Enhancing Security with Remote Desktop Services: Limiting Console Session Access

In today’s digital landscape, securing remote access to systems is paramount. One effective method to enhance security is by configuring Remote Desktop Services (RDS) to limit the number of connections, thereby blocking access to the console session via Remote Desktop Protocol (RDP). Here’s a step-by-step guide on how to achieve this using Group Policy.

Step-by-Step Guide

  1. Open Group Policy Management Console (GPMC)
    • Press Win + R, type gpmc.msc, and press Enter. (or locally run gpedit.msc)
  2. Navigate to the Specific Policy
    • Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
  3. Configure the Policy
    • Locate the policy named “Limit number of connections”.
    • Double-click to open the policy settings.
  4. Enable and Set the Limit
    • Select “Enabled”.
    • In the “RD Maximum Connections allowed” box, set the desired number of connections. For instance, setting it to 1 ensures only one remote connection is allowed, effectively blocking access to the console session.
  5. Apply and Close
    • Click “Apply” and then “OK” to save the changes.
  6. Update Group Policy
    • Open Command Prompt as an administrator and run gpupdate /force and reboot the machine to apply the new policy settings.

Benefits of Limiting Connections

  • Enhanced Security: Restricting the number of connections minimizes the risk of unauthorized access.
  • Resource Management: Prevents system overload by limiting the number of active sessions.
  • Control and Monitoring: Easier to monitor and manage remote sessions, ensuring compliance with security policies.

By following these steps, administrators can effectively block access to the console session using RDP, thereby enhancing the overall security of their systems. This simple yet powerful configuration helps maintain a secure and efficient remote access environment.

Announcing Windows 11 Insider Preview Build 26120.1930 (Dev Channel)

Hi all, last Friday Microsoft released Windows 11 Insider Preview Build 26120.1930 (KB5044388) to the Dev Channel.

This build also has the policy templates for Administartor Protecion, only enableing them does not enable the feature (yet)

All Dev channel device upgrades went smooth here, make sure to use the Feedback Hub if any issues are spotted.

Happy Upgrades!

Changes and Improvements gradually being rolled out to the Dev Channel with toggle on*

[General]

  • This update includes a small set of general improvements and fixes that improve the overall experience for Insiders running this build on their PCs.

[Fonts]

  • There is a new simplified Chinese font (Simsun-ExtG) with 9,753 ideographs supporting Unicode Extensions GH and I. Included is the highly requested character for Biangbiang noodles. This character U+30EDD is said to be the most complicated Chinese character, as you can see in the image below. We are aware that some applications may not be able to display these new extension characters yet.
    • Unicode range G 30000-3134A (4,939 chars)
    • Unicode range H 31350-323AF (4,192 chars)
    • Unicode range I 2EBF0-2EE5D (622 chars)
Biangbiang character Unicode 30EDD.
Biangbiang character Unicode 30EDD.

[Windows Sandbox]

  • The new Windows Sandbox Client Preview that began rolling out with Build 26120.1843 should now be available to all Insiders in the Dev Channel.
Windows Sandbox Client Preview with new dropdown showing clipboard redirection, audio/video input control, and the ability to share folders with the host.
Windows Sandbox Client Preview with new dropdown showing clipboard redirection, audio/video input control, and the ability to share folders with the host.

Fixes gradually being rolled out to the Dev Channel with toggle on*

[Other]

  • Fixed an issue for some Insiders with dual boot devices, where the boot menu (where you select which OS to boot into) wasn’t displaying correctly (the color was wrong, and it might only display in half the available space).

Changes and Improvements gradually being rolled out to everyone in the Dev Channel

[Settings]

  • We are adding the ability to configure the Copilot key. You can choose to have the Copilot key launch an app that is MSIX packaged and signed, thus indicating the app meets security and privacy requirements to keep customers safe. The key will continue to launch Copilot on devices that have the Copilot app installed until a customer selects a different experience. This setting can be found via Settings > Personalization > Text input. If the keyboard connected to your PC does not have a Copilot key, adjusting this setting will not do anything. We are planning further refinements to this experience in a future flight.
New setting for configuring the Copilot key highlighted in a red box.
New setting for configuring the Copilot key highlighted in a red box.

Known issues

[General]

  • This build may fail to install with error 0x800f0983. If you see this error, please try to install it again, as it should work on retry. If it stays on 0%, please be patient – it should proceed.

[Start menu]

  • If you click or tap on a letter on Start menu’s All apps list, the All apps list may break. If you encounter this issue, please try rebooting or restarting explorer.exe to fix it.

New Clock widgets: Countdown and Timer

We are rolling out a Clock app update to Windows Insiders across all Insider Channels that includes two new clock widgets: countdown and timer. Make sure you have the latest version of the Clock app update from the Microsoft Store (version 11.2408.9.0 and higher). After you open the widgets board, you can open the widgets picker by clicking the “+” button in the top right corner where you would be able to add these widgets to your board.

New countdown and timer widgets from the Clock app showing on the widgets board.
New countdown and timer widgets from the Clock app showing on the widgets board.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Apps > Clock App.

source: Windows Blogs

Announcing Windows 11 Insider Preview Build 27718 (Canary Channel)

Hi all, last Wednesday Microsoft released Windows 11 Insider Preview Build 27718 to the Canary Channel. ISOs for this build – they can be >downloaded here<.

The new Administrator protection is available in this build, it can be enabled through Intune policy or local policy if you want to test:

in Intune, create a new policy Windows 10 or later from settings catalog, search for insider, select Local PoliciesSecurity options:

add this setting

in policies:

Quick waring though, sometimes the promt does not load causing the pc to get stuck on the secure desktop requiring to reboot he device to get out of it (FeedbackHub: https://aka.ms/AAslpvo)

Happy Upgrades!

Changes and Improvements

[General]

  • [REMINDER] Insider Preview Build Expiration: The expiration date for Insider Preview builds flighted to the Canary Channel has been updated to 9/15/2025 starting with Build 27695Please make sure you are updated to the latest build in the Canary Channel.

[Lock screen]

  • We have updated the Lock screen so that the media controls will now show at the lower bottom center of the Lock screen now when media is being played.
Updated position of media controls shown on the Lock screen when media is being played highlighted in a red box.
Updated position of media controls shown on the Lock screen when media is being played highlighted in a red box.

[Start menu]

  • You can drag apps from the Pinned section of the menu and pin them to the taskbar.
  • [ADDED] Based on feedback, we’ve made some updates to the new account manager on the Start menu making the sign out option directly visible, and adding a list of signed in users under “…” so it’s faster to switch accounts.
New account manager on the Start menu with sign out option directly visible highlighted in a red box.
New account manager on the Start menu with sign out option directly visible highlighted in a red box.

[Taskbar & System Tray]

  • Updated the taskbar to now support first letter navigation, so when keyboard focus is set to the taskbar (WIN + T), you can press a letter, and it will jump to the open or pinned app whose name starts with that letter. Pressing the letter multiple times will jump to the subsequent app which starts with that letter, if there are multiple apps for that letter. For those using uncombined taskbar, rather than app name, the first letter navigation will use window name. Along with this, pressing Home and End will now move keyboard focus to the first and last (respectively) items in the taskbar.

[Notifications]

  • If desired, there’s now an option to turn off the suggestions to disable notifications from certain apps. You can now press the “…” within the notification to disable the notification, as you can with other notifications, or you can go to the list of notification senders in Settings > System > Notifications and turn it off from there (called “Notification Suggestions” in the list). Note – this entry will only appear in the senders list after you have received one.

[Windows Share]

  • We’re rolling out some minor UI changes to simplify the Windows share window which removes the search box.

[Narrator]

  • We have made several changes to improve the performance of Narrator scan mode. This is expected to make scan mode responses much quicker, especially while using Microsoft Edge, and reading through large documents. To try out scan mode, turn on Narrator first (Win key + Ctrl + Enter), and then turn scan mode ON by pressing Caps Lock + Spacebar during a Narrator session.

[Energy Saver]

  • For laptops on battery, a notification will pop up asking you to plug in your laptop if the battery level reaches 20% while Energy Saver is set to “Always On”.

[Windows Update]

  • We’ve made some small design improvements to the dialog that opens if there’s something that needs your attention before proceeding with a Windows update, for example if more space is needed or there’s a compatibility issue. This includes updating the icon sizes and spacing.

[Input]

  • We have updated Settings > Bluetooth & Devices > Touch to have a new section for touch screen edge gestures, where you can choose if you would like to disable the left or right screen edge touch gesture. Note, this feature is rolling out so not all Insiders in the Canary Channel will see it right away.

[Administrator protection]

  • Administrator protection is an upcoming platform security feature in Windows 11, which aims to protect free floating admin rights for administrator users allowing them to still perform all admin functions with just-in-time admin privileges. This feature is off by default and needs to be enabled via group policy. We plan to share more details about this feature at Microsoft Ignite.

Fixes

[General]

  • Fixed an issue which was causing some Insiders to experience a hang at the boot screen and their PC to roll back with error 0xC1900101 when trying to upgrade to the previous flight.
  • Fixed an issue in the last 2 Canary builds which was causing sporadic explorer.exe crashes when moving windows around.
  • Fixed an issue causing some Insiders on the last 2 Canary builds to see a bugcheck with error message “SYSTEM_SERVICE_EXCEPTION”.

[Input]

  • Fixed an issue causing the emoji panel to close when trying to switch to the kaomoji and symbols sections, or after selecting an emoji.
  • Updated the logic for the setting “Press the lower right corner of the touchpad to right-click” Settings > Bluetooth & Devices > Touchpad so it shouldn’t show in cases where the touchpad doesn’t support the functionality.

[Widgets]

  • Fixed an issue which could result in the Widgets icon unexpectedly displaying in the taskbar twice sometimes.

[Other]

  • Fixed a high hitting wmiprvse.exe crash in the last 2 Canary flights.
  • Fixed an issue which was causing certain apps (like Media Player) to crash when playing audio for some Insiders in the last 2 Canary flights.
  • Fixed an issue for some Insiders with dual boot devices, where the boot menu (where you select which OS to boot into) wasn’t displaying correctly (the color was wrong, and it might only display in half the available space).

Known issues

[General]

  • [IMPORTANT NOTE FOR COPILOT+ PCs] If you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel or retail, you will lose Windows Hello pin and biometrics to sign into your PC with error 0xd0000225 and error message “Something went wrong, and your PIN isn’t available”. You should be able to re-create your PIN by clicking “Set up my PIN”.

[Movies & TV]

  • [NEW] Insiders may not be able to play purchased content in the Movies & TV app on the recent Canary Channel builds. This issue will soon be fixed in a future flight.

[Input]

  • [NEW] We’re working on the fix for an underlying issue causing the Emoji Panel and Clipboard History to not open in certain surfaces anymore, including in Registry Editor.

Microsoft Store Update

Windows Insiders in the Canary and Dev Channels running version 22409.xxxx.x of the Microsoft Store and higher will see the following improvement rolling out:

  • App Categories: The apps page on the Microsoft Store will now show a new categories experience just under the featured section. Clicking on any of the options will lead you to a page where you can browse a variety of apps for that category. We hope you find this new experience helpful as you browse the store to find your next favorite app. Let us know what you think!
New app categories shown on the apps page in the Microsoft Store under the featured section.
New app categories shown on the apps page in the Microsoft Store under the featured section.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Microsoft Store.

New Clock widgets: Countdown and Timer

We are rolling out a Clock app update to Windows Insiders across all Insider Channels that includes two new clock widgets: countdown and timer. Make sure you have the latest version of the Clock app update from the Microsoft Store (version 11.2408.9.0 and higher). After you open the widgets board, you can open the widgets picker by clicking the “+” button in the top right corner where you would be able to add these widgets to your board.

New countdown and timer widgets from the Clock app showing on the widgets board.
New countdown and timer widgets from the Clock app showing on the widgets board.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Apps > Clock App.

source: Windows Blogs

Windows 11 24H2: The Future of Computing is Here

October 1, 2024 marks a significant milestone in the tech world with the release of Windows 11 version 24H2. This update, also known as the Windows 11 2024 Update, is now available for all users, bringing a host of new features and improvements designed to enhance your computing experience.

What’s New in Windows 11 24H2?

The 24H2 update is packed with exciting new features and enhancements:

  1. AI-Powered Features: The update introduces several AI-driven functionalities, particularly for Copilot+ PCs. These include local AI processing, Auto Super Resolution for gaming, and AI-powered live captions with translation in over 44 languages.
  2. File Explorer Enhancements: Users can now enjoy a redesigned context menu, the ability to create 7z and TAR files directly, and a new home tab layout that includes shared documents.
  3. Improved Gaming Performance: The update brings better gaming performance on certain GPUs and CPUs, making your gaming experience smoother and more immersive.
  4. New Outlook App: A revamped Outlook app for email, calendar, and contacts is included, offering a more integrated and efficient user experience.
  5. Voice Clarity: This feature uses AI to remove background noise picked up by your microphone, ensuring clearer communication during video calls.
  6. Energy Saver Mode: Replacing the old battery saver, this mode now applies to both laptops and desktops, helping you manage power consumption more effectively.

Availability

The Windows 11 24H2 update is rolling out in waves, so if you haven’t received it yet, don’t worry—it will be available to you soon. You can also manually check for updates through your system settings.

Important Upgrade Advice

Before you upgrade, here are a few tips to ensure a smooth transition:

  • Check Application Compatibility: Make sure your essential applications are supported on the new build. This can prevent any disruptions in your workflow.
  • Update Your Drivers: Ensure all your hardware drivers are up to date. This helps avoid unnecessary complications and ensures your system runs smoothly with the new update.

This update is a testament to Microsoft’s commitment to innovation and user experience. Whether you’re a gamer, a professional, or just someone who loves exploring new tech, Windows 11 24H2 has something for everyone.

Stay tuned for more updates and tips on how to make the most out of your Windows 11 experience!

Announcing Windows 11 Insider Preview Build 26120.1843 (Dev Channel)

Hi all, Yesterday Microsoft released Windows 11 Insider Preview Build 26120.1843 (KB5043185) to the Dev Channel.

After two weeks of waiting, the patience has finally paid off! Last night, new builds were released for both the Dev and Beta channels, featuring the latest testing features aimed at the 24H2 build.

Cloud and local pc’s updated perfectly and smoothly here

Happy Upgrades!

New features gradually being rolled out to the Dev Channel with toggle on*

Shared Content in File Explorer Home 

File Explorer will now provide you with quick access to files that have been shared with you. If you are signed into Windows with your Microsoft account, you will be able to view files that have been shared with your account, such as email, Teams chat, etc. If you are a commercial customer who is signed-in with your Microsoft Entra ID account, you will additionally be able to view files that they have shared with others. You can access this feature by launching File Explorer Home and clicking on the ‘Shared’ tab item.

You will also be able to view a broader set of file types in their Recent, Favorites, and Shared sections on the homepage. For example, if you’ve recently opened/edited files in Designer, Loop, Power BI, Forms, etc. these files will now be available in your Recent list.

File Explorer Home with new tabs for Recent, Favorites, and Shared.
File Explorer Home with new tabs for Recent, Favorites, and Shared.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Files Folders and Online Storage > File Explorer.

Windows Sandbox Client Preview

This build includes the new Windows Sandbox Client Preview that is now updated via the Microsoft Store. As part of this preview, we’re introducing runtime clipboard redirection, audio/video input control, and the ability to share folders with the host at runtime. You can access these via the new “…” icon at the upper right on the app.  Additionally, this preview includes a super early version of command line support (commands may change over time). You can use ‘wsb.exe –help’ command for more information.

Windows Sandbox Client Preview with new dropdown showing clipboard redirection, audio/video input control, and the ability to share folders with the host.
Windows Sandbox Client Preview with new dropdown showing clipboard redirection, audio/video input control, and the ability to share folders with the host.

FEEDBACK: Send us feedback in Feedback Hub (WIN + F) under Security & Privacy > Windows Sandbox.

Changes and Improvements gradually being rolled out to the Dev Channel with toggle on*

[General]

  • For new PCs or new user accounts on managed commercial devices (PCs running Windows 11 Enterprise, Education, or Pro logged in with an Entra ID (or domain), the Microsoft 365 app will be pinned to the taskbar for quick access to Copilot for Microsoft 365. Existing commercial PCs that still have the previous Copilot in Windows experience will see that replaced with the Copilot app pinned to their taskbar.

[Lock screen]

  • We have updated the Lock screen so that the media controls will now show at the lower bottom center of the Lock screen now when media is being played.
Updated position of media controls shown on the Lock screen when media is being played highlighted in a red box.
Updated position of media controls shown on the Lock screen when media is being played highlighted in a red box.

[Start menu]

  • When right-clicking on apps pinned to the Start menu, jump lists will be shown for apps that have them such as PowerPoint.
Jump lists will now be shown when right-clicking on apps pinned to the Start menu such as PowerPoint that have jump lists.
Jump lists will now be shown when right-clicking on apps pinned to the Start menu such as PowerPoint that have jump lists.
  • Based on feedback, we’ve made some updates to the new account manager on the Start menu making the sign out option directly visible, and adding a list of signed in users under “…” so it’s faster to switch accounts.
New account manager on the Start menu with sign out option directly visible highlighted in a red box.
New account manager on the Start menu with sign out option directly visible highlighted in a red box.

[Taskbar & System Tray]

  • We are trying out a more simplified system tray to highlight the date/time in a shortened form and to show the notifications bell icon based on DND status. Without the notification bell icon, you can get to your notifications by clicking the date and time to Notification Center. You can revert to the long form of the date/time and bell icon visuals by toggling the values in the Settings via Settings > Date and Time under “Show time and day in the system tray” and Settings > System > Notifications under “Notifications”. These settings are also accessible through the context menu shown by right clicking the system tray clock/bell icon button.
Simplified system tray shown with shortened form data and time and no notification bell icon.
Simplified system tray shown with shortened form data and time and no notification bell icon.

[Search on the Taskbar]

  • We are beginning to roll out the ability to share local files directly from within the search results shown in the search box on the taskbar.
New option to share a local file highlighted in a red box in the search results from the search box on the taskbar.
New option to share a local file highlighted in a red box in the search results from the search box on the taskbar.

[Input]

  • We have updated Settings > Bluetooth & Devices > Touch to have a new section for touch screen edge gestures, where you can choose if you would like to disable the left or right screen edge touch gesture.

[Notifications]

  • If desired, there’s now an option to turn off the suggestions to disable notifications from certain apps. You can now press the “…” within the notification to disable the notification, as you can with other notifications, or you can go to the list of notification senders in Settings > System > Notifications and turn it off from there (called “Notification Suggestions” in the list). Note – this entry will only appear in the senders list after you have received one.

[Settings]

  • In response to feedback, we have added a detach virtual hard disk (VHD/`VHDx) button to Settings making it much simpler to detach your VHD/VHDx as needed. This option is available under Settings > System > Storage > Disks & Volumes, in the properties for your VHD/VHDx.
New detach VHD button under highlighted in a red box in properties of attached VHD in Settings.
New detach VHD button under highlighted in a red box in properties of attached VHD in Settings.
  • We’ve designed the settings page for Delivery Optimization under Settings > Windows Update > Advanced options > Delivery Optimization to match the Windows 11 design principles.
Delivery Optimization settings page with updated design.
Delivery Optimization settings page with updated design.
  • We’ve updated the dialog when viewing your Wi-Fi password under Settings > Network & internet to match the Windows 11 visuals.
  • [ADDED] We’re beginning to roll out a change that redirects links for the Fonts Control Panel page to the Fonts settings page at Settings > Personalization > Fonts. Insiders who see this change can still access the Fonts Control Panel UI by navigating to the system fonts folder in File Explorer and a link to the system fonts folder is also provided on the Font settings page.

Fixes gradually being rolled out to the Dev Channel with toggle on*

[File Explorer]

  • Fixed an issue where when pressing WIN + E, a screen reader might unexpectedly say a pane had focus, or focus may not be set within File Explorer at all.
  • Fixed an issue which was causing CTRL + F to sometimes not start a search in File Explorer.
  • Fixed an issue where keyboard focus might get lost sometimes when doing Shift + Tab in File Explorer.
  • Fixed an issue causing screen readers to not announce when you were opening or navigating items in the breadcrumb flyouts of the open or save dialog.
  • Fixed an issue causing screen readers to not announce anything when opening or navigating items in the column header flyout in File Explorer.

[Input]

  • Updated the logic for the setting “Press the lower right corner of the touchpad to right-click” Settings > Bluetooth & Devices > Touchpad so it shouldn’t show in cases where the touchpad doesn’t support the functionality.

[Task Manager]

  • Fixed an issue where the background wasn’t displayed correctly in Task Manager settings.

Fixes for everyone in the Dev Channel

[General]

  • We can confirm that the Recall feature is no longer showing as an option under the ‘Turn Windows features on or off’ dialog in the Control Panel in Windows.
  • Fixed an underlying issue believed to be the cause of Insiders on the previous flight finding the Windows Modules Installer (tiworker.exe) unexpectedly using 100% of the CPU, causing freezes and other issues on PCs.
  • Fixed an issue causing some Insiders to fail to install the latest updates, seeing error 0x800f0993.

[Input]

  • Fixed an issue causing text suggestions for the hardware keyboard to not work properly (selecting one unexpectedly concatenates).

[Widgets]

  • Fixed an issue which could result in the Widgets icon unexpectedly displaying in the taskbar twice sometimes.

[Other]

This update includes fixes for the following issues:

  • [FrameShutdownDelay] The browser ignores its value in the “HKLM\SOFTWARE\Microsoft\Internet Explorer\Main” registry key.
  • [Unified Write Filter (UWF) and Microsoft System Center Configuration Manager (SCCM)] An SCCM task to re-enable UWF fails because of a deadlock in UWF. This stops the device from restarting when you expect it.
  • [OpenSSH] This update adds a prompt that asks you to confirm when you turn on OpenSSH using the Server Manager UI.
  • [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.
  • [Domain Name System (DNS)] This update hardens DNS server security to address CVE-2024-37968. If the configurations of your domains are not up to date, you might get the SERVFAIL error or time out.
  • [vmswitches] They fail to enumerate using Get-VMSwitch command.
  • [Windows Installer] When it repairs an application, the User Account Control (UAC) does not prompt for your credentials. After you install this update, the UAC will prompt for them. Because of this, you must update your automation scripts. Application owners must add the Shield icon. It indicates that the process requires full administrator access. To turn off the UAC prompt, set the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableLUAInRepair registry value to 1. The changes in this update might affect automatic Windows Installer repairs; see Application Resiliency: Unlock the Hidden Features of Windows Installer.
  • [Group Policy Preferences Item Level Targeting (ILT) and Local Users and Groups] You cannot choose a group from the target domain for ILT. Also, you cannot choose an account from Local Users and Groups. The forest does not appear. This issue occurs when you deploy multiple forests, and the target domain has a one-way trust with the domain of the admin. This issue affects Enhanced Security Admin Environment (ESAE), Hardened Forests (HF), or Privileged Access Management (PAM) deployments.
  • [Task Manager] Graphs on the Performance page in Task Manager do not show the correct colors when you use dark mode.
  • [Remote Desktop Services] It stops responding.

Known issues

[General]

  • [IMPORTANT] Windows Insiders joining the Dev Channel on PCs running Windows 11, version 24H2 Build 26100.xxxx will see “(repair version)” noted next to the latest Dev Channel build from Windows Update. This is nothing to worry about as all it means is that an in-place upgrade will happen to update your PC to the latest build in the Dev Channel.
  • [NEW] This build may fail to install with error 0x800f0983. If you see this error, please try to install it again, as it should work on retry. If it stays on 0%, please be patient – it should proceed.
  • [NEW] Reset your PC > Cloud Download won’t work on this build, it will get stuck on Getting Things Ready. Please choose the non-cloud option if you need to reset while we work on a fix.

[Start menu]

  • [NEW] If you click or tap on a letter on Start menu’s All apps list, the All apps list may break. If you encounter this issue, please try rebooting or restarting explorer.exe to fix it.

Snipping Tool Update

We are rolling out an update for Snipping Tool (version 11.2408.13.0 and newer) to Windows Insiders in the Canary and Dev Channels that introduces the ability to change the folder that original screenshots and screen recordings are automatically saved to. Just go to app settings in Snipping Tool to select a new default folder to try it out!

Setting in Snipping Tool to change the folder that screenshots and screen recordings are automatically saved.
Setting in Snipping Tool to change the folder that screenshots and screen recordings are automatically saved.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Apps > Snipping Tool.

source: Windows Blogs

How Earning a Microsoft Learn Badge Every Day Since January 1st, 2021, Has Enriched My Knowledge and Improved My Ability to Support My Peers

Embarking on a journey to earn a Microsoft Learn Badge every day since January 1st, 2021, has been a transformative experience. This commitment has not only expanded my technical knowledge but also significantly enhanced my ability to support my peers. Here’s how this daily practice has enriched my professional and personal growth.

A Daily Dose of Knowledge

Earning a badge each day has kept me consistently engaged with the latest technologies and best practices. Microsoft Learn offers a wide range of topics, from Azure and AI to Power Platform and Dynamics 365. This variety has allowed me to build a comprehensive skill set, making me a versatile professional capable of tackling diverse challenges.

Staying Ahead of the Curve

The tech industry evolves rapidly, and staying updated is crucial. By dedicating time daily to learning, I’ve ensured that my knowledge remains current. This proactive approach has given me a competitive edge, enabling me to anticipate and adapt to industry trends swiftly.

Enhancing Problem-Solving Skills

Each badge represents a new challenge conquered. The process of understanding complex concepts and applying them to real-world scenarios has sharpened my problem-solving skills. This continuous learning cycle has made me more adept at identifying issues and devising effective solutions.

Building a Strong Foundation

The structured learning paths in Microsoft Learn have helped me build a strong foundation in various domains. This solid base has been instrumental in understanding advanced topics and integrating them into my work. It’s like constructing a building; a robust foundation ensures stability and longevity.

Empowering My Peers

One of the most rewarding aspects of this journey has been the ability to support my peers. With a wealth of knowledge at my disposal, I’ve become a go-to person for advice and guidance. Whether it’s troubleshooting a technical issue or recommending learning resources, I’m able to provide valuable support, fostering a collaborative and productive environment.

Fostering a Growth Mindset

Committing to daily learning has instilled a growth mindset in me. I’ve embraced the idea that skills and intelligence can be developed through dedication and hard work. This mindset has not only boosted my confidence but also inspired those around me to pursue continuous learning.

Creating a Culture of Learning

My journey has had a ripple effect on my team. Seeing my dedication, many colleagues have been motivated to embark on their own learning paths. This collective pursuit of knowledge has created a culture of learning within our organization, driving innovation and excellence.

Conclusion

Earning a Microsoft Learn Badge every day since January 1st, 2021, has been a remarkable journey of growth and discovery. It has enriched my knowledge, honed my skills, and empowered me to support my peers effectively. As I continue this journey, I’m excited about the endless possibilities that lie ahead and the positive impact it will have on my professional and personal life.

Thank you Microsoft Learn!

https://aka.ms/learn

#365DaysOfLearn on X

Announcing Windows 11 Insider Preview Build 27695 (Canary Channel)

Hi all, Yesterday Microsoft released Windows 11 Insider Preview Build 27695 to the Canary Channel.

Fast and smooth upgrades here, nice to have a downtime estimate when rebooting

Happy Upgrades and don’t forget to file actionable feedback when spotting bugs or issues.

What’s new with Build 27695

New position for the Widgets entry-point on left-aligned taskbars 

We’re beginning to roll out a new position for the Widgets entry-point on left-aligned taskbars. The taskbar entry-point will move to the left of the systems tray and will be wider so you can see richer content from Widgets on your taskbar. When you launch the Widgets board, it will fly out from the right side instead of the left side.

The Widgets entry-point at its new position to the left of system tray on a left-aligned taskbar.
The Widgets entry-point at its new position to the left of system tray on a left-aligned taskbar.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Desktop Environment > Widgets.

Windows LAPS: Retrieve encrypted passwords during Active Directory recovery situations

Windows Local Administrator Password Solution (LAPS) has been improved with a new ability to recover encrypted passwords from Active Directory (AD) backup media even when there are zero AD domain controllers running.

Windows LAPS encrypted passwords offer much better security over the traditional approach of storing clear-text passwords in Active Directory. Windows LAPS password encryption is based on Cryptography API: Next Generation Data Protection API (CNG DPAPI). Under normal operating conditions, the decryption keys are always retrieved from a running AD domain controller. When an unexpected disaster occurs, there may be no AD domain controllers running.

You can now use the Get-LapsADPassword PowerShell cmdlet to retrieve and decrypt Windows LAPS encrypted passwords from Active Directory backup media (mounted using the AD snapshot browser, aka dsamain.exe) with zero network interaction with any AD domain controller. In fact, this operation is now possible even when running on a non-domain-joined, workgroup machine. If you still have access to your AD backup media, all Windows LAPS encrypted passwords will now be recoverable regardless of the situation.

This new improvement is implemented in the existing Get-LapsADPassword PowerShell cmdlet. When the -Port and -RecoveryMode parameters are both specified, any retrieved passwords will be automatically decrypted in a purely local operation using the decryption keys found in the snapshot browser.

Step 1: Mount the Active Directory backup media database:

Command line view of mounting an Active Directory backup media database.
Command line view of mounting an Active Directory backup media database.

Step 2: Recover the Windows LAPS passwords from the mounted AD backup media database:

PowerShell view of recovering Windows LAPS passwords from a mounted Active Directory backup media database.
PowerShell view of recovering Windows LAPS passwords from a mounted Active Directory backup media database.

Step 3: This step is informative only; the screenshot below demonstrates that the above operations were executed on a workgroup machine:

View of all the operations for executing recovery of Windows LAPS passwords from a mounted Active Directory backup media database.
View of all the operations for executing recovery of Windows LAPS passwords from a mounted Active Directory backup media database.

In summary this improvement resolves a key Windows LAPS concern of how to recover Windows LAPS passwords in a disaster scenario where no AD domain controllers are running. For more information see: Retrieving passwords during AD disaster recovery scenarios.

Changes and Improvements

[General]

  • Insider Preview Build Expiration: The expiration date for Insider Preview builds flighted to the Canary Channel has been updated to 9/15/2025 starting with Build 27691. Please make sure you are updated to the latest build in the Canary Channel.
  • Some Insiders in the Canary Channel will begin to see an estimated time for how long their PC will be offline to install Build 27695. This estimate will be shown on the Windows Update settings page and via the Start menu power button.
Estimated time for how long a PC will be offline to install a build as shown on the Windows Update settings page.
Estimated time for how long a PC will be offline to install a build as shown on the Windows Update settings page.

[Notifications]

  • If desired, there’s now an option to turn off the suggestions to disable notifications from certain apps. You can now press the “…” within the notification to disable the notification, as you can with other notifications, or you can go to the list of notification senders in Settings > System > Notifications and turn it off from there (called “Notification Suggestions” in the list). Note – this entry will only appear in the senders list after you have received one.

[Windows Share]

  • We are rolling out the ability to easily share content to an Android device from Windows share window. The feature requires you to pair your Android device to your Windows PC using the Link to Windows app on Android and Phone Link on your PC.
Updated UI for sharing content to an Android device via the Windows share window showing an updated icon in the Nearby Share section.
Updated UI for sharing content to an Android device via the Windows share window showing an updated icon in the Nearby Share section.

[Widgets]

  • We are rolling out an update to the Widgets Board to improve security and the APIs for creating widgets and feeds for users in EEA regions. As part of this update, the Microsoft Start Experiences app will power the Microsoft Start widget and feed experiences. Also, as part of this update, some existing widgets will be removed and others will be modified, temporarily affecting their functionality. This update sets the foundation for new widgets and other features in development, set to roll out soon.

Fixes

[File Explorer]

  • Fixed an issue where when pressing WIN + E, a screen reader might unexpectedly say a pane had focus, or focus may not be set within File Explorer at all.
  • Fixed an issue which was causing CTRL + F to sometimes not start a search in File Explorer.
  • Fixed an issue where keyboard focus might get lost sometimes when doing Shift + Tab in File Explorer.
  • Fixed an issue causing screen readers to not announce when you were opening or navigating items in the breadcrumb flyouts of the open or save dialog.
  • Fixed an issue causing screen readers to not announce anything when opening or navigating items in the column header flyout in File Explorer.

[Task Manager]

  • Fixed an issue where the colors in the Performance section weren’t displayed correctly in dark mode.

[Windows Sandbox]

  • Fixed an underlying issue which could cause Windows Sandbox to fail to launch with error 0x80070005 sometimes.

[Other]

  • Fixed an issue where when installing Windows by booting from recent install media, it wouldn’t make itself the default partition if another version of Windows was installed.
  • Fixed an issue underlying issue causing dfrgui.exe (Defrag and Optimize drives) to fail in the previous flight with a pop up saying SXSHARED_UCRT.dll was not found. This is also believed to be the cause of seeing an error saying “the specified module could not be found” errors in that flight when trying to use the backup options in Control Panel.

Known issues

[General]

  • [IMPORTANT NOTE FOR COPILOT+ PCs] If you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel or retail, you will lose Windows Hello pin and biometrics to sign into your PC with error 0xd0000225 and error message “Something went wrong, and your PIN isn’t available”. You should be able to re-create your PIN by clicking “Set up my PIN”.

[Input]

  • We are working on the fix for an issue causing the emoji panel to close when trying to switch to the kaomoji and symbols sections, or after selecting an emoji.

source: Windows Blogs

Announcing Windows 11 Insider Preview Build 26120.1542 (Dev Channel)

Hi all, Last Monday Microsoft released Windows 11 Insider Preview Build 26120.1542 (KB5041872) to the Dev Channel.

Another small update to the dev channel while the release preview channel is cathing up with the 26100.xx builds

24h2 seems to be right around the corner.

Happy Upgrades!

Don’t forget to turn on the slider below to get the lates rollouts on you device.

Turn on the toggle to get the latest updates as they are available to get new features rolled out to you.
Turn on the toggle to get the latest updates as they are available to get new features rolled out to you.

Going forward, we will document changes in Dev Channel builds in two buckets: new features, improvements, and fixes that are being gradually rolled out for Insiders who have turned on the toggle to get the latest updates as they are available and then new features, improvements, and fixes available to everyone in the Dev Channel.

New features gradually being rolled out to the Dev Channel with toggle on*

New position for the Widgets entry-point on left-aligned taskbars 

We’re beginning to roll out a new position for the Widgets entry-point on left-aligned taskbars. The taskbar entry-point will move to the left of the systems tray and will be wider so you can see richer content from Widgets on your taskbar. When you launch the Widgets board, it will fly out from the right side instead of the left side.

The Widgets entry-point at its new position to the left of system tray on a left-aligned taskbar.
The Widgets entry-point at its new position to the left of system tray on a left-aligned taskbar.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Desktop Environment > Widgets.

Changes and Improvements gradually being rolled out to the Dev Channel with toggle on*

[Taskbar & System Tray]

  • Updated the taskbar to now support first letter navigation, so when keyboard focus is set to the taskbar (WIN + T), you can press a letter, and it will jump to the open or pinned app whose name starts with that letter. Pressing the letter multiple times will jump to the subsequent app which starts with that letter, if there are multiple apps for that letter. For those using uncombined taskbar, rather than app name, the first letter navigation will use window name. Along with this, pressing Home and End will now move keyboard focus to the first and last (respectively) items in the taskbar.

[Widgets]

  • We are rolling out an update to the Widgets Board to improve security and the APIs for creating widgets and feeds for users in EEA regions. As part of this update, the Microsoft Start Experiences app will power the Microsoft Start widget and feed experiences. Also, as part of this update, some existing widgets will be removed and others will be modified, temporarily affecting their functionality. This update sets the foundation for new widgets and other features in development, set to roll out soon.

Fixes gradually being rolled out to the Dev Channel with toggle on*

[Input]

  • Fixed an issue causing text suggestions for the hardware keyboard to not work properly (selecting one unexpectedly concatenated).
  • Fixed an issue causing the emoji panel to close when trying to switch to the kaomoji and symbols sections, or after selecting an emoji.

[Other]

  • Fixed an issue in Registry Editor where when editing a DWORD or QWORD if you pasted in a HEX value into the text box and saved it, the value saved might not be the one you had entered (for example, pasting 0x1 would become 0x411).

Fixes for everyone in the Dev Channel

[General]

  • Fixed an issue where adding additional languages or optional features might fail with error 0x800f081f in the last few flights.

[Other]

  • [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
  • [Group Policy Preferences Item Level Targeting (ILT) and Local Users and Groups] You cannot choose a group from the target domain for ILT. Also, you cannot choose an account from Local Users and Groups. The forest does not appear. This issue occurs when you deploy multiple forests, and the target domain has a one-way trust with the domain of the admin. This issue affects Enhanced Security Admin Environment (ESAE), Hardened Forests (HF), or Privileged Access Management (PAM) deployments.
  • [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.
  • [Share button] On USB controllers, the button might not work with Game Bar.
  • [GPU-Paravirtualized VM or Container] After you restart it, graphic allocation creation might fail. Because of this, the VM and Container are not as reliable as you expect.
  • [Domain Name System (DNS)] This update hardens DNS server security to address CVE-2024-37968. If the configurations of your domains are not up to date, you might get the SERVFAIL error or time out.
  • [PowerShell and VBScript] The issue stops you from using Windows Update Agent (WUA) APIs in your scripts.
  • [BitLocker] A firmware update might fail if you turn on BitLocker.

Known issues

[General]

  • [IMPORTANT] Windows Insiders joining the Dev Channel on PCs running Windows 11, version 24H2 Build 26100.xxxx will see “(repair version)” noted next to the latest Dev Channel build from Windows Update. This is nothing to worry about as all it means is that an in-place upgrade will happen to update your PC to the latest build in the Dev Channel.

[Task Manager]

  • Navigating between different pages in Task Manager may crash Task Manager.

source: Windows Blogs

Announcing Windows 11 Insider Preview Build 27686 (Canary Channel)

Hi all, last Thursday Microsoft released Windows 11 Insider Preview Build 27686 to the Canary Channel.

Looks like the longer time waiting for a new build in this channel has payed off, this build is the 1st of the 27xxx series, a big leap ahead and possibly the 1st one for 25h2 developmant

The Sandbox not starting issue is fixed together with a lot of new features for Sandbox if you haven’t used this feature take a look at it, it is the best place to test out stuff rather tahn on your primary OS all changes made to the virtual machine are got after closing it down.

Happy Upgrades!!

What’s new with Build 27686

Windows Sandbox Client Preview

This build includes the new Windows Sandbox Client Preview that is now updated via the Microsoft Store. As part of this preview, we’re introducing runtime clipboard redirection, audio/video input control, and the ability to share folders with the host at runtime. You can access these via the new “…” icon at the upper right on the app.  Additionally, this preview includes a super early version of command line support (commands may change over time). You can use ‘wsb.exe –help’ command for more information.

Windows Sandbox Client Preview with new dropdown showing clipboard redirection, audio/video input control, and the ability to share folders with the host.
Windows Sandbox Client Preview with new dropdown showing clipboard redirection, audio/video input control, and the ability to share folders with the host.

FEEDBACK: Send us feedback in Feedback Hub (WIN + F) under Security & Privacy > Windows Sandbox.

Changes and Improvements

[General]

  • Some features that were previously rolled out to Insiders in the Canary Channel may disappear as we flight newer 27xxx series builds. These features should begin rolling out again to Insiders over time.
  • We’ve made optimizations to improve battery life for PCs running Build 27686+ in the Canary Channel. Let us know what you think and if you are not seeing the battery life on your PC you are expecting, let us know via Feedback Hub. When filing feedback in Feedback Hub on any battery life issues you experience, be sure to use the “Start recording” button to capture additional logs.

[Settings]

  • In response to feedback, we have added a detach virtual hard disk (VHD/`VHDx) button to Settings making it much simpler to detach your VHD/VHDx as needed. This option is available under Settings > System > Storage > Disks & Volumes, in the properties for your VHD/VHDx.
New detach VHD button under highlighted in a red box in properties of attached VHD in Settings.
New detach VHD button under highlighted in a red box in properties of attached VHD in Settings.
  • [ADDED 8/16] We’re beginning to roll out improvements to Settings > System > Power & battery including the ability to set your Power Mode for both when your PC is plugged in when it’s on battery along with a few other UI improvements to the page.
Ability to set your Power Mode for both when your PC is plugged in when it’s on battery in Settings highlighted in red square.
Ability to set your Power Mode for both when your PC is plugged in when it’s on battery in Settings highlighted in red square.
  • [ADDED 8/16] On PCs with HDR displays, we have added the option to allow HDR video streaming even when HDR is off under Settings > System > Display > HDR.
New option to allow HDR video streaming even when HDR is off highlighted in a red box.
New option to allow HDR video streaming even when HDR is off highlighted in a red box.

[Networking]

  • To help us evaluate future improvements in network performance, your device may periodically run network tests in the background to collect diagnostic data. These tests will use a small amount of data (up to 10MB/day) and will only run on Ethernet and Wi-Fi connections that are not marked as metered. This will only occur on PCs in the Canary Channel running Build 27686 and higher.

[Storage]

  • When formatting disks from the command line using the format command, we’ve increased the FAT32 size limit from 32GB to 2TB.

Fixes

[Dev Drive]

  • Fixed an issue where Dev Drive VHDs weren’t automatically re-mounting when the underlying volume was dismounted and brought back online.

[Lock screen]

  • Did some work to help address an issue where the battery icon displayed on the lock screen might be out of sync with the actual battery level of your PC.

[Windows Security]

  • Fixed an issue in the Windows Security app where if you browsed the networks under Firewall & Network protection, it showed a broken glyph (a rectangle) next to the network name rather than a network icon.

[Settings]

  • Fixed an issue under Settings > System > Storage > Disks and Volumes, where there was no space between the Create and Attach VHD buttons.
  • Fixed an issue where the power mode option in Settings > System > Power & Battery was showing in cases where it couldn’t be changed, leading to a blank dropdown.
  • Fixed an issue where if you searched in Settings for Kiosk and clicked the result for setting up kiosk mode, it wouldn’t navigate to the correct page for doing that.

[Other]

  • Fixed an issue in Registry Editor where when editing a DWORD or QWORD if you pasted in a HEX value into the text box and saved it, the value saved might not be the one you had entered (for example, pasting 0x1 would become 0x411).

Known issues

[General]

  • [IMPORTANT NOTE FOR COPILOT+ PCs] If you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel or retail, you will lose Windows Hello pin and biometrics to sign into your PC with error 0xd0000225 and error message “Something went wrong, and your PIN isn’t available”. You should be able to re-create your PIN by clicking “Set up my PIN”.
  • [ADDED 8/16] We’re investigating an issue where when trying to open dfrgui.exe (Defrag and Optimize drives) fails with a pop up saying SXSHARED_UCRT.dll was not found.

[Input]

  • We are working on the fix for an issue causing the emoji panel to close when trying to switch to the kaomoji and symbols sections, or after selecting an emoji.

source: Windows Blogs

Announcing Windows 11 Insider Preview Build 26120.1350 (Dev Channel)

Hi all, yesterday Microsoft released Windows 11 Insider Preview Build 26120.1350 (KB5041871) to the Dev Channel.

This update is delivered in a format that offers a preview of enhancements to servicing technology on Windows 11, version 24H2. To learn more, see https://aka.ms/CheckpointCumulativeUpdates.

The Windows Sandbox not starting issue is fixed in this build, can’t wait for this fix to also reach Canary channel

Happy Upgrades!

Turn on the toggle to get the latest updates as they are available to get new features rolled out to you.
Turn on the toggle to get the latest updates as they are available to get new features rolled out to you.

Going forward, we will document changes in Dev Channel builds in two buckets: new features, improvements, and fixes that are being gradually rolled out for Insiders who have turned on the toggle to get the latest updates as they are available and then new features, improvements, and fixes available to everyone in the Dev Channel.

Changes and Improvements gradually being rolled out to the Dev Channel with toggle on*

[General]

  • When installing an MSIX package either locally or via the web (ms-appinstaller://?source=), we are beginning to roll out a change where Microsoft SmartScreen is used to verify the source of the MSIX package and if it’s safe to install.

[Windows Share]

  • We are rolling out the ability to easily share content to an Android device from Windows share window. The feature requires you to pair your Android device to your Windows PC using the Link to Windows app on Android and Phone Link on your PC.
Updated UI for sharing content to an Android device via the Windows share window showing an updated icon in the Nearby Share section.
Updated UI for sharing content to an Android device via the Windows share window showing an updated icon in the Nearby Share section.

Fixes gradually being rolled out to the Dev Channel with toggle on*

[Task Manager]

  • Fixed the issue causing graphs on the Performance page in Task Manager to not show the correct colors when using dark mode again.

Fixes for everyone in the Dev Channel

[Windows Sandbox]

  • We fixed the issue causing Windows Sandbox to fail to launch with error 0x80370106.

[Voice Access]

Known issues

[General]

  • [IMPORTANT] Windows Insiders joining the Dev Channel on PCs running Windows 11, version 24H2 Build 26100.xxxx will see “(repair version)” noted next to the latest Dev Channel build from Windows Update. This is nothing to worry about as all it means is that an in-place upgrade will happen to update your PC to the latest build in the Dev Channel.
  • Adding additional languages or optional features may fail with error 0x800f081f.

[Task Manager]

  • Navigating between different pages in Task Manager may crash Task Manager.

[Input]

  • We’re working on the fix for an issue causing text suggestions for the hardware keyboard to not work properly (selecting one unexpectedly concatenates).

source: Windows Blogs