Windows News
NTLite version 2026.04.10936 now enables users to strip out Copilot, Windows Recall, and other AI components from Windows 11 25H2 installation images before deployment. The update, first reported by gHacks on May 4, 2026, gives system administrators and privacy-conscious users granular control over features Microsoft increasingly embeds into the operating system.
Pre-installation removal sidesteps the limitations of post-install uninstall routines. Copilot and Recall are deeply integrated into the Windows 11 shell and search infrastructure. Attempting to remove them after setup often leaves behind registry entries, scheduled tasks, and background processes. NTLite's approach edits the Windows image directly, excising components before they ever touch the file system.
What’s New in NTLite 2026.04.10936
The release expands NTLite’s component removal library with definitions for Windows 11 version 25H2 (build 26100 and later). While NTLite has been able to remove in-box apps and features for years, this update specifically targets the AI-centric additions Microsoft has been layering into Windows.
Newly removable components include:
- Windows Copilot (both the taskbar integration and the underlying assistant service)
- Windows Recall (the timeline/search feature that captures screen history)
- AI-powered Search and Indexing components
- Connected AI Experiences that send data to Microsoft cloud endpoints
- The Copilot key handler and associated keyboard shortcuts
NTLite presents these components in its tree view under Windows Apps > System Apps. Users can check a box to remove them and then apply the changes to a mounted image or an ISO file. The tool also automatically resolves dependencies, preventing broken installations when one component relies on another.
Why Remove Copilot and Recall Before Installation?
Windows Recall in particular has drawn scrutiny since its initial announcement. The feature records user activity—including screenshots of open windows—to enable searching past actions. Despite Microsoft’s assurances of on-device processing and encryption, many organizations and individuals have flagged the feature as an unacceptable privacy risk. The ability to rip it out of an installation image meets a regulatory requirement for enterprises subject to strict data handling mandates.
Post-install removal is possible but messy. The Settings app in Windows 11 25H2 does offer toggles to disable Recall and Copilot, but they do not fully delete the executables or encrypted database files. GPO and MDM policies can hide the features but still leave behind binaries that might trigger vulnerability scans. NTLite’s method creates a clean image with no footprint of the targeted features, reducing attack surface and eliminating unwanted telemetry.
How Pre-Install Removal Works
NTLite’s workflow is straightforward for anyone familiar with Windows image servicing. The steps:
1. Source the 25H2 image: Mount an official Windows 11 25H2 ISO or WIM file. NTLite works with standard install.wim/install.esd files.
2. Load the edition: Choose the specific Windows edition (Pro, Enterprise, Education, etc.).
3. Component removal: Navigate to the Components page. Under System Apps, locate Copilot and Recall. Checking them also selects dependent AI services.
4. Apply changes: NTLite processes the image, removing files and registry entries. This can take several minutes depending on the number of components selected.
5. Create a new ISO or answer file: The tool can build a bootable ISO or slipstream the modified image into an existing deployment setup.
Advanced users can integrate this into automated builds. NTLite supports command-line processing and can be called from scripts to mass-produce images for different departments or compliance profiles.
Additional Customization Options in This Release
Beyond AI component removal, version 2026.04.10936 brings compatibility updates for the full 25H2 feature set. Highlights include:
- Updated driver integration: Better handling of new driver store formats in 25H2.
- Servicing stack adjustments: Support for the latest cumulative updates when slipstreaming.
- Expanded privacy templates: One-click profiles that disable telemetry, advertising ID, Cortana remnants, and data collection settings.
- New Group Policy presets: Direct injection of administrative templates to lock down AI features even if they are not fully removed.
NTLite’s changelog also notes improved Windows Feature Update (WFU) compatibility. Users can now service 25H2 images and then later perform an in-place upgrade without re-enabling removed components.
Community and Enterprise Reception
The gHacks report quickly circulated among IT professional communities. Reactions have been largely positive, with many admins calling the feature “overdue” and “essential for regulated environments.” Some users on Windows customization forums expressed hope that Microsoft would eventually provide official, streamlined removal tools rather than relying on third-party solutions like NTLite.
However, concerns linger about the long-term support implications. Removing deeply embedded components can cause issues with future updates. Microsoft typically tests only clean installations or upgrades from previous builds, not stripped-down images. NTLite warns users that heavy customization might require additional manual servicing when applying cumulative updates.
In enterprise settings, the risk is mitigated by testing. Organizations typically validate each custom image on a subset of hardware before broad deployment. The ability to automate image creation with NTLite’s command-line interface reduces human error and speeds up deployment pipelines.
Comparison with Other Removal Methods
Before this NTLite update, users had limited options to fully remove Copilot and Recall from Windows 11 25H2:
| Method | Effectiveness | Persistence |
|---|---|---|
| Settings toggles | Disables but leaves files | Survives version updates |
| PowerShell removal scripts | Deletes some packages, may break features | Often reversed by cumulative updates |
| Group Policy disablement | Hides UI, does not delete files | Policy may be overridden by design changes |
| NTLite 2026.04.10936 pre-install removal | Complete excision from image | Survives any update unless the component is re-added by Microsoft |
NTLite’s solution is the only one that guarantees a component will not be present after installation. It is also the only method that works before boot, preventing any initial data collection or unwanted background activity.
System Requirements and Licensing
NTLite 2026.04.10936 works on any Windows 10 or Windows 11 host. The software comes in free and licensed editions. The free version supports basic component removal but restricts image saving and some advanced features. Removing Copilot and Recall requires a standard license (current pricing: $40 per year for personal use, with business and site licenses available).
The tool needs at least 8 GB of RAM and an SSD for acceptable processing speed—images can exceed 10 GB when servicing multiple editions.
Microsoft’s Stance on Image Customization
Microsoft has never officially endorsed third-party image customization tools, though the Windows ADK and DISM command-line tools provide some official removal capabilities. With Windows 11, Microsoft has tightened its grip on the default experience, making it harder to bypass the Microsoft account requirement and pre-pinning more services to the taskbar.
The addition of Copilot and Recall to the “immovable” category reflects a strategic push toward AI-driven computing. By baking these features into the OS, Microsoft ensures a large installed base for its cloud services. However, enterprise feedback and regulatory pressure in the EU have historically forced Microsoft to add toggles and privacy controls. NTLite fills a gap where those controls do not go far enough.
What This Means for Windows 11 25H2 Adoption
Windows 11 25H2 (expected to be the 2025 feature update) is not yet generally available as of May 2026, but it is in wide testing via the Release Preview channel. Its build number (26100) aligns with the Windows Server 2025 core, indicating a significant platform update. The integration of Recall into Search is a tentpole feature, so the ability to disentangle it could accelerate adoption in conservative enterprise environments.
Many organizations that skipped 24H2 due to hardware requirements or feature bloat may reconsider 25H2 if they can tailor the image to approximate a lean Windows 10 experience. NTLite’s support gives IT departments a migration path that doesn’t require them to accept every new AI feature.
Potential Drawbacks and Risks
Stripping Copilot and Recall completely might break some AI-enhanced functionalities that appear superficial but have deep hooks. For example, the new AI-powered search suggestions in File Explorer might rely on the same indexing service Recall uses. NTLite’s dependency resolution usually catches these, but edge cases can slip through.
Users on NTLite forums have reported that removing the Copilot key handler also disables the assistant key on newer keyboards, which some users prefer to remap to other functions. The tool’s flexibility means you can remove the key handler while keeping Copilot if needed.
Cumulative update compatibility is the biggest unknown. Microsoft could decide to re-provision a removed component in a future patch. NTLite cannot prevent that, but its “protect tweaks” feature can block specific packages from being reinstalled during servicing. This requires manually identifying the KB numbers that carry the unwanted packages—a cat-and-mouse game with Microsoft’s update team.
How to Test Before Full Deployment
For administrators considering this route, a staged approach is recommended:
- Build a reference image with NTLite, removing the desired components.
- Deploy to a virtual machine or a test PC.
- Run thorough workload tests: common line-of-business applications, printing, network authentication, and feature updates.
- Apply the latest cumulative update and check for any re-appearance of removed components or broken functionality.
- Use Sysinternals tools to monitor for missing dependencies or error events.
- Capture the validated image for broader deployment using MDT, SCCM, or Intune.
The Role of Third-Party Tools in Windows Customization
NTLite occupies a unique niche. While Microsoft offers Deployment Image Servicing and Management (DISM) for offline servicing, DISM does not expose the same granular component list. NTLite reverse-engineers the Windows image structure to provide a user-friendly interface for what otherwise requires manual surgery on manifest files.
The evolution from DISM to NTLite reflects a broader trend: as Windows becomes more complex, the official tooling lags behind administrative needs. Tools like NTLite, MSMG Toolkit, and WinReducer have thrived by offering capabilities Microsoft considers too risky for general audiences. When features like Recall become mandatory to the point of lacking an uninstaller, these tools become nearly essential for compliance-conscious users.
What’s Next for NTLite
NTLite’s development team has indicated they will continue tracking Windows Insider builds to quickly add removal definitions for upcoming features. The gHacks report suggests that future versions may extend support to Copilot Pro features and the deeper AI integrations rumored for Windows 12.
With the growing conversation around AI regulation, NTLite is positioned as a privacy tool that puts control back in users’ hands. Whether Microsoft will officially certify such customizations remains doubtful, but for now, IT professionals have a viable escape hatch from unwanted AI bloat.
NTLite 2026.04.10936 is available for download from the official NTLite website. Users are advised to back up their original ISOs and verify image integrity after customization.