Windows 10/11 #Hardware & Cpu requirements

Microsoft indicate Hardware and CPU requirements related to Windows 10 (EOL & EOS)  and Windows 11.

Here it is full article

https://learn.microsoft.com/en-us/windows-hardware/design/minimum/windows-processor-requirements

[other articles ]

https://www.devadmin.it/2026/02/14/processori-supportati-in-windows-11/

Security #Windows Server Secure Boot playbook for certificates expiring in 2026

 

Windows Server Secure Boot playbook for certificates expiring in 2026 Learn about tools and options available to organizations to update Secure Boot certificates on Windows Server. Certificates begin expiring in June 2026. You must update them before that date to help keep your security posture. Many recent platforms already include the supported 2023 certificates in firmware. However, for the ones that need to be updated, you need to manage this process manually.   When will this happen:  ·     The tools are already available to help you to proactively inventory, monitor, and apply updated certificates to your Windows Server devices. ·     June 2026: The 2011 Secure Boot certificate authorities (CAs) begin expiring.   How this will affect your organization:  Systems on the 2011 CAs after June 2026 are at risk of running on degraded security posture. To update these systems, please be proactive and follow our recommended approach.   What you need to do to prepare:  Read complete guidance in Additional information for details on how to:  1.  Inventory and prepare your environment.   2.  Monitor and check your devices for Secure Boot status.   3.  Apply any needed OEM firmware updates before updating certificates.   4.  Plan and pilot Secure Boot certificate deployments.   5.  Troubleshoot issues.    here it is an interesting article with very detailed information https://4sysops.com/archives/update-expiring-windows-secure-boot-certificates-now/ Windows Server Secure Boot playbook for certificates expiring in 2026

Update Secure Boot certificates on Windows Server and VMs before June 2026

Security #DoH (DNS over https) ** Windows 11/2025 **

DNS over https (DoH) is a protocol that permit to encrypt DNS queries and sending them over Https.

This protocol has been developed to override security concerns of DNS traffic.

Windows has supported DoH on the client side since Windows 11. While Windows 10 includes the underlying client support in later builds

The encryption operates at the Application Layer (Layer 7) of the OSI model and integrates directly into applications such as web browsers. This approach differs from traditional DNS, which transmits queries over UDP or TCP on port 53 without encryption, leaving them visible to ISPs, network operators, and potential attackers.

be aware about DNS over HTTPS (DoH) (better privacy)  (operate at 443 port more difficult to be detected vs DNS over TLS ( DoT) ( operates at the Transport Layer, using a dedicated port 853 and it is easily to be identified.

DoH verifies DNS server's identity and prevents impersonation attacks. The other advantage is DNS queries and not interceptable.

Microsoft introduced DoH resolver support for Windows DNS Server in the February 10, 2026, cumulative update for Windows Server 2025.

When you enable DoH resolver functionality on a Windows DNS Server, all queries received from clients and responses sent on port 443 are encrypted. However, this implementation has a significant limitation: queries sent by the Windows DNS Server to upstream DNS servers, such as conditional forwarders or authoritative servers, remain unencrypted on port 53.

The traditional DNS service on port 53 continues to operate alongside DoH, ensuring backward compatibility with clients that do not support the encrypted protocol.

So, on Windows 2025 you must install this cumulative update, and doH can be enabled through powershell

I would suggest to read fullo/original article about more interesting and useful details.

[Original/other articles

Enable DoH (DNS over HTTPS) in Windows Server 2025 DNS server, configure Windows 11 DNS clients

Edge #How to reset profile

If you need to reset Edge settings profile (you will lose only stored password, bookmarks can be easily reimported, plugin/extentions could be re-downloaded) you need to go to this path and rename following folder

C:\Users\%username%\AppData\Local\Microsoft\Edge\User Data\

https://learn.microsoft.com/en-us/answers/questions/1355083/delete-all-microsoft-edge-profiles-(complete-reset

https://angolodiwindows.com/2022/04/come-resettare-microsoft-edge/

Windows 11 #Real time subtitles #Live Captions

Windows 11 has a built in feature (Windows Live Captions) that provides real-time audio trasnscription.

This way, everything heard by the device can be read out in real time, increasing accessibility for people with hearing problems or those wishing to improve their audio comprehension.

Consider that there are no privacy concerns due to fact that translation occur locally and it work offline as well.

Additionally, real-time subtitles aren't limited to specific apps; they work seamlessly with any audio source on Windows 11.

Windows 11 24H2 or newer are necessary to have full features working properly. There are Drivers and CPU requirements that should be considered.

Live captions can provide automatic transcription of audio to text on the screen. To turn on live captions, do one of the following:

• Turn on the Live captions toggle in the quick settings Accessibility flyout. (To open quick settings, select the battery, network, or volume icon on the taskbar.)
• Press the Windows logo key  + Ctrl + L.
• Select Start > All apps > Accessibility > Live captions.
• Go to Settings  > Accessibility > Captions and turn on the Live captions toggle. 

[original articles]

https://www.microsoft.com/en-us/windows/tips/live-captions

https://www.microsoft.com/it-it/windows/tips/live-captions

https://it.windowsnoticias.com/Come-attivare-i-sottotitoli-in-tempo-reale-in-Windows-11/

Windows 10/11 #how to disable control panel & settings

To disable control panel and settings access to normal users on Windows 11 you can follow this article instructions:

https://thegeekpage.com/disable-control-panel-and-settings/

Windows 10/11 #Tips #Move Mouse

 A simple utility that can be used to simulate user activity.

Maybe you work from home and want to keep your remote session alive whilst you're away from your machine? Maybe you have a long running process that you want your machine to stay awake for? Move Mouse can be deployed in whole host of situations to assist you.

Actions can range from a simple mouse move or click every few seconds, to PowerShell scripts, schedules and blackout windows that allow you to build a highly customisable experience.

https://apps.microsoft.com/detail/9NQ4QL59XLBF?hl=neutral&gl=IT&ocid=pdpshare

[update 2025.11.18]

Hardware device that permit to achieve the same result

https://www.amazon.it/dp/B09NVH8HVN/?coliid=I3QVLHGNNYMQID&colid=2GODWYADTIZHK&th=1

Windows 11 #Tips ho to remove Gallyery

Gallery is a Windows 11 aggregator photo feature.

If you like to remove it, due to privacy concerns, there are several methods, like register keys, powershell, gpo etc etc.

Here it is a way. --> start --> regedit with administrative rights

HKEY_LOCAL_MACHINE

SOFTWARE

Microsoft

Windows

CurrentVersion

Explorer

Desktop

Namespace

select key {e88865ea-0e1c-4e20-9aa6-edcd0212c87c} and remove it

[original articles]

https://www.claudiomasci.com/come-rimuovere-galleria-da-windows-11/

https://www.ninjaone.com/it/blog/aggiungere-o-rimuovere-la-galleria-da-esplora-file-in-windows-11/

Windows 11 #Enable Administrator Protection in Windows settings

UAC is a windows feature implented for security reasons.

In any case it could be bypassed to this reasons on Windows 11 you should enable Administrator Protection

1. Open Settings > Privacy & security > Windows Security > Account protection
2. Activate Administrator Protection
3. Restart Windows.

More details can be found here:

https://4sysops.com/archives/enable-administrator-protection-in-windows-11/

Windows #Storage Sense

Storage Sense is a Windows feature that helps automatically free up disk space by deleting unnecessary files—like temporary files, items in the recycle bin, and offline content from OneDrive. For IT administrators, especially those managing large device fleets, configuring Storage Sense is a low-effort, high-impact way to ensure devices remain performant and up to date. When left unmanaged, low disk space can prevent critical updates from installing, degrade system performance, and lead to user frustration. When configuring Storage Sense through policy settings, IT admins can automate storage maintenance and reduce support overhead.

https://learn.microsoft.com/en-us/windows/configuration/storage/storage-sense?tabs=intune

IT #ViveTool

ViVeTool is an open source tool for Windows 10/11 that permits you to enable hidden or experimental  Windows features

https://vivetool.com/

Related articles:

https://4sysops.com/archives/vivetool-enable-hidden-windows-features/

Security #February 2025 Deadline related KB5014754 and Certificate-based authentication changes on Windows domain controllers

Microsoft released, several months ago this important bulletin.

The key point is that, after February 2025 patch installation Windows domain controller certificate-based authentication will change (due to security reasons) to Full Enforcement mode. However, you can move back to Compatibility mode until September 2025.

There are several CA checks to be done to be sure that no problem will affect your organization.

One compatibility doubt that it might arise it could be related to organization that have no longer supported O.S. (like 2008 or older)

I think that working in compatibility mode might help to check, on internet, after February 2025 if any customer had some issues and find relative fixes/workarounds

In any case here they are essential checks that you should consider before enable “full enforcement mode”:

1. Common Name (CN) and Subject Alternative Name (SAN): Must match the users or devices in Active Directory.
2. Certificate Authority (CA): Certificates must be issued by a trusted and recognized CA.
3. Certificate Chain: The certificate chain (including intermediate and root CA certificates) must be complete and valid.
4. Revocation: It is necessary to check that the certificates have not been revoked.
5. Time Validity: It must be verified that the certificates have not expired

KB5014754: Certificate-based authentication changes on Windows domain controllers

https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16 

https://admin.microsoft.com/AdminPortal/home?#/MessageCenter/:/messages/MC894351

Windows 10/11 #how to disable permanently windows update

This article explain on how to disable windows update on Windows 10/11 client devices.

https://www.thewindowsclub.com/windows-10-update-enables-even-turning-off

here they are actions that you need to know:

a) Disable Windows Update using Windows Services

b) Change the Log on account for Windows Update Service (logon as .\guest user with blank password)

c) Turn Off Windows Update using Group Policy  --> gpedit.msc --> Go to Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience. --> Configure Automatic Updates setting. --> Disable

d) Disable Windows Update Medic Service (consider that this service [or WaaSMedicSVC using Windows Update Blocker.]) is a service introduecd to repair Windows components.

Microsoft #how to activate Windows Server through command line using Slmgr.vbs

If you need to activate your windows Client or Server you could use below commands.

slmgr.vbs /upk

slmgr.vbs /cpky

slmgr.vbs /ipk *********** (you must indicate Key)

slmgr.vbs /ato

[other articles]

Slmgr.vbs options for obtaining volume activation information

How to Use Slmgr to Change, Remove, or Extend Your Windows License

Windows 10/11 - how to limit Windows Update bandwidth

Here it is article that explain on how to limit badnwidth used for Windows updates background and foreground downloading.

https://www.thewindowsclub.com/limit-windows-update-bandwidth-windows-10#

WIFI #HOW TO RETRIEVE STORED PC PASSWORD

In case you have necessity to view stored wifi passwords this is command that is necessary to be executed. (with administrative rights)

for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @echo %j | findstr -i -v echo | netsh wlan show profiles %j key=clear

Windows - How to throttling Network file transfer speed

I am taking note, on blog, about an interesting article that explain several ways used to limit bandwitch usage during file transfer.

From my side, GPO, related to QoS was decisevely useful.

https://woshub.com/limit-network-file-transfer-speed-windows/

Security - Sophos AV stop definitions updates #WORKAROUND & #DETAILS **JULY 2023**

During these latter weeks Sophos released new AV version. (Core Agent 2023.1/Server Core Agent 2023.1 )

PROBLEM

• This letter Sophos version require that these O.S. have propter September 2021 patches installed.
• In case you are not on track with MS updates or Windows version it will occur this problem
• End point Sophos definition updates will stop working
• Client: Early of July 2023
• Server: End of July 2023

AFFECTED SYSTEMS AND DEVICES

• Windows computers:
• From early-June 2023, Windows 10 (x64) operating systems and above that don't support Azure Code Signing (ACS) will fail to complete the upgrade process to Core Agent 2023.1 and above.
• Windows servers:
• From late-July 2023, Windows 2016 operating systems and above that don't support Azure Code Signing (ACS) will fail to complete the upgrade process to Server Core Agent 2023.1 and above.

  WORKAROUND APPLICABLE TO POSTPONE PROBLEM

• The Software Packages functionality in Sophos Central can be used to assign devices to a Fixed term support (FTS) version.
• The current version for Windows computers and servers is FTS 2022.4.3.2 and can be assigned to devices for the duration of time it takes to apply the Windows Security Updates.
• Note: There is an expiry date for all software package versions after which devices will stop updating.
• The expiry date for FTS 2022.4.3.2 on Windows computers is October 10, 2023.
• The expiry date for FTS 2022.4.3.2 on Windows servers is November 14, 2023.
• To achieve this goal you must modify Update Management policy as indicated in below screenshots.

 

APPENDIX

Full details on required updates can be found in Microsoft’s official KB5022661 on this topic. 
https://support.microsoft.com/en-gb/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4

In addition to having the required Windows Security Updates to verify modules signed by Azure Code Signing, devices must have the "Microsoft Identity Verification Root Certificate Authority 2020" certificate authority (CA) installed.

Generally impacted O.S. are Windows 10/11 and Windows 2016/2019/2021 server versions.

Legacy O.S. are not impacted:

Windows 8.1

1. Windows Server 2012 R2
2. Windows Server 2012
3. Windows 7.0 SP1
4. Windows Server 2008 R2
5. Windows Server 2008 SP2 

New Installation

From the 18th of April 2023, new installations to operating systems that don't support Azure Code Signing (ACS) will fail.

Tips - Windows Shortcuts

Here they are shortcuts lists (that, IMO, are quite useful) (yellow highlighted commands that I did not know or I found particularly useful)

1. Tap the Windows key to open and close the Start Menu. Windows+E opens File Explorer. 
   
   
2. Windows+L immediately locks the screen.
   
   
3. Ctrl+C to copy; Ctrl+V to paste; Ctrl+Z to undo.
   
   
4. Ctrl + Y Redo an action.
   
   
5. Windows key + V Open Clipboard bin.
   
   
6. Windows+E: Opens File Explorer.
   
   
7. Windows+I: Opens Settings.
   
   
8. Windows+Spacebar: Cycle through your language and keyboard options.
   
   
9. Windows+D: This hides all of the open apps and takes you directly to the Windows 10 desktop. Using this command a second time will display all of your open apps again.
   
   
10. Windows+M: Minimizes all open apps and windows.
    
    
11. Windows+Left arrow: Snaps an app or window to the left side of the screen.
    
    
12. Windows+Right arrow: Snaps an app or window to the right side of the screen.
    
    
13. Windows+Up arrow: Maximizes all open apps and windows that have been minimized.
    
    
14. Windows+Down arrow: Minimizes all apps and windows.
    
    
15. Ctrl+Shift+Esc: Opens Task Manager. This is used to show you all apps that are currently running and how much processing power they're using.
    
    
16. Alt+Tab: Displays all open apps and lets you switch between them quickly.
    
    
17. Ctrl+Alt+Tab: Shows all open apps.
    
    
18. Windows+0 (zero): Opens the Windows 10 Sticky Notes app.
    
    
19. Window+. or ; (semicolon): Brings up the emoji box. This is incredibly useful when typing in an app that has no built-in emoji or emoticon options.
1. Tips - Windows 10 /Outlook Emoticons shortcuts
20. Alt + D Select address bar.
21. Windows key + PrtScn Capture a full screenshot in the "Screenshots" folder.
22. Windows key + Shift + S Capture part of the screen with Snip & Sketch.

Tips - Win 10 e virtual desktops

• Windows key + Ctrl + D Create a virtual desktop.
• Windows Key + Tab switch between different virtual desktops (graphically)
• Windows key + Ctrl + F4 Close active virtual desktop.
• Windows key + Ctrl + Right arrow Switch to the virtual desktop on the right.
• Windows key + Ctrl + Left arrow Switch to the virtual desktop on the left.
• Windows key + Ctrl + Shift + B Wake up the device when black or a blank screen.

[original articles]

https://www.windowscentral.com/best-windows-10-keyboard-shortcuts

https://www.lifewire.com/best-windows-10-keyboard-shortcuts-4177070

Windows 11 - System Requirements

 Microsoft releases below link where system requirements are verbosely indicated:

https://www.microsoft.com/en-us/windows/windows-11-specifications?r=1