Microsoft tells IT admins to turn off legacy group policies to improve Windows performance

The Windows key being pushed on a blue laptop
(Image credit: Shutterstock)

Microsoft has published a list of 25 group policies in Windows 10 and Windows 11 that admins should disable in order to improve overall software performance.

The article, posted to the Windows IT Pro Blog, has been met with anger among the admin crowd as most of the policies are related to effective update management - a sore topic of late given Microsoft's bungling of recent Windows patches.

Author of the blog post, Aria Carley, senior program manager at Microsoft, said the legacy group policies are a result of numerous changes to Windows over the years and, since Windows 10 version 1511 was released in 2015, the way notifications, update behaviours, installations, and restarts have all changed considerably.

"We have also worked to evolve and simplify the controls needed to support these improved experiences, and identify which older policies have become irrelevant or replaced with a better option," said Carley. "As a result, the Windows update policy set contains policies that no longer have any impact; that don’t work as described on devices running Windows 10, version 20H2 or later; or that work but not as well as the policies that were added to accomplish a similar experience in a much better way."

Though the cleanup of legacy policies was designed to simplify things for Windows admins, the community has expressed concern that it may do the opposite, according to complaints posted to Reddit.


Work from anywhere: Empowering the future of work

Employees want to work from anywhere, IT needs to be able to support this shift


Complaints largely revolve around the 'instability' of Windows following update releases, the increasing complexities involved with managing Windows environments in businesses, and applying updates easily.

"Oh great and most [policies] are patching related," one user wrote. "As if controlling patches for Windows 10 wasn't enough of a pain in the ass already..."

One user also drew attention to the conflicting information provided by Microsoft on the matter. The 25 group policies that Microsoft recommends should be disabled are thought to conflict with the settings in Microsoft's own Windows Update Baseline Toolkit.

"I checked, and frustratingly, many of the recommended settings from Aria's article conflict with the settings from Microsoft's own Windows Update Baseline Toolkit," one user wrote.

According to Microsoft, this toolkit provides a set of tools that allow admins to download, test, edit, and store Microsoft-recommended policy configurations for optimal deployment and device management.

Screenshot of the Windows Local Group Policy Editor and where to find the Legacy Policies folder

(Image credit: Microsoft)

Microsoft has made it especially easy for Windows 11 admins to check which policies should be disabled by adding a sub-folder in the 'Windows Update' directory named 'Legacy Policies', which should only contain the group policies that need to be switched off.

Microsoft said applying the recommendations will lead to better control of Windows environments and admins will encounter fewer unexpected behaviours. "At the end of the day, it is best to leverage the default experience," said Carley. "Not only do defaults provide the best experience, they are also the most effective at keeping devices up to date."

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.