Windows 11 – Disable Microsoft Copilot and AI Features

20260409 AI Office Windows 11 - Disable Microsoft Copilot and AI Features 1

Windows 11 is evolving from a classic desktop operating system into a platform with integrated AI features. The goal is not “gimmicks”, but practical assistance in everyday work: content should be found faster, texts should be created more quickly, media should be edited more easily, and typical tasks should be performed directly in context without … Read more

AGDLP Explained: The Foundation of Role-Based Access Control in Active Directory

This basic article on the AGDLP principle and the fundamentals of role and permission concepts is aimed not only at newcomers to these topics, but also at experienced IT system administrators who do not work with the design of Active Directory environments on a daily basis. It also forms the foundation for articles that help … Read more

Microsoft Active Directory Core Functions: Security, GPOs and Account Management

In the continuation of our article series on the many facets of Microsoft Active Directory, we are focusing today on the core functions that this complex network of services provides. In the second part of the series, we take a deeper look at essential services and functions of Active Directory that make a decisive contribution … Read more

What is Microsoft Active Directory? Structure, Components and Basics

AD04 What is Microsoft Active Directory? Structure, Components and Basics 3

Microsoft Active Directory (AD) has developed over the years into an indispensable part of enterprise networks. It is not just a simple directory service system, but a comprehensive platform for user and resource management that is essential for most organizations today. But what exactly is Active Directory, and why is it so important? What is … Read more

Migrate a Domain Controller the Right Way

20260328 DCDIAG Migrate a Domain Controller the Right Way 5

Migrating a domain controller is more than just replacing a server in many environments. As soon as the name and IP address of the existing DC have to be reused, DNS, NTP, LDAP, replication and often third-party applications are tied to it as well. If you proceed without a plan, you risk orphaned DNS entries, … Read more

Windows – Control Communication with Cloud Services in Accordance with German IT Baseline Protection

This article explains the configuration of Windows operating systems by using Group Policy. The goal is to specifically reduce or block communication with Microsoft cloud services. The focus is on security-critical and isolated environments, for example dark sites, and is aligned with the requirements of the German IT Baseline Protection framework published by the German … Read more

Secure times in the data centre – NTP for the paranoid

Generated with ChatGPT-Secure times in the data centre – NTP for the paranoid

The correct time is a more critical issue in IT than many people think. Companies often have a central time server from which all components obtain the time. But why is it important that all clocks show the same time? Why are NTP pools critical? They are fine for home use, but there are a … Read more

News on the topic of disabling NTLM

Laptop with NTLM - Created with Adobe FireFly

Almost two years ago, I wrote the article ‘LM, NTLM and NTLMv2: What needs to be considered before switching off?’. Since then, there have been some changes to my scripts and to the topic of ‘switching off NTLM’. News from Microsoft Microsoft announced new auditing features in KB article 5064479€ dated 11 July 2025. For … Read more

List of different Group Policy Templates (Updated Q2/2026)

Gruppenrichtlinenkonsole mit Importierten Administrativen Vorlagen

Active Directory Group Policies, also called Group Policy Objects (GPOs), are one of my core topics. I work with them extensively in various projects and as a Microsoft trainer. Over time, I have collected a number of templates and links. This collection of links is intended to make searching a little easier for you. Only … Read more

WSUS Error Analysis and Health Checks: Practical Guide with PowerShell

A reliably functioning Windows Server Update Services (WSUS) is a central component for providing updates in modern IT environments. However, as soon as WSUS malfunctions, problems start to pile up: the console responds slowly or freezes, clients no longer send status reports, synchronisations fail, or updates are not delivered. To detect such errors early on, … Read more