Posts

Posted on

GPO Security Filtering: Best Practices

By default, Authenticated Users is added to Security Filtering when creating a GPO, which applies it broadly to all users/computers — acceptable for simple environments, but not ideal.

The recommended approach is to target a specific group via Security Filtering. However, a common mistake is removing Authenticated Users entirely, which strips the built-in read privileges needed for the GPO to process correctly.

The correct method: Rather than removing Authenticated Users from the Scope tab, leave it in place and revoke only its Read permission via the Delegation tab:

  1. Go to Delegation → Advanced
  2. Under Authenticated Users, uncheck Read
  3. Return to the Scope tab — Authenticated Users will no longer appear in Security Filtering
Posted on

Permanently Disable Microsoft Recall with DISM

Toggling Recall off in Settings leaves the feature installed and eligible for re-enablement via future updates. Removing it at the DISM level is cleaner and sticks.

Requires: Copilot+ PC, elevated prompt.

DISM /online /Disable-Feature /FeatureName:”Recall”

Reboot if prompted, then verify:

DISM /online /Get-FeatureInfo /FeatureName:”Recall”

You want State : Disabled with Payload Removed — anything less and the binaries are still on disk.

Enterprise Deployment

Drop this into your Intune remediation, GPO startup script, or Autopilot provisioning flow:

powershell

$state = (DISM /online /Get-FeatureInfo /FeatureName:”Recall” | Select-String “State”).ToString()

if ($state -notlike “*Disabled*”) {

    DISM /online /Disable-Feature /FeatureName:”Recall” /NoRestart

}

For offline image prep, swap /online for /image:<mount_path> to bake it out of your WIM before deployment.

Why Bother?

Recall snapshots everything — banking portals, healthcare apps, credentials mid-entry — and indexes it in a local SQLite database. On-device storage is the current model, but any LPE or physical access scenario turns that database into a full activity log handed to an attacker. For environments under HIPAA, GDPR, or SOC 2, disabling it isn’t optional.

To reverse: DISM /online /Enable-Feature /FeatureName:”Recall” — though if the payload was removed, expect a reach-out to Windows Update or installation media.

Posted on

Stop Spam in Its Tracks: The Unsubscribe Rule for Outlook

If you’re drowning in promotional emails, newsletters, and marketing messages, here’s a simple Outlook trick that can dramatically clean up your inbox: create a rule that automatically filters any email containing the word “unsubscribe.”

Why This Works

Nearly every marketing email and newsletter is legally required to include an unsubscribe link. By targeting this common element, you can catch the vast majority of promotional content without manually unsubscribing from dozens of lists.

Setting Up the Rule

Here’s how to create this rule in Outlook:

  1. Open Outlook and go to File > Manage Rules & Alerts
  2. Click New Rule and select “Apply rule on messages I receive”
  3. Under conditions, choose “with specific words in the subject or body”
  4. Type “unsubscribe” as your keyword
  5. Choose your action—most people select “move it to the specified folder” and create a folder called “Promotions” or “Newsletters”
  6. Name your rule and click Finish

A Word of Caution

While this method is effective, it’s not perfect. Some legitimate emails from colleagues or clients might occasionally include the word “unsubscribe” in their signature or content. You should check your filtered folder periodically to make sure nothing important slipped through.

Also consider that some transactional emails you actually want—like order confirmations or account notifications—may also contain unsubscribe links. You might need to refine your rule over time or create exceptions for specific senders.

That said, for most users, this simple rule provides an immediate and noticeable reduction in inbox clutter with minimal effort.

Credit Where It’s Due

This filtering approach was inspired by Digvijay Kumar’s excellent article about achieving inbox zero in Gmail using similar filters. While he applied this technique to Gmail, the same principle works beautifully in Outlook.

Posted on

Windows Snipping Tool

Unlock Hidden Power: Extract Text from Screenshots with Windows Snipping Tool’s OCR Feature

If you’re taking screenshots on Windows, you’re probably familiar with the various methods available—Print Screen, Windows + Shift + S, or third-party tools. They all capture your screen effectively, but there’s one game-changing feature that sets the Windows Snipping Tool apart from the rest: Optical Character Recognition (OCR).

What Makes Windows Snipping Tool Special?

While traditional screenshot methods simply capture an image, the Snipping Tool’s built-in OCR capability allows you to extract and copy text directly from your screenshots. This means no more manually retyping error messages, codes, or text from images—a feature that can save you significant time and eliminate transcription errors.

How to Use OCR in Windows Snipping Tool

Let’s walk through a practical example using an error message screenshot:

Step 1: Capture Your Screenshot

Open the Windows Snipping Tool and capture the area of your screen containing the text you need. This works with error codes, dialog boxes, PDFs, images, or any on-screen text.

Step 2: Access the OCR Feature

Once you’ve captured your screenshot, look for the text recognition icon at the top of the Snipping Tool window. This small but powerful button activates the OCR functionality.

Step 3: Extract and Copy Text

Click the OCR icon, and the Snipping Tool will analyze your image and identify all readable text. You can then select and copy the extracted text—in our example, “The operation completed successfully!”—directly to your clipboard for use anywhere.

Why This Matters for Windows Users

Whether you’re troubleshooting technical issues, documenting software bugs, sharing error codes with IT support, or extracting information from images, the Snipping Tool’s OCR feature streamlines your workflow. No more squinting at screenshots to manually retype information or dealing with blurry text—just capture, extract, and use.

Quick Tips for Best Results

  • Ensure text in your screenshot is clear and legible for optimal OCR accuracy
  • The feature works with most fonts and text sizes
  • Accessible via Windows + Shift + S for quick access to Snipping Tool
  • Compatible with Windows 10 and Windows 11

Conclusion

While all screenshot methods have their place, the Windows Snipping Tool with OCR offers a distinct advantage for Windows power users and professionals alike. Next time you need to capture and extract text from your screen, skip the manual retyping and leverage this built-in Windows feature that’s been hiding in plain sight.

Posted on

Setting the Number of Processors in MSConfig Won’t Speed Up Your PC

Why Setting the Number of Processors in MSConfig Won’t Speed Up Your PC

Meta Description: Many online tips claim that setting the number of processors to maximum in MSConfig will speed up your PC. Here’s why that’s a myth—and why you should avoid it.

When your PC feels slow, it’s natural to search online for ways to speed it up. You’ll find plenty of suggestions, ranging from cleaning up startup programs to upgrading your hardware. However, one “tweak” that often appears on forums and YouTube videos—setting the number of processors to the maximum in MSConfig—is not only useless but can actually cause problems.

Let’s break down why this popular Windows “optimization” is a bad idea.

1. Windows Already Uses All Your Processors by Default

The main misconception behind this tip is that Windows somehow limits how many processor cores your system can use. That’s simply not true. By default, Windows automatically uses all available CPU cores for your system’s operations. The “Number of Processors” setting in MSConfig is a troubleshooting option meant for developers or diagnostics—not performance tuning.

Changing this setting doesn’t unlock hidden CPU power. In fact, if you manually select a lower number, you’ll reduce your PC’s performance.

2. Forcing Maximum Processors Can Cause Instability

When you force MSConfig to use the “maximum number of processors,” you remove Windows’ ability to adjust CPU usage dynamically. This flexibility is built in for a reason—it ensures system stability.

If one or more cores become unstable or fail (a rare but possible hardware issue), Windows can compensate by adjusting workload distribution. However, if you’ve locked the number of processors, Windows may continue to request more cores than are available. This can lead to system slowdowns, freezes, or even crashes.

3. It’s a Rarely Useful Change

In theory, there’s little harm in enabling all cores—because most modern systems already do so automatically. But changing the MSConfig setting is, at best, a waste of time, and at worst, a cause of future system instability.

CPU core failures are extremely uncommon; typically, if a processor fails, it fails entirely. So while this tweak might make you feel like you’ve done something to “optimize” your system, the reality is that it doesn’t improve performance at all.

The Bottom Line

If you’re looking to make your Windows PC faster, skip the MSConfig processor tweak. Instead, focus on proven methods like:

  • Disabling unnecessary startup programs
  • Cleaning up temporary files
  • Updating drivers and Windows
  • Upgrading your RAM or switching to an SSD

These steps will make a real difference. Don’t waste your time with myths that do nothing—or worse, risk slowing down your system.

Posted on

Software Subscriptions

Let’s talk about subscriptions. Many consumers don’t actually want them. People prefer to purchase software outright and pay for meaningful updates or optional upgrades when new features justify the cost. Subscriptions often feel like a way for developers to secure ongoing revenue without necessarily earning it through continued innovation. This model can signal that the company no longer intends to tie improvement to customer satisfaction — only to recurring billing. In contrast, selling upgrades encourages developers to keep enhancing their product, because every update has to prove its worth. A subscription, by comparison, risks creating complacency: users keep paying whether or not the product evolves. What people want isn’t to avoid paying altogether — they just want a fair exchange where payment reflects progress, not inertia.

For businesses, the constant push toward subscription-based upgrades can be even more burdensome. Each forced update can trigger a costly chain reaction — retraining staff, revising documentation, reconfiguring integrations, and retesting workflows that were already stable. Companies often adopt software not just for features, but for reliability and predictability. When vendors move too quickly or require constant retraining just to maintain functionality, the result is downtime, frustration, and lost productivity. Instead of fostering innovation, this cycle often punishes stability-minded organizations that simply want tools they can trust long-term without perpetual disruption or escalating costs.

Ultimately, the healthiest approach lies in balance. Developers deserve fair compensation for their ongoing work, and users deserve software that evolves responsibly. But recurring revenue should be earned through genuine improvement, not enforced through perpetual dependency. Giving customers the choice to pay for updates when they provide real value respects both the buyer’s investment and the developer’s effort. In the end, sustainable software should empower users — not hold them hostage to a subscription clock.

Posted on

Disable Web results in Windows 10/11 search

If you’re looking to disable web search results in Windows 10 or Windows 11, you’re not alone. Many users prefer to keep their searches local, preventing Bing or online results from appearing every time they type into the Start Menu or Windows Search bar. Not only does this help de-clutter your search results, but it also boosts privacy and can improve system performance.

From an IT management and privacy standpoint, disabling Bing or web results in Windows search gives you greater control over your environment, reduces unnecessary network calls, and ensures that sensitive search queries stay local. Whether you’re streamlining a business environment or just cleaning up your personal PC, knowing how to disable Windows 10 and 11 web search integration is an essential skill. With a few simple steps, you can create a faster, more secure, and distraction-free desktop experience.

How to Disable Web Search Results in Windows 10/11

If you’ve noticed that typing into the Windows Search bar shows Bing or web results alongside local files and apps, you may want to disable it. This is a common tweak for users who prefer faster, more private searches without sending queries to Microsoft’s servers. Below are simple ways to turn off Bing search integration in both Windows 10 and Windows 11.

Option 1: Windows 10: Disable Bing Search Results

  1. Press Win + R, type regedit, and hit Enter.
  2. Navigate to:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
(Create the Explorer key if it doesn’t exist.)

Add a DWORD (32-bit) Value named:
DisableSearchBoxSuggestions → set value to 1

Restart Windows Explorer or reboot your computer.

Option 2: Windows command prompt (as admin):

Open command prompt as administrator

Type the following

In Windows 10:

reg-add “HKCU:\Software\Microsoft\Windows\CurrentVersion\Search” /v BingSearchEnabled  /d 0  /t REG_DWORD /f

reg add “HKCU:\Software\Microsoft\Windows\CurrentVersion\Search” /v CortanaConsent -/d 0 /t REG_DWORD /f

In Windows 11:

reg add “HKCU\Software\Policies\Microsoft\Windows\Explorer” /v DisableSearchBoxSuggestions /t REG_DWORD /d 1 /f

Option 3: Download and run this Power Shell Script.

Option 4: Download and run this Reg file.

Restart Windows Explorer or reboot your computer.

Why Disable Web Search Results?
Faster performance – local results load quicker without cloud queries.
Improved privacy – prevents search terms from being sent to Bing.
Streamlined search – no more clutter from unwanted web results.

By following these steps, you can fully disable Bing and web search results in Windows 10 and 11, making your PC searches more private and efficient.

Posted on

Why Prefer IPv4 Over IPv6 in Established IPv4 Environments

While IPv6 is the future of internet addressing, many businesses still prefer IPv4 in environments where everything is already configured with IPv4. The main advantage of sticking with IPv4 is stability—existing systems, firewalls, and network configurations are optimized for IPv4, reducing compatibility issues and minimizing the risk of disruptions during daily operations. In well-established IPv4 networks, maintaining this protocol ensures seamless integration with legacy hardware and software, which may not fully support IPv6.

Choosing IPv4 in an IPv4-configured environment also leads to cost savings. Transitioning to IPv6 can require significant investments in training, hardware upgrades, and network redesign. For organizations that don’t require the expanded address space of IPv6, sticking with IPv4 is a practical, low-risk strategy. IT professionals and decision-makers, understanding why IPv4 still holds value in specific network setups can lead to smarter infrastructure choices and more effective long-term planning.

By default, Windows uses IPv6 and IPv4 only as a fallback. You can, however, change this behavior. There are more ways of doing this but this one is perhaps the easiest and it does not require a reboot. 

First open the command prompt elevated to administrator.

Then type these nine commands:

netsh interface ipv6 set prefixpolicy ::ffff:0:0/96 50 0
netsh interface ipv6 set prefixpolicy ::1/128 40 1
netsh interface ipv6 set prefixpolicy ::/0 30 2
netsh interface ipv6 set prefixpolicy 2002::/16 20 3
netsh interface ipv6 set prefixpolicy 2001::/32 5 5
netsh interface ipv6 set prefixpolicy fc00::/7 3 13
netsh interface ipv6 set prefixpolicy fec0::/10 1 11
netsh interface ipv6 set prefixpolicy 3ffe::/16 1 12
netsh interface ipv6 set prefixpolicy ::/96 1 4

If you need to revert back to an IPv6 preference then:

Open the command prompt elevated to administrator.

Then type the following command:

netsh interface ipv6 reset

Here is a zip file containing to batch files that will do this for you.

IPv4 over IPv6

Posted on

SSD’s and TRIM

Enabling the TRIM function for your SSD in Windows is essential to optimize drive performance, accelerate data write speeds, and extend the lifespan of your solid-state drive. TRIM works by automatically clearing unused data blocks, preventing a decrease in performance as time passes. It is imperative to maintain fast and efficient operation of your Windows SSD.

Although TRIM should be enabled by Windows automatically it is always a good idea to check.  By opening the command prompt as administrator you can use the following command:

fsutil behavior query disabledeletenotify

it should return something like this:

C:\Windows\System32>fsutil behavior query disabledeletenotify
NTFS DisableDeleteNotify = 0  (Allows TRIM operations to be sent to the storage device)
ReFS DisableDeleteNotify = 0  (Allows TRIM operations to be sent to the storage device)

In this system there are two different types of SSD drives NTFS and ReFS.  They are both 0 which means TRIM is enabled on both drives.  A 1 would mean that TRIM is disabled.

If you see a 1 and want to enable for that drive you would execute one of the two following commands depending what drive type it is:

fsutil behavior set disabledeletenotify NTFS 0
fsutil behavior set disabledeletenotify ReFS 0

If you want to disable it just use the same command except use a 1 instead of a 0.

Posted on

GPO does not apply when using custom user groups

The simplest method to using a custom user group is to remove the “Authenticated Users” group and add the custom user group created.   This is what everyone says including Microsoft.  The problem is that now the GPO does not apply anywhere.    There are a lot of things attached to “Authenticated Users” like computers and special permissions that you lose when you remove it entirely.  So if you keep it there and just remove the apply privilege the custom groups will work correctly without needing to figure out what needs to be added.

The simple method is to not remove but modify the “Authenticated Users group.   Go ahead and add the custom user group either before or after this modification.

Go to the Delegation tab and hit Advanced.   Then select “Authenticated Users” and remove the check from “Apply group policy” and apply.   After doing this you can go back to Scope and “Authenticated Users” will not be there.  The group policy is now ready for use.

Contact us