Group Policy Editor Archives

Winsage

June 11, 2026

“It is intentional” Microsoft says Windows 11’s broken folder icons are by design. Here’s what’s going on.

In the June 2026 Security Update for Windows 11 and Windows 10, Microsoft implemented a change that prevents custom folder icons and localized folder names from appearing if derived from an untrusted "desktop.ini" file. Users may initially perceive this as a bug, as folders may revert to default settings without user intervention. To maintain customizations, organizations should add trusted sources to the "Trusted Sites" list via Control Panel. Businesses can enable the "Allow the use of remote paths in file shortcut icons" policy through the Group Policy Editor, although this may reduce security. Users can also remove the Mark-of-the-Web tag from trusted "desktop.ini" files using PowerShell commands. This update reflects a broader trend of prioritizing security over customization in the operating system.

Winsage

June 11, 2026

Windows Ready Print is Microsoft’s biggest overhaul of Windows printing in years

Microsoft is introducing Windows Ready Print (WRP), a new printing model that aims to modernize the printing experience on Windows by integrating contemporary communication standards like the Internet Printing Protocol (IPP) and Universal Print. WRP will manage newly installed printing devices by default starting in July 2026, while older printers and OEM drivers will still function on newer Windows releases. The initiative focuses on simplifying printing processes and enhancing reliability, with new options for customization available in Windows printer preferences. Users and administrators can choose to enforce or disable WRP-based print management. Additionally, new policies in Group Policy Editor will allow for the selection or blocking of drivers through WRP. The initiative is supported by the Mopria Alliance to improve security and compatibility in printer management across devices.

Winsage

June 10, 2026

Microsoft wants to end printer driver headaches with Windows Ready Print

Microsoft has released Windows 11 Experimental build 26300.8553, which includes customizable Start menus, enhanced search functionalities, and a refined Taskbar. A significant upgrade is the rebranding of the Modern Print Platform to Windows Ready Print, aimed at modernizing and securing the printing process. Microsoft is phasing out support for third-party printer drivers via Windows Update, transitioning to the Internet Printing Protocol (IPP) and the native Windows IPP printer driver. Starting July 2026, new printer installations on eligible devices will default to Windows Ready Print, though users can choose between Windows Ready Print and the traditional OEM process. This setting can be adjusted through the printer preferences in Settings and modified via Group Policy. Users can also enable Windows protected print mode to default to Windows Ready Print.

Winsage

May 30, 2026

How to Disable Windows Defender in Windows 11 (GUI, PowerShell, CMD & Group Policy)

Disabling Windows Defender is common among users setting up virtual machines or optimizing build processes, but it can be frustrating due to Windows 11's resistance to such actions. Many guides suggest using outdated registry keys, which are often reverted by updates, leading to repeated attempts to disable the protections. Users may disable Defender for several reasons, including performance issues with virtual machines, conflicts with Android emulators, hindrances in development environments, troubleshooting disk performance, and security testing in isolated labs. However, disabling antivirus software increases exposure to threats. Microsoft Defender includes components such as Antivirus, Real-Time Protection, Cloud-Delivered Protection, Tamper Protection, and Defender for Endpoint. Tamper Protection is a significant barrier to disabling Defender, as it prevents unauthorized changes to security settings. Key considerations before disabling Defender include the need for administrator rights, the effect of Tamper Protection, potential resets from Windows Updates, temporary toggles for Real-Time Protection, and the option to install third-party antivirus software, which places Defender in passive mode. Methods to disable Defender include using the Windows Security GUI, PowerShell commands, Command Prompt, or Group Policy (available only for certain editions). Disabling Tamper Protection requires accessing the GUI or being managed by an organization. To check if Defender is disabled, users can use PowerShell to review specific fields. Common reasons for Defender reactivating include enabled Tamper Protection, system reboots, Windows Updates, lack of third-party antivirus, and security policy refreshes. Installing a legitimate third-party antivirus is often the best way to maintain a consistent state. Instead of disabling Defender, users can add exclusions for specific folders related to virtual machines or development tools, allowing them to maintain protection while avoiding conflicts. Troubleshooting common problems includes ensuring elevated sessions for PowerShell, checking Tamper Protection status, and understanding the limitations of the Group Policy editor based on the Windows edition. Disabling Defender may be appropriate in specific scenarios, but for regular use, especially on machines handling sensitive tasks, the risks generally outweigh the benefits. Using exclusions is recommended for performance improvements without compromising security.

Winsage

May 26, 2026

Tame Windows 11 with Winhance + Group Policy as your preventive Affirmative Defense against undesired advertising, bloat and espionage by Allan Tépper

Users of Windows 11 face issues with unwanted advertising, bloatware, and privacy concerns. To combat these, a combination of Group Policy and Winhance is recommended. Group Policy can be used to preemptively instruct Windows to ignore specific undesired elements, while Winhance addresses issues that may re-emerge after updates. Group Policy is referred to as "Directivas de grupo local" in Castilian. Before implementing policies, Windows should be fully updated. Two essential policies to enhance control include removing default Microsoft Store packages and opting out of sending diagnostic data to Microsoft. Group Policies can be saved and shared if the target computer matches the original system's version and update status. Winhance is a tool that monitors and manages unwanted applications, offers customization options, and provides a list of third-party apps for replacing built-in applications.

Winsage

May 23, 2026

Windows 11 now lets you remove Microsoft Copilot app with Group Policy or Registry, as it tries to win back users

Recent feedback from Windows 11 users has led Microsoft to simplify the process of uninstalling Copilot due to dissatisfaction with its integration. A Group Policy option titled “Remove Microsoft Copilot app” has been introduced in the April 2026 Update, allowing users to remove Copilot via User Configuration > Administrative Templates > Windows Components > Windows AI. Users can also uninstall Copilot directly from the installed apps list or by right-clicking the icon, although it may reappear after a fresh installation due to certain updates. To uninstall Copilot and Microsoft 365 Copilot using Group Policy, the following conditions must be met: both apps must be installed, the user did not install them independently, and the Copilot app has not been used for over 28 days. This policy is supported on Pro, Enterprise, Education, and IoT Enterprise or LTSC versions of Windows 11. Windows 11 Home users can manually remove Copilot by creating a registry key at HKEYCURRENTUSERSoftwarePoliciesMicrosoftWindowsWindowsAI and setting a DWORD value named RemoveMicrosoftCopilotApp to 1. Alternatively, users can execute a PowerShell script to remove Copilot. Microsoft has not provided an uninstall option for Copilot in the Start menu.

Winsage

May 8, 2026

Windows 11 Clients: The Group Policy Editors gpedit.msc and GPMC are broken

The Group Policy Editors gpedit.msc and gpmc from the RSAT tools are experiencing functionality issues in Windows 11 due to a bug that causes an overflow error, resulting in incorrect configurations being saved. This issue was first reported by Mark Heitbrink to Microsoft in March 2026, but he has not received feedback. The bug appears to be unique to Windows 11 clients, as tests on Windows Server did not show the problem. Mark documented the bug with submission number VULN-180447 and case number 111952. He described how to reproduce the issue involving the group policy "Delay Foreground download from http" and the decimal value "4294967295," which gets altered to "2147483647" on Windows 11. Mark speculated that the issue might be due to the Windows client using the INT data type instead of unsigned INT, leading to an overflow. He noted that over 50 policies are affected by this MaxValue issue across various components.

Winsage

May 1, 2026

Microsoft now lets admins choose pre-installed Store apps to uninstall

Microsoft has updated its Windows 11 operating system to enhance the management of preinstalled applications. The new RemoveDefaultMicrosoftStorePackages policy allows IT administrators to remove any preinstalled MSIX/APPX applications by referencing their Package Family Name (PFN) through Group Policy Object (GPO) or custom OMA-URI for mobile device management (MDM). This feature requires devices to have at least the April 2026 Windows non-security update. It is available for Windows 11 version 24H2 Enterprise and Education editions, whereas it was initially exclusive to version 25H2 or later. A comprehensive list of supported applications and instructions for applying the policy are provided in Microsoft's documentation. Additionally, a new policy setting enables the uninstallation of the AI-powered Copilot digital assistant from enterprise devices after the April 2026 Patch Tuesday updates. The dynamic list option for this policy will be rolled out in the coming months.

Winsage

April 28, 2026

Microsoft Releases Enterprise Policy Option to Disable Windows 11 Copilot

Microsoft has introduced a new enterprise policy setting that allows IT administrators to silently uninstall the Microsoft Copilot app from managed Windows 11 devices. The RemoveMicrosoftCopilotApp policy became available after the April 2026 Patch Tuesday security updates and is compatible with enterprise management solutions like Microsoft Intune and System Center Configuration Manager (SCCM). Administrators can find the policy in the Group Policy Editor under User Configuration > Administrative Templates > Windows AI > Remove Microsoft Copilot App. It specifically targets Windows 11 Pro, Enterprise, and Education SKUs, excluding Home edition users. The uninstallation process is triggered when three conditions are met: Microsoft 365 Copilot is installed on the device, it was provisioned (not user-installed), and it has not been launched by the user in the last 28 days. The policy was initially available for Windows Insiders in January 2026 and became generally accessible afterward. However, future updates or user reinstalls from the Microsoft Store may reintroduce the Copilot app, necessitating ongoing policy enforcement for permanent removal. Organizations seeking broader exclusion may need to use PowerShell scripts or additional MDM configurations.

Winsage

April 27, 2026

Microsoft Adds Policy to Let IT Admins Uninstall Copilot From Enterprise Windows 11 Devices

Microsoft has introduced a policy allowing IT administrators to remove the Microsoft Copilot app from managed enterprise devices. This "Remove Microsoft Copilot App" policy will be available as a Policy CSP and Group Policy after the April 2026 Windows security updates for Windows 11 devices on the 25H2 update, specifically for Enterprise, Professional, and Education editions. The policy will uninstall Copilot under certain conditions: both Microsoft 365 Copilot and Microsoft Copilot must be installed, the user must not have manually installed the app, and the app must not have been launched in the past 28 days. Administrators can enable the policy through the Group Policy Editor or configure it via Microsoft Intune and SCCM after the April 2026 updates. The policy aligns with Microsoft's recent changes in managing Copilot, including the cessation of automatic installations and the cancellation of plans to integrate Copilot into system notifications and other features. The policy was initially available to Windows Insiders in January before becoming generally accessible in April 2026.