How to block AI features from the new notepad.exe, company wise
Posted by KickDelicious9533@reddit | sysadmin | View on Reddit | 88 comments
Hello
the new notepad from windows 11 24H2 has the "rewrite" feature, linked to copilot. I know i can go in the app's settings to disable it, but i want to do it once
We don't have intune.
I can deploy GPO's and registry changes.
Do you have the information, please ?
TheMav95@reddit
Procmon shows that flipping the rewrite toggle is modifying:
\REGISTRY\A\{774a7a13-52c2-be07-d26f-5c3b10f9aab3}\LocalState\RewriteEnabled
And for reference the session saving so it reopens files:
\REGISTRY\A\{774a7a13-52c2-be07-d26f-5c3b10f9aab3}\LocalState\GhostFile
These appear to be in an Application Hive, which seem to be more difficult to edit.
https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/filtering-registry-operations-on-application-hives
KickDelicious9533@reddit (OP)
thank you very much ! thanks for sharing the method too, i didn't know i could use procmon like that
the_lazy_sysadmin@reddit
There's a very good reason most AV hates it when you pop open procmon... lol. It has quite an insane amount of features. It can also be used to view command line switches for executables, under the strings tab of a process's/.exe's properties window. Had to utilize that a few times here and there, don't recall for what though.
Alternative-Land5916@reddit
task manager can show command-line strings for running processes. right-click the "name" column on the details tab and select "show columns".
wezu123@reddit
Using Procmon to monitor registry changes made by an app, I'll need to write this down
gramsaran@reddit
Notepad++.exe
lucky38th@reddit
Yeah, but I like to use regular notepad as a quickie simple text editor with a simple interface when I don't need the power of Notepad++, like a bike ride vs driving a diesel pickup
narcissisadmin@reddit
Too bloated.
poontasm@reddit
vi ?
BloodFeastMan@reddit
vim
Abracadaver14@reddit
This would be my answer too. While you can disable it with GPO, I wouldn't be surprised if a future update slightly changed the functionality and in an effort to ~~push this crap down your throat once more~~ be helpful, MS would add a new setting that defaults to on. N++ solves these issues now and in the future.
sccm_sometimes@reddit
I put together a PS script which can run as Admin to loop through all user profiles on a machine and disable the setting for them. Users can still manually set it back if they want so it doesn't enforce the setting, but at least it'll be off by default.
Credit (I got like 80% of the code from here):
https://github.com/zoicware/RemoveWindowsAI
test
BigChubs1@reddit
Why does it need to be blocked?
Ok-Climate-4801@reddit
Because I can't stop it popping up a window offering to rewrite the log file I'm viewing (!) which is obscuring the text I want to read and which I cannot close.
NHarvey3DK@reddit
Why? Such a waste of time doing this.
KickDelicious9533@reddit (OP)
look a sysadmin not bothered by the fact that all text typed in notepad goes directly to microsoft's servers.
I feel more and more like i live on another planet. nonsense becomes the norm.
ronin_cse@reddit
Why does it matter though? What's Microsoft going to do with your information?
schmeckendeugler@reddit
If it didn't matter, they wouldn't have made a gpo for it.
Some places might have rules they must follow such as HIPPA. I can't imagine them allowing a feature which surreptitiously writes stuff to the cloud.
Old_Acanthaceae5198@reddit
Copilot is compliant with hipAA. You didn't have to imagine. Google will let you know.
Dolapevich@reddit
The fact that a closed software can be HIPAA compliant... is a long shot.
Old_Acanthaceae5198@reddit
No. It's not. There are thousands of closed source systems that are fully compatible and even compliant.
You can easily search for these products so I can only assume you haven't understood the context here.
Dolapevich@reddit
Yes, I am just pointing out that... there is an implicit conflict there.
Old_Acanthaceae5198@reddit
How so?
Dolapevich@reddit
It is exactly the discussion we are having here. \ You can not trust windows or notepad, being complex softwares that include facilities designed to exfiltrate data to MS. \ There is no way to know if it represents or not a data breach tool.
DarthPneumono@reddit
...and? Do you imagine all valuable data is covered under HIPAA? Wild thinking.
Old_Acanthaceae5198@reddit
NIST 800 53,171 low and moderate, iso27001 both are fundamentally compatible. No it's not a fit for everything but what I was responding to was the very specific comment above about HIPAA.
Can you point out where I said it was a fit for everyone?
mkosmo@reddit
Export-controlled CUI/CDI systems can be FISMA moderate and/or 171 scoped... so no, it's not fundamentally compatible.
Old_Acanthaceae5198@reddit
Incorrect.
mkosmo@reddit
Next time we’re up for our DIBCAC audit, I’ll be sure to tell DCMA it’s all good because you said so.
There’s a reason we were among the first to score a 110.
Old_Acanthaceae5198@reddit
I'll be sure to let your feedback be known at the next fedramp and nist working groups I attend.
Remarkable-Sea5928@reddit
See also: COPPA and FERPA.
BloodFeastMan@reddit
I'm always amazed at how many advocate for their own unemployment by pushing everything to the cloud and saas.
Old_Acanthaceae5198@reddit
I'm always amazed at how many act like their job is gate keeper.
As with most MS products they document pretty clearly none of it is used for MS training and have role based access for stuff you choose to allow it to process.
A review if it's appropriate for the business is in order but most copilot services are very safe in terms of IP, some PII, some PHI, etc.
But here is usually just screeching about how it's inherently insecure like AWS for years.
Dolapevich@reddit
Yeah, sure... Trust microsoft, what could go wrong?
Old_Acanthaceae5198@reddit
Can you provide examples of Microsoft using enterprise customer data against the terms of service?
KickDelicious9533@reddit (OP)
read about patriot act. it gives pain access to foreign data stored on US servers.
And the first rule is to not talk about it. So of course exemples don't exist publicly.
That said, our company is canadian, we are a manufacturer and we design and build industrial and agricultural equipment. All our IP is out of the cloud for this reason.
Old_Acanthaceae5198@reddit
Ahh right I forgot we are on Reddit where we pretend that businesses run in a stateless world where businesses can avoid warrants and a doctor's offices primary attack vector is state sponsored vs bob not having MFA set up on his shitty password.
Can you provide a single example of any commercial IP stolen via patriot act warrants?
KickDelicious9533@reddit (OP)
I don't have to justify my actions or my company's policies to some random brainwashed dude on reddit. I asked a question, if you don't have the answer please move on.
Old_Acanthaceae5198@reddit
Question? Where? Nobody asked you to justify any of your companies shit lol. I asked for an example, from another person mind you, an example of their slipper slope fantasy where Microsoft is playing corporate espionage and here you are confused about which thread you're replying to.
mkosmo@reddit
Trying to prevent your own obsolescence through stubbornness or refusal to adapt isn't how you protect your employment.
You do that by upskilling.
NHarvey3DK@reddit
Gasp! Imagine what’ll happen when you learn about cookies! And telemetry! AND EMAIL!
Nate379@reddit
Considering how much shit I paste into Notepad that is not intended to be saved or processed in any other way, and that I'm likely not the only one that does this, I would say these things are hardly the same.
There is no reason to add this type of feature to notepad.
Old_Acanthaceae5198@reddit
Are you going to use the rewrite feature on those notes? Or are you against the idea of anyone having this optional feature in notepad?
Nate379@reddit
I haven't seen it yet, so I'm not talking from any understanding of how it's implemented, but if it's something that has to be manually activated I have less of an issue.
Old_Acanthaceae5198@reddit
That is the case. Not digging at you in particular but there is a lot of incorrect information being tossed around in this thread.
KickDelicious9533@reddit (OP)
not true it's on by default. Are you working as a Microsoft PR or what ?
Old_Acanthaceae5198@reddit
You invoke the menu context item and it reads the highlighted text. It does nothing without user input.
Nate379@reddit
Fair enough, and thank you for the clarification.
KickDelicious9533@reddit (OP)
rewrite is on by default. tested on a freshy installed w11 laptop
CMDR_Shazbot@reddit
None of those things are showcasing themselves as a *local* text editor, take your useless non-contributions to this sub and go elsewhere.
KickDelicious9533@reddit (OP)
cookies and email are internet technologies, telemetry is a hassle but can mostly be disabled.
Notepad has no reason to be connected to the internet, it's a security issue if it is. You know, sysadmin's job ?
Continue to cope into not doing things right for your employer.
Old_Acanthaceae5198@reddit
Look a sysadmin screeching aI bad without understanding how it works out reviewing the policy. Pretty typical.
Old_Acanthaceae5198@reddit
AI bad 🙄
blue_canyon21@reddit
Might be to you but it's obviously not to the OP.
If you don't have an answer to the question, just move on.
NNTPgrip@reddit
Load Windows 11 24H2 ADMX Templates into your sysvol
Disable Copilot
also, might want to disable Windows Recall - it's separate
TROLLSKI_@reddit
Isn't the disable co-pilot GPO now deprecated due to co-pilot being moved to a store app?
tooongs@reddit
Yea the official way (for now) is through Applocker, uninstalling it from settings, and PowerShell.
https://learn.microsoft.com/en-us/windows/client-management/manage-windows-copilot#remove-or-prevent-installation-of-the-copilot-app
Rockz1152@reddit
I have Copilot and Recall disabled in a test policy, it did not disable Rewrite in Notepad.
KickDelicious9533@reddit (OP)
the most intelligent answer, thanks !
NNTPgrip@reddit
Good question, only aware to the global GPO setting. You could always try the app "Whatchanged" to take a snapshot of a before and after state of the registry and it will show you the differences to see where that is if it's there for the toggle and then export that key and push that reg key via GPO.
stromm@reddit
Oh fonk.
Totally defeating the whole intent of Notepad.
mkosmo@reddit
They made it very clear that OG notepad was going away.
XCOMGrumble27@reddit
If I wanted something other than OG notepad I'd be using Notepad++.
Notepad.exe fills a very specific niche. Why would they take away a useful tool like that?
TechIncarnate4@reddit
Honestly curious - How are they taking away a useful tool? You don't have to use the new features. You can just use it as notepad. Am I missing something?
Superfluxus@reddit
Security and compliance. If you're working in a heavily regulated environment, tools that have the ability to send data outside of the network could be blacklisted, regardless of if you personally make use of them or not.
TechIncarnate4@reddit
ok, but there are ways to block Copilot. I don't understand the use case to block Copilot in Notepad only, but allow it with other apps.
If you have those security and compliance concerns, then you need the right tooling (secure web gateway, web filtering, whatever) to block the tens of thousands of other AI tools on the Internet.
XCOMGrumble27@reddit
It's no longer a barebones text editor. It has become bloated and chugs on launch from time to time. It no longer opens to a blank .txt document every time. From what I recall the new version also doesn't strip out formatting the way the OG notepad.exe does. Now we've got to worry about whether or not an update reverts a configuration to keep it from forwarding what you type into it to Microsoft's servers, because you know they'll do that at some point either intentionally or through negligence because they've been sliding off a cliff in that regard ever since they fired all their QA people.
The utility of notepad.exe was its simplicity and lack of features. Microsoft adding things to it fundamentally changes what the application is and what role it serves. I don't need another Notepad++ or Microsoft Word, but for some reason they think that's what I want out of notepad.exe.
trail-g62Bim@reddit
Agreed. I like the new notepad. Tabs and being able to open them immediately on running notepad is really nice.
That + the OCR tool in snipping tool + the tabs in explorer are probably the four things that make me not regret switching to 11.
mkosmo@reddit
I get it, and I don't know. Don't shoot the messenger.
I'm with you. I want notepad to be barebones.
TinkerBellsAnus@reddit
Stares at flair
HOW DO YOU DO THIS MAGIC WHERE YOU ARE BANNED AND ALSO POSTING.
Please kind sir, do the needful and assist.
Notepad should be the absolute bare bones stripped down use it for what you need thing and not this happy donkey punch.
With that said, install Notepad++
narcissisadmin@reddit
Sticky Notes then
TinkerBellsAnus@reddit
I despise Sticky Notes.
Drywesi@reddit
they're a sub modmin
isdnpro@reddit
If this won't be the Microsoft "jumping the shark" with AI moment I don't know what will be
davidbrit2@reddit
They haven't quite peaked yet, there's still room for Minesweeper with AI.
Kardinal@reddit
You're talking about for users who do not have Copilot licenses?
You said you don't have Intune but do you have E3 or E5 licenses? If so then you don't need to worry about content being shared outside the Microsoft Service Boundary. That is, your M365 tenant.
If you don't have M365 licenses then yes your data can be used to train the LLMs and is not private and yes you absolutely should turn it off.
KickDelicious9533@reddit (OP)
we are a small business, we use MS 365 standard/basic licences
morilythari@reddit
Allegedly it's fenced in your tenant but there's no way in Hell Micro$oft isn't using it to train their models and all it takes it one little "whoopsie" on their end and it becomes accessible. And given the history of technology no one would know for months.
Kardinal@reddit
That's utter bullshit and I have the audit records to prove it.
KnowledgeTransfer23@reddit
Audit records only prove that it hasn't happened.
They don't prove that it would never happen.
So which are you arguing?
narcissisadmin@reddit
Doubtful
Gloomy_MTTime420@reddit
Notepad++. Vote with your voice, downloads, and actions.
Cold-Funny7452@reddit
You can block the Copilot personal URLs.
This will make sure if apps do use copilot it’s forced to either not work or use the data protection controls associated with signing into Entra.
This is what I use to make sure users are only using copilot with data protection.
The GPO options are valid but url restrictions have a wider area of control.
shamalam91@reddit
Maybe I'm being dumb, what are the copilot personal urls? Our mgmt want the copilot app to be used, but I couldn't find a way to block the option to sign in with personal...
Valencia_Mariana@reddit
"company wide" - you should have used the new AI feature to check your writing.
CyberWhizKid@reddit
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\
You have something related to notepad here ? Enable/Disable through the GUI and check if something change
disposeable1200@reddit
Just disable copilot
TotallyInOverMyHead@reddit
replace it with notepad++