Forum Widgets
Latest Discussions
0.011W Power Floor on i7-1255U: A Step Toward Microsoft’s Sustainability Vision
It is inspiring to see Microsoft leading the tech industry toward a greener future. Initiatives such as the Carbon Negative 2030 goal and the Energy Saver features in Windows 11 are important steps in environmental stewardship. These efforts show that software and hardware can work in harmony to preserve our planet. As a researcher, I have spent 18 months exploring how to further support this vision by identifying the absolute efficiency “floors” of the Intel Core i7-1255U (Alder Lake). My study focuses on a configuration that enhances Microsoft’s energy-saving protocols to achieve maximum hardware longevity. Key Technical Findings (18-Month Case Study): Dynamic Power Floors: Through precise optimization, I observed CPU power draw dropping to a floor of 0.011W at 1.8MHz during deep idle/sleep states, with the GPU reaching a 0W floor. Efficiency in Motion: During active productivity tasks, the system can reach 0.4W – 0.5W at a voltage range of 0.6V – 0.8V, demonstrating impressive scaling flexibility. Thermal Performance: The system consistently operates between 25°C – 35°C. In cooler ambient environments (15°C – 25°C), hardware can maintain 16°C – 20°C, virtually eliminating thermal stress. Battery Endurance: Using a standard 3-cell battery with 5% wear (originally marketed for 6 hours), these optimizations enabled up to 10 hours of continuous video playback. Uncompromised Stability: Over 18 months of daily usage, the system has encountered zero Blue Screen of Death (BSOD) events. This confirms that pushing efficiency boundaries can be done while maintaining the rock-solid reliability expected of the Windows platform. This study is a tribute to the versatility of Windows 11 and the engineering behind modern silicon. By maximizing the life of the devices we already own, we contribute directly to reducing global e-waste. Detailed technical logs (HWiNFO) and configuration data are available for verification here: 👉 [[Intel 12th] 0.011W Package Power Floor via Custom Optimization | Microsoft Community Hub] I look forward to discussing these efficiency milestones with the community and Microsoft engineers.
Serious problems in Ring0 kernel-mode modules and security in current versions of Windows
We all know that in the X86 architecture CPUs have four different levels: Ring0(kernel-level), Ring1, Ring2 and Ring3 (user-level). The users, even administrators can only access Ring3, and Microsoft designed the operating system this way to make the system more safe and stable. On the other hand, Microsoft uses signs and security options like "Memory Integrity" in "Core Isolation" in Windows Defender. Normal applications need to use kernel-mode modules to gain access to the kernel (.sys), and if these modules need to be loaded by the system, it should be signed or it will be blocked by Windows Defender or other antivirus software. But now I found a really serious problem in Microsoft's signing activities. BEDaisy.sys is the kernel-mode driver of BattlEye, an anti-cheat software, and it is signed by Microsoft. In BattlEye's EULA, it said that "BattlEye can prevent the cheaters from gaming on the servers which are protected by BattlEye. ", and to make it happen, BattlEye needs to create a service and install kernel-mode components. (Please remember that User Account Control window won't pop up if a service or trusted installer tries to install a kernel-mode driver. ) This EULA is really confusing because it makes the users think "BattlEye does this to protect me from being attacked by other cheaters. " and then accept the EULA and install BattlEye. However, after BattlEye is installed, it can't even block a simple attack from the other cheaters. The other cheaters can even force crash your game. On the contrary, BattlEye tries to block the modules from any other applications which it thinks they are suspicious from loading. It can even block the modules of the anti-cheat software, which makes the protections of the system reduce or even put the system at risk. There is another case. There is a user found his computer attacked by the malware. He was really confused because he had installed the anti-virus software on his system. After looking into his system carefully, he found out that his anti-virus software was down and was killed by mhyprot2.sys, another kernel-mode module of an anti-cheat software. And mhyprotect2.sys is also signed by Microsoft. https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html The kernel-mode drivers from both of the cases are signed by Microsoft, and as they run in Ring0 kernel-level, the users have nothing to do to stop them. And as they are signed, most of the anti-cheat software will be less sensitive to them and will be much easier to let them run. . Besides, Windows is designed for everyone, not just for game players. Not all the users would like to sacrifice the security of the system just to play the games. . On the other hand, unlike the cyber security companies, the game companies usually care more about the game itself than the entire system. And they are not responsible for any damage caused by the anti-cheat software. The thing that I am most angry with is that Microsoft actually signed these kinds of kernel-mode modules, which means Microsoft allow these kinds of dangerous things to happen. In my opinion, it is the player's duty to obey the EULA of the games, but it is the game company's duty to do their anti-cheat jobs, and if you want to use the player's device to help you anti-cheat and even want to have Ring0 access, you need to warn the users and notify them. In BattlEye's case, there are three windows will pop up on the screen when you try to install them, but all of them said that BattlEye will minimize its authority and none of them said it needs to gain the authority to shut down other software or block their activities. . . And in total, it is the users who paid for the device and the operating system which they are using, but not the game companies. Taking fully control of the device without noticing the user is illegal. In the end, I really hope that Microsoft can raise the standard of signing a kernel-mode module. These kinds of issues can happen not only in anti-cheat software, but also in any other software, only the problem occurred this time is the anti-cheat software. To tell you the truth, I think Microsoft can only sign the Ring0 kernel-level drivers of the hardware drivers and the anti-virus software. The other applications can only run in Ring3 user-mode like Android. I know it could be hard to make it happen, so you can add whitelist function for the users don't care too much about security or even let them turn off the security options. You can kill the malware by mistake because if that happens, the user can restore them and whitelist them. But you can't miss a malware, because if that happens, the responsibility is usually the one that you can't take. And if the software in the whitelist damages the system, then it is not you Microsoft's responsibility. And for the game players, you can also add isolated gaming environment like Hyper-V, but especially for games, and any other software can't run in it to prevent cheating. Thank you.
How to upgrade from Windows 10 to 11 with a clean install of Windows 11?
Hi, I have a Windows 10 PC that has the requirements to be upgraded to Windows 11. I would like to do a complete clean install of Windows 11 and then reinstall all my software. If I understand this correctly, I will in this case have my Windows 10 registration key at hand to be able to make a clean Windows 11 installation on the same computer. I do have a registration key for Windows 10, which I think belongs to this computer. Is there any way that I can verify that this registration key actually belongs to this computer? Or can I do a clean installation of Windows 11 on this computer anyway (without first verifying that the Windows 10 belongs to this computer)?
Windows 10 11 Enterprise Restrict access to MS Store via group policy
Issue presented: Multiple users are downloading and installing Remote Access tools that are deemed not supported as well as other applications in the environment. We want to restrict access to the MS Store to Administrators or a specific AD group without using AppLocker or InTune. I have seen various threads in multiple sources that are conflicting about disabling the store or setting to the Company Portal for Windows 10/11. If you set the MS Store to Company Portal, in Windows 11 it disables the store. Turn off the Store application GPO: Denies or allows access to the Store application. If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates. Other threads as well as the gpo verbiage itself indicate that if you disable the store, all installed applications will no longer update. There are some threads that state the opposite. https://learn.microsoft.com/en-us/windows/configuration/store/?tabs=gpo Has anyone configured a way to restrict users or a specific group of users from using the MS Store while allowing existing applications the ability to update?[On demand] AMA: Windows backup and restore
Now through Friday (12/5) at 12:00 p.m. PST: Get expert tips on backing up Windows 10 settings so you can transition users to Windows 11 seamlessly. Visit https://aka.ms/AMA/BackupRestore to explore Windows Backup for Organizations, now generally available—and to post your questions.
Backing up to an external hard disk drive.
Backing up to an external hard disk drive. Windows backup tells me that my target drive has 379.48GB free space: It tells me that my back-up this time will occupy 77.21GB. Yet it tells me that the backup cannot be run because my target disk does not have enough space. What is going on here? Have I misunderstood the measures of size/capacity?
Does the CDN for Microsoft Windows Update seem to be malfunctioning?
I purchased a code signing certificate, but strangely, Windows did not automatically download the missing root certificate. When I tried to manually download the root certificate according to the manual, I found that the CDN seemed to return the wrong certificate and I was unable to establish a secure connection with the website. (At least in Chinese Mainland) https://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/test/authrootstl.cab Can other regions be accessed normally?
Password reset and recovery fail
Hi there, good morning. First i appreciate any ones assistance here, its been a little frustrating. My regular windows account, for purchases, family content etc is "email address removed for privacy reasons". I cant sign in to that one any more. it is under 2fa with a code generator (I have that and the code is fine etc), it has a phone number (i have that!), and email account of course. I tried to enter the password to login to microsoft account - account.microsoft.com - and it gives the error "there have been too many failed login attempts". So i go through the password reset and works fine and i have a new password. I try again straight away and it fails with the same error. I try again for password reset... see above.. So i try for account recovery and go through the form - but i get an email saying because i have 2fa this is ignored and done automatically. However the automatic process does not seem to work - as indicated above. I tried to find a microsoft chat to have a live session, but it says i need to login... so i have logged in with a secondary account. I cant find the live chat sessions though. So i am posting here for any help - if i have the wrong forum i apologize - it was confusing to me about where i should actually make a post... this is making me feel old...lol... thanks DanUnable to install Windows 10 ESU due to unknown MDM
I have been trying to get the Windows 10 ESU program enrollment done, but an unable to. It appears that I am connected to some MDM, but I have never to my knowledge done so. Also, there are no options listed in "Accounts-> Work or School." I ran the following in Powershell and got outputs 0 True 0 2, indicating the MDM registration. $t = [AppDomain]::CurrentDomain.DefineDynamicAssembly((Get-Random), 1).DefineDynamicModule((Get-Random), $False).DefineType((Get-Random)) $t.DefinePInvokeMethod('IsDeviceRegisteredWithManagement', 'mdmregistration.dll', 22, 1, [Int32], @([Boolean].MakeByRefType(), [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128) $t.DefinePInvokeMethod('NetGetJoinInformation', 'wkscli.dll', 22, 1, [Int32], @([IntPtr], [IntPtr].MakeByRefType(), [UInt32].MakeByRefType()), 1, 3).SetImplementationFlags(128) $Win32 = $t.CreateType() $JoinedMDM = $False; $Win32::IsDeviceRegisteredWithManagement([ref]$JoinedMDM, 0, 0); $JoinedMDM $JoinedDomain = 0; $Buf = 0; $Win32::NetGetJoinInformation(0, [ref]$Buf, [ref]$JoinedDomain); $JoinedDomain Thanks for any ideas, Tom
Moved 2.5"ssd from old Intel NUC to new Intel Nuc, can't find docs/pics
So not sure if this is the right place after wading through all the options so here goes: I moved a ssd from my old NUC that was on it's last legs (pwr supply). It was windows 10 and I needed a new system as the hardware was too old to upgrade to WN11 and the pwr supply was on the blink anyways. I installed two brand new SSD's in the new NUC and installed a new version of WN11 on one (Linux mint on the other). I got the new system up running both OS's w/o much trouble (other than my old HP laser printer which is so old that HP doesn't support it anymore). I took the old 2.5" ssd out of the failing nuc and connected it to the new system via usb-c. wn11 recognizes it as drive F but show two identical F drives...? why two F's? I can open it via File explorer but I can't find any of my word docs. Doing a search in the search box with drive F selected, all wn11 does is state : "working on it" and never finds anything (the little spinning circle spins itself senseless) and I finally give up and end the task :) If I boot my Linux ssd, I can find the docs and also pics too. What am I doing wrong? I can find docs using the linux OS but I can't in the OS that they originally were created in (windows/word)
