registry values Archives

Winsage

December 2, 2025

Microsoft needs to make it easier to disable automatic Windows 11 updates

Updates in the Windows ecosystem are essential for enhancing stability, performance, and security. However, users of Windows 11 have expressed frustration due to frequent updates disrupting functionalities like network connectivity and printer access. Automatic updates can interrupt productivity, with unexpected restart prompts leading to potential loss of unsaved work. Issues with third-party programs and drivers often arise post-update, and older PCs experience significant performance degradation due to background updates. Many users face limitations with internet access, as substantial update sizes can consume data quickly, especially under fair usage policies. Storage constraints on older devices can lead to operational issues, and attempts to pause updates may not always be effective. While updates are crucial for delivering new features and security fixes, their frequency can diminish their perceived importance, causing users to delay addressing issues. Disabling automatic updates can be complicated, requiring adjustments in the Windows Update service, Group Policy Editor, or Registry, which may not be accessible or user-friendly. A simple one-click "Disable" button in the Windows Update settings would enhance user control over update installations, allowing them to manage updates according to their schedules.

Winsage

October 23, 2025

‘Unusable’—Microsoft Issues Emergency Update For All Windows 11 Users

Microsoft's recent mandatory security update, "Windows 11 KB5070773," has caused significant issues for users, including problems with localhost connections and a breakdown in the Windows Recovery Environment (WinRE), rendering essential peripherals like mice and keyboards non-functional. This emergency update is being rolled out to address the critical issue of non-responsive input devices in WinRE, which hampers recovery processes. Users must download and install the update manually, although it is designed to occur automatically for Windows 11 PCs on versions 24H2 and 25H2. The update will upgrade version 25H2 to Build 26200.6901 and version 24H2 to 26100.6901. Microsoft has acknowledged the severity of the situation, stating that the issue prevents navigation of recovery options within WinRE. Additionally, some users are experiencing errors related to smart card authentication and certificates, with a temporary workaround suggested by Microsoft.

Winsage

September 4, 2025

Windows 11 will finally let you switch themes based on schedule or time via PowerToys

Windows 11 will introduce an automated feature to switch between light and dark themes based on the time of day, currently being tested through a PowerToys utility expected by October 2025. Users can set custom hours or use location services for this functionality. Task Scheduler can also be used to create tasks that automatically switch themes by modifying registry values.

Winsage

August 23, 2025

Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection

A new method allows attackers to extract Windows secrets and credentials without being detected by most Endpoint Detection and Response (EDR) solutions. This technique enables individuals with access to a Windows machine to gather credentials for lateral movement within a network. The Local Security Authority (LSA) manages sensitive information through two in-memory databases: the SAM database, which stores user credentials, and the Security database, which holds LSA secrets. Access to these databases requires interaction with the SAM and SECURITY registry hives, protected by Discretionary Access Control Lists (DACLs) that limit access to SYSTEM privileges. Attackers typically face detection when accessing the lsass.exe process memory, as EDR solutions monitor high-risk activities. Researcher Sud0Ru has introduced a method that bypasses these defenses by using the undocumented API NtOpenKeyEx with the REGOPTIONBACKUPRESTORE flag, allowing attackers to read the SAM and SECURITY hives without SYSTEM-level privileges. To avoid detection, attackers use the RegQueryMultipleValuesW API, which is less monitored by EDRs, to extract encrypted secrets from the hives. This approach allows the operation to occur entirely in memory, leaving no on-disk artifacts and evading typical security alerts.

Winsage

July 19, 2025

This free tool is the best way to find and edit registry values on Windows

RegScanner is a free utility designed to simplify the process of locating specific registry keys in Windows 11. It offers highly customizable search options, allowing users to find keys based on specific terms, filter by key names or attributes, and refine results by modification date. The tool also supports remote searches and facilitates the creation of backups for registry items, enabling users to select multiple items for backup in REG and TXT formats. RegScanner is portable, available in a ZIP format, and compatible with Windows XP to Windows 11, requiring no administrator privileges for basic searches. It aims to reduce the time and frustration associated with registry management.

Winsage

March 5, 2025

Microsoft updates Windows 11 CPU support for OEM systems to include 8th to 10th Gen Intel CPUs

In mid-February 2025, Microsoft updated its support documentation regarding Intel processors' compatibility with Windows 11 24H2, adding several models from the 8th, 9th, and 10th generations that were previously excluded. These processors, introduced about eight years ago, can still perform adequately if their motherboards meet the TPM 2.0 requirement. Microsoft confirmed that these Intel CPU models meet the minimum system requirements for Windows 11 and indicated that future processor generations meeting similar principles will also be considered supported. Although the three Intel generations have not been reinstated on the official list, systems using these processors will not be rendered obsolete or stop receiving updates. Manufacturers are advised against using these older processors in new systems running Windows 11. An official list of supported CPUs for non-OEM or custom PC builders is not available, but builders should refer to Microsoft’s Windows 11 System Requirements, which require a CPU operating at 1 GHz or faster with two or more cores. It is possible to install Windows 11 on unsupported hardware by adjusting certain registry values, but this may result in missing system and security updates. Users can also continue using Windows 10 for ongoing security updates or consider transitioning to a Linux operating system.

Winsage

February 21, 2025

Windows 11 24H2 RDP hangs on login, RDP session connecting issues reported

Windows 11 has a significant issue affecting Remote Desktop Protocol (RDP) sessions during the login phase, potentially linked to the Windows 11 24H2 update or recent security updates KB5050094 and KB5051987. Administrators have reported difficulties in establishing RDP connections since the rollout of the 24H2 update, with issues persisting even when the RDP service is operational and firewall configurations are correct. Users have noted that changing the default RDP port from 3389 may resolve connection issues for some, although this workaround is not universally effective. Additionally, there are reports of RDP sessions hanging during the login process, particularly when reconnecting to previously disconnected sessions. To address the hanging issue, users can modify settings in the Group Policy Editor by enabling the "Select network detection on the server" policy and turning off Connect Time Detect and Continuous Network Detect. A system reboot is not necessary, but executing the gpupdate /force command is recommended. Alternatively, a Windows Registry script can be used to automate the process across multiple devices. As of February 21, Microsoft has not officially acknowledged these network issues, despite their widespread impact on users.

Winsage

February 19, 2025

These Windows 11 registry hacks will turn you into a PC pro

The Windows Registry Editor is accessed by pressing Win-R, typing regedit, and confirming with “OK.” The registry files are located in “C:WindowsSystem32config” and user-specific files in “C:Users[username].” The five main branches of the registry are: - HkeyCurrentUser: Configuration settings for the current user. - HkeyLocalMachine: Global settings for all users, requiring administrative rights for changes. - HkeyUsers: Contains user IDs for system profiles. - HkeyClassesRoot: Manages file name extensions and program shortcuts. - HkeyCurrentConfig: Links to keys under HkeyLocalMachineSystemCurrentControlSetHardware ProfilesCurrent. Users can create subkeys and values, which can be of different types. To modify the registry, select a key, use the “New” context menu, and double-click to edit. Creating a backup of the registry is recommended before making changes, which can be done using the Registry Backup Portable tool. To restore the registry, select the most recent backup and click “Restore Now.” Microsoft’s Process Monitor can be used to analyze registry values by filtering for “RegSetValue” and tracking changes. Certain registry values are restricted from modification for security reasons, such as the “widgets” feature in Windows 11. However, methods like batch files and PowerShell scripts can override these protections. Windows transmits diagnostic data to Microsoft, impacting user privacy. Tools like O&O Shutup10 and W10Privacy help manage telemetry settings.

Winsage

August 17, 2024

Dark mode not enough? Here’s how you can make the Windows 11 Start menu completely black

Windows 11 users can personalize their experience by changing the Start menu and taskbar to black through registry tweaks. This can be done easily by modifying the Windows Registry using a script saved as black.reg, which alters specific registry values. Users can also manually change these values using the Registry Editor, but this requires careful attention to detail and backing up the registry. Both methods ultimately achieve the same result. However, users should be aware that customizing these UI components may lead to inconsistencies, such as display issues in the Calendar view.

Winsage

July 29, 2024

New Specula tool uses Outlook for remote code execution in Windows

Microsoft Outlook has a vulnerability, CVE-2017-11774, that allows for remote code execution through a new framework called "Specula." This vulnerability, a security feature bypass, was patched in October 2017 but can still be exploited in file-sharing attacks. Attackers can create malicious document files to trick users into opening them, and despite Microsoft's mitigation efforts, they can set harmful home pages via Windows Registry values. Specula operates within Outlook's context, allowing non-privileged threat actors to manipulate WebView registry entries to connect to an external server. This enables the execution of arbitrary commands on compromised systems using custom VBScript files. Once the registry entry is set, it can be used for persistence and lateral movement across systems, taking advantage of Outlook's trusted process status to evade security measures. U.S. Cyber Command previously warned about the risks of CVE-2017-11774, which has been exploited by Iranian-sponsored APT groups since at least 2018.