy. Users can enhance their privacy by adjusting settings beyond the default configurations. Key modifications include: 1. Disable Device Encryption by navigating to Settings > Privacy & security > Device Encryption and toggling off the switch. 2. Disable Find My Device by going to Settings > Privacy & security > Find my device and turning off the toggle switch. 3. Minimize telemetry by accessing Settings > Privacy & security > Diagnostic & feedback and disabling the Send optional diagnostic data and Tailored experiences options. 4. Disable Activity Tracking in Settings > Privacy & security > General by toggling off personalized ads and app tracking options. 5. Disable Location Tracking by going to Settings > Privacy & security > Location and toggling off Location Services. 6. Disable Search Highlights in Settings > Privacy & security > Search by turning off the Show search highlights toggle switch. 7. Disable Cloud Search by navigating to Settings > Privacy & security > Search and turning off Microsoft account and Work or School account toggle switches. 8. Switch to a Local Account by accessing Settings > Accounts > Your Info and selecting Sign in a local account instead. 9. Uninstall OneDrive via Settings > Apps > Installed apps. 10. Uninstall Copilot through Settings > Apps > Installed apps. 11. Uninstall Windows Recall by searching for Turn Windows features on or off and clearing the Recall option. 12. Disable Windows Backup in Settings > Accounts > Windows Backup by turning off Remember my apps and Remember my preferences. 13. Disable Windows Update by launching the Local Group Policy Editor and disabling the Configure Automatic Updates policy. 14. Limit Microsoft Edge Telemetry by accessing Microsoft Edge Settings > Privacy, search, and services and turning off relevant telemetry options. Creating a full backup of the computer before making these changes is recommended.

Winsage

February 13, 2026

Microsoft Refreshes Secure Boot Root of Trust Certificates

Microsoft is refreshing Secure Boot certificates across its Windows ecosystem ahead of their expiration in June 2026 to enhance firmware-level security. Most systems will automatically receive the new certificates via Windows Update, while older or specialized devices may require firmware updates from the original equipment manufacturer (OEM). Devices that do not receive the update will still boot but will gradually lose access to critical boot-level mitigations and future compatibility improvements. The deployment of the new certificates has started with regular monthly Windows updates and applies to home users, businesses, and educational institutions. Organizations can manage updates independently using tools like Group Policy. Many devices produced since 2024 and nearly all systems shipped in 2025 already have the updated certificates. If systems are not updated, they will continue to function but will enter a degraded security state, unable to adopt new Secure Boot mitigations. This could increase exposure to threats and lead to compatibility issues with newer operating systems and software. IT administrators should ensure that Windows Update is deploying the latest updates and that device firmware is current, especially for older hardware or specialized systems.

Tech Optimizer

February 11, 2026

How to Disable Windows 11 Defender: Temporary and Permanent

Microsoft Defender Antivirus is the built-in security solution for Windows 11, protecting against viruses, malware, and ransomware. Users may need to disable it temporarily or permanently for various reasons, including software installation, penetration testing, performance issues, transitioning to third-party antivirus solutions, or troubleshooting conflicts. Temporary disabling can be done through the Windows Security app, which will automatically re-enable after a restart. Permanent disabling requires changes in Group Policy, applicable only to Windows 11 Pro, Enterprise, and Education editions, and necessitates disabling Tamper Protection first. Another method for permanent disabling is installing a third-party antivirus, which automatically deactivates Defender's real-time protection. Windows 11 Home users cannot use Group Policy for permanent disabling but can still temporarily disable Defender or install a third-party antivirus. Disabling Defender exposes the system to threats, and users should ensure they have alternative protection in place. Major Windows updates may reset Defender settings, and caution is advised when modifying system settings.

Winsage

January 31, 2026

Final day to get Windows 11 Pro for just $10

A promotion has reduced the price of Windows 11 Pro to a significant discount, making it an attractive option for users currently on Windows 10 or the Home edition of Windows 11. The offer represents a 94% discount from the standard retail price and is a rare opportunity for a current-generation Windows Pro license. Windows 11 Pro includes features such as Snap Layouts, multiple desktops, BitLocker device encryption, Windows Information Protection, Hyper-V virtualization, and Remote Desktop capabilities. It requires a compatible 64-bit CPU, TPM 2.0, Secure Boot, at least 4GB of RAM, and adequate storage. Users are advised to purchase from reputable sellers to avoid issues with activation or legitimacy of the license.

Winsage

January 30, 2026

Microsoft Adds Centralized RDP Shortpath Control via GPO and Intune

Microsoft has enhanced the management of Remote Desktop Protocol (RDP) Shortpath, now available through Group Policy Objects (GPO) and Microsoft Intune, allowing IT teams to implement centralized control over RDP Shortpath behavior across Azure Virtual Desktop (AVD) session hosts and Windows 365 Cloud PCs. RDP Shortpath improves performance and reliability by establishing a direct, UDP-based network connection, reducing latency and enhancing responsiveness for audio and video applications. Prior to this update, managing RDP Shortpath was fragmented, requiring manual adjustments on individual session hosts, which complicated consistent networking behavior. The new centralized configuration allows administrators to enforce Shortpath settings uniformly, reducing administrative overhead and ensuring consistent performance and security controls. Administrators can manage RDP Shortpath settings centrally, control all Shortpath modes, and ensure compatibility with AVD host pool settings. Effective operation of RDP Shortpath requires appropriate network conditions, and policy changes necessitate a restart of session hosts or Cloud PCs.