Microsoft actually does something useful, adds Sysmon to Windows

Wednesday 4th February 2026 13:45 GMT Jou (Mxyzptlk)

Another thing MS should have done earlier...

With Server 2025 and Windows 11 24h2/25h2 FINALLY native NVME... Notable speedup on all machines I've activated it so far. Why didn't they to this with the release version of Windows 11? **sigh** Microsoft Server 2025 announcement. Various Windows 11 news on that...

In short: "NVMe native instead of scsi activate Windows 11.cmd"

:: For 25h2
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 735209102 /t REG_DWORD /d 1 /f reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 1853569164 /t REG_DWORD /d 1 /f reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 156965516 /t REG_DWORD /d 1 /f :: For 24h2 and Server 2025 reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 1176759950 /t REG_DWORD /d 1 /f :: To have them active in save boot: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{75416E63-5912-4DFA-AE8F-3EFACCAFFB14}" /ve /d "Storage Disks" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{75416E63-5912-4DFA-AE8F-3EFACCAFFB14}" /ve /d "Storage Disks" /f

Test your backup and restore after that. Backup recommended before doing that change.

6 0 Reply
1. Wednesday 4th February 2026 22:01 GMT MatthewSt
  
  Re: Another thing MS should have done earlier...
  
  Because it's had even less testing than what they normally throw out. Use at your own risk!
  
  7 0 Reply
  1. Thursday 5th February 2026 05:31 GMT Jou (Mxyzptlk)
    
    Re: Another thing MS should have done earlier...
    
    Yeah, wrong priorities as Microsoft! 'cause Paint getting 3D and LAYERS was more important than the core OS. ("Was" not stroked out 'cause 3D was already dropped somewhere, and layers ??? possibly next...)
    
    2 0 Reply
2. Thursday 5th February 2026 08:02 GMT SVD_NL
  
  Re: Another thing MS should have done earlier...
  
  Right!!
  
  The last laptop with a SATA SSD I've bought was probably 15 years ago, everything after that has been NVMe. Desktops took a tiny bit longer to move, but it has been the default for at least a decade by now. How has it not been a priority to implement this? Especially with how many things Windows servers do generally being bottlenecked by IO (SQL, SMB, etc.).
  
  2 0 Reply
  1. Friday 6th February 2026 12:56 GMT FIA
    
    Re: Another thing MS should have done earlier...
    
    Because it's a complex change to a fundamental system.
    
    MS may not be great at testing random consumer Windows patches, but they are a large software company, and I think they take the core architecture of Serve quite seriously.
    
    Something as low level as this should take a few years to roll out, if not you've not tested it enough.
    
    Aside: It's this attitude that saved them with the Vista/Longhorn debacle. The consumer windows team had got very good at just chucking stuff in. The sever team weren't having this amount of untested code added to their OS so they ended up forking into consumer and server. This happened just after Win 2K.
    
    When that all went to shit the fact they had a stable branch that had become Server 2003 meant they had a reasonable source code base to start again from.
    
    Now, you could argue that 20 years on they've forgotten this lesson on the consumer side. :)
    
    See Dave Plumbers interview with Dave Cutler for more details, the longhorn stuff is here.
    
    0 0 Reply
Wednesday 4th February 2026 17:24 GMT ThatOne

Can only be unintentional

> Who are we kidding?

Nobody. This was an oversight and will be fixed momentarily. Microsoft is all about removing useful functionality, and adding shiny, happy gadgets nobody asked for or wants (except Microsoft's marketing department).

Windows has been steadily dumbed down since Win7. Windows 14 will only have a big button "Give us money" in fancy colors (and require about 2 TB of disk space).

24 1 Reply
1. Thursday 5th February 2026 05:33 GMT Jou (Mxyzptlk)
  
  Re: Can only be unintentional
  
  s/marketing/propaganda/g
  
  4 0 Reply
Wednesday 4th February 2026 17:42 GMT IGotOut

Oh come on....

...you dont think they will add AI to this?

16 0 Reply
1. Thursday 5th February 2026 10:53 GMT C R Mudgeon
  
  Re: Oh come on....
  
  Of course they will. That's coming in the next update.
  
  Because they can't enshittify a thing unless there's already been an unshitty version to tease you with.
  
  6 0 Reply
  1. Saturday 7th February 2026 13:14 GMT MonkeyJuice
    
    Re: Oh come on....
    
    Support tickets are down, quick, make everything worse! Those KPIs aren't going to hit themselves.
    
    0 0 Reply
Wednesday 4th February 2026 18:09 GMT Anonymous Coward

re: Enabling it requires some work with PowerShell

And the average user who might have used the old add on now has to learn PowerShell?

WTF?

I used to use the old tool BMS (Before MicroSoft) and found it useful but to tie it into PowerShell is like wrapping an AI Slop around it.

5 4 Reply
1. Wednesday 4th February 2026 21:54 GMT thedarkstar
  
  Re: re: Enabling it requires some work with PowerShell
  
  I think the old add on will continue to work fine, and PowerShell is simply to enable it, its two fucking commands to run you're not writing an entire PS script from scratch.
  
  Also comparing PS to AI is insane. Like so insane I think AI might well have written it.
  
  10 5 Reply
2. Wednesday 4th February 2026 22:32 GMT Cris E
  
  Re: re: Enabling it requires some work with PowerShell
  
  No prob, just ask cop ilot to write the PS for you. Knowledge is utterly unnecessary, so you're free to do all the things you've always wanted to explore, like um, well, not Powershell I guess.
  
  3 0 Reply
Wednesday 4th February 2026 21:09 GMT Anonymous Coward

Sysmon for linux

It's important to note that Microsoft has a version of Sysmon that works on Linux and produces a flood of logs to be evaluated.

Must enable the Microsoft repositories.

(Not to be confused with the unrelated sysmon app in the Linux repositories)

4 1 Reply
Wednesday 4th February 2026 22:27 GMT ecofeco

A sign of LOL wut?

No, just no.

M$ never has and never will take customers' wants seriously. Put down the kool-aid.

3 1 Reply
Wednesday 4th February 2026 23:44 GMT DoctorNine

Think deeper...

Not that I'm suspicious, but this sort of tool will help 'forensic investigations' of who did what, on what box, exactly when Windows 11 screenshots become the rage. I doubt this is coincidental. As has been stated earlier, this never was about improving usability or admin efficiency. The Clash were correct. It's about the clampdown.

1 1 Reply
1. Thursday 5th February 2026 01:15 GMT sedregj
  
  Re: Think deeper...
  
  You probably don't do enterprise IT and neither does MS (but they are learning, gradually)
  
  You need the likes of sysmon for system profiling and clearly MS have finally noticed that their shoddy MVP called Endpoint Management is a bit lack-lustre and are finally adding it in.
  
  This is nothing to do with screenshots and that. It is all to do with being able to winkle out nasties.
  
  4 0 Reply
Thursday 5th February 2026 00:24 GMT Albert Coates

The best

I've been using Sysintenals since around 2000. They are beautifully-written single-purpose utils with no frills, which just work. A long time ago I even emailed the developers to say thank you, and they replied swiftly and graciously. 100% recommend. Top marks, many thanks again, 25 years later.

15 0 Reply
1. Thursday 5th February 2026 08:13 GMT Anonymous IV
  
  Re: The best
  
  To add to the Sysinternals utilities, I would suggest those by Nir Sofer at nirsoft.net
  
  A plethora of useful utilities which make any Windows techie's life much more easier...
  
  4 0 Reply
  1. Thursday 5th February 2026 09:05 GMT Jou (Mxyzptlk)
    
    Re: The best
    
    Especially those which the defender is always complaining about... produkey, wlanpass etc etc etc looong List of "Dual-use" "passwordtool" and similar which cause many false alarms and blocking for no other reason that "We politically economically decided to mark those tools evil"...
    
    Similar to many keygens which are actually clean and contain no harmful routine.
    
    4 0 Reply
Thursday 5th February 2026 11:22 GMT Andrew Barr

Next Process Explorer

How do we request that they next use Sysinternals' Process Explorer as the Processes tab on Task Manager - or even just replace task manager with Process Explorer.

1 0 Reply
Thursday 5th February 2026 12:40 GMT FIA

perhaps a sign it's taking user needs more seriously than shareholder demands.

If you don't think short term, these two things should go hand in hand.

2 0 Reply
Thursday 5th February 2026 15:59 GMT Smartypantz

telnet

Then we just need them to put telnet back in the default install. Eliminating this, the most basic of network testing tools, says it all about how serious a developer of operating systems Microsoft are!

0 1 Reply
1. Thursday 5th February 2026 20:41 GMT Jou (Mxyzptlk)
  
  Re: telnet
  
  Test-NetConnection offers more. And if your need UDP-test or a TCP-test which needs less time try my powershell variants. Especially my Test-UDP has a few pre-configured tests for NTP, DNS and a few others thing I needed.
  
  0 0 Reply
Thursday 5th February 2026 20:30 GMT M.V. Lipvig

I initially read that as

"Microsoft actually does something useful, adds Simon to Windows"

Dang it, I was looking forward to the excitement, having already checked the work machine keyboard for carbon tracked lettering and my chair for a ground cable.

0 0 Reply