Windows 11 25H2 Insider: Dark Mode File Explorer, ESS Peripherals, and OOBE Changes

Microsoft's latest Insider flights push another incremental but meaningful polish to Windows 11 while sharpening a debate that's been simmering for years: Microsoft is improving dark mode and biometric security, but it's also continuing to tighten the setup experience so new installs are far more likely to require a Microsoft Account. The new Dev- and Beta-channel preview builds (the 25H2-enabled 26220 and 26120 flight families) surface a cluster of visible changes — dark-themed File Explorer dialogs, expanded Windows Hello Enhanced Sign-in Security (ESS) support for peripheral fingerprint readers, and new Click to Do (Copilot) capabilities — while also introducing setup-time controls that will make local-account-first installs harder without workarounds. These updates are rolling out gradually to Insiders and are still work-in-progress, but they mark a clear direction for the Windows 11 25H2 era.

Background / Overview​

Windows Insiders in the Dev and Beta channels are receiving a stream of cumulative preview builds tied to the Windows 11 25H2 enablement package. Microsoft continues using a staged rollout model: the same build can contain feature code that’s enabled on a subset of devices via server-side flags, so two Insiders on the same build may see different behavior. That staged model affects how and when new visuals (like dark dialogs) and features (like Click to Do actions) appear on individual machines. The new preview releases also bundle multiple bug fixes and known issues that Insiders should weigh before installing on production hardware.
The most discussed items in this flight are:

• File Explorer dark-mode improvements for file-operation dialogs and progress UI.
• Windows Hello ESS expansion to include certain peripheral fingerprint sensors.
• Click to Do (Copilot) previews adding image object selection and on-screen unit conversion.
• Windows Setup (OOBE) changes: an option to name the default user folder during setup, paired with the deliberate removal of previously common local-account bypasses.
• A raft of smaller fixes, device compatibility notes, and known issues for taskbar, File Explorer scaling, Windows Studio Effects and more.

---

What’s new — visible changes and how they affect you​

A long-overdue dark-mode push in File Explorer​

Microsoft has started shipping code that darkens a set of high-frequency File Explorer dialogs: copy/move progress windows, delete confirmations, access-denied prompts, and other file-operation pop-ups. The updated dialogs adopt dark greys and updated progress visuals (notably a blue progress bar in dark mode) so the system theme no longer gets broken by frequent white pop-ups. These changes are staged, incomplete in places (some buttons still render light), and intended to be iterated on before broad production release.
Why it matters

• For users who prefer Dark mode for ergonomics or battery reasons, this reduces the jarring luminance shifts that previously occurred during everyday tasks such as copying or deleting files.
• It's a tangible improvement to perceived polish across the shell — a problem area Windows has been criticized for since Windows 10’s initial dark-mode inconsistencies.

Practical notes

• The dark dialogs are delivered behind staged feature flags. Some Insiders will see them, others won’t, even on identical builds.
• Enthusiasts have used community tools (like ViVeTool) to enable hidden flags; that remains a tinkerer-only route and is not an official enablement path. Treat manual enabling as experimental.

Windows Hello: Peripheral fingerprint ESS support expands (but with caveats)​

Microsoft’s Enhanced Sign-in Security (ESS) — the more secure, VBS-backed Windows Hello path that isolates biometric matching — has historically been limited to factory-integrated sensors. The current preview signals broader support: peripheral fingerprint sensors that meet ESS hardware/firmware/driver requirements can now participate in the protected pipeline, meaning a USB fingerprint reader that’s ESS-capable can deliver the same security guarantees as internal sensors on compatible builds. Microsoft’s documentation and the Insider notes make clear that ESS-enabled peripherals require certified hardware, up-to-date drivers and OEM firmware, and that full peripheral ESS support is being rolled out across late‑2025.
Why it matters

• This closes a long-standing security vs convenience gap: organisations and users who want to connect approved fingerprint peripherals without reducing biometric isolation now have a supported route.
• For security-conscious deployments, ESS peripheral support enables consistent Windows Hello behavior across device categories (laptops, desktops and docked setups).

Caveats and risks

• ESS requires specific sensor characteristics (“match on chip”) and a Microsoft-issued certificate embedded at manufacture; not every USB fingerprint reader will qualify.
• The OS-side ESS toggle and driver/firmware requirements mean adoption will be gradual and device/driver vendors will need to ship updates. Microsoft still recommends plugging compatible peripherals into a PC before first boot and enrolling under ESS if you need early support, but that is not a universal solution.

Click to Do (Copilot) — Image object select and unit conversion​

The Click to Do preview (Copilot-driven on Copilot+ PCs) is adding practical micro-features that aim to accelerate creative and productivity flows:

• Image Object select: hover to preview selectable areas in an image, extract an object for copy/paste into other apps, or start a Copilot-assisted workflow.
• Unit conversion: hover over on‑screen number+unit combinations (length, area, volume, weight, temperature, speed) to see quick conversions in a floating tooltip, with deeper options routed through Copilot. These features are being rolled out to Copilot+ hardware first and are subject to regional availability limitations.

Why it matters

• These are small, pragmatic improvements that show the Copilot/Click-to-Do vision: make on‑screen content actionable without context switching.
• For creators and knowledge workers, the image-object extractor and instant unit conversions can speed routine tasks.

---

Setup and identity: Microsoft doubles down on account-first OOBE​

You can name your default C:\Users folder during OOBE (new command)​

The preview introduces a supported way to set the name of the default profile folder during setup: from the Microsoft account sign-in page in OOBE, pressing Shift+F10 opens a Command Prompt; after navigating to the OOBE folder (cd oobe) a SetDefaultUserFolder.cmd command can be run with a custom name (up to 16 Unicode characters). If left unset, Windows will continue generating the profile folder name from the Microsoft account. This is a welcome quality-of-life change for users who dislike the opaque 5-character folder names derived from emails.
Practical step-by-step (as described in the preview notes)

• At the Microsoft account sign-in screen in OOBE, press Shift + F10.
• Run: cd oobe
• Run: SetDefaultUserFolder.cmd <YourFolderName> (16 characters max; Unicode only; special characters removed)
• Continue with Microsoft Account sign-in. If valid, the custom folder name will be used.

But: Microsoft is removing known local-account bypasses in OOBE​

Concurrently, Microsoft says it is removing known mechanisms that were used to create local accounts during OOBE — i.e., the commonly used tricks and scripts that let people skip Microsoft Account creation. The company frames this as a fix for situations where the bypasses left devices incompletely configured after setup; critics read it as another push to standardize installs on a Microsoft account and internet connectivity. The change has been visible in Insider channels and has already been covered broadly by outlets documenting the removal of the bypassnro script and related workarounds.
Implications

• For home users comfortable with a Microsoft Account this is friction-free; they get cloud features and account-linked services during setup.
• For power users, privacy-minded consumers, and some IT scenarios, removing easy local-account creation increases the complexity of doing a purely local install. Workarounds (unattend.xml, Rufus installer options, registry or console hacks) still exist but may be blocked or made more brittle in future updates. Multiple reputable outlets and community write-ups have tracked the cat-and-mouse of bypass removal and the emergence of new techniques.

Security rationale vs. user choice

• Microsoft’s stated rationale centers on ensuring complete device configuration and aligning security and telemetry concerns during OOBE. Critics argue this reduces user choice and complicates scenarios such as impartial reinstallations, kiosk setups, or privacy-first environments. Both perspectives have merit; the key takeaway is that the platform is trending toward requiring connectivity and a Microsoft account at setup time unless alternate deployment tooling is used.

---

Fixes, known issues and compatibility notes​

Notable fixes rolling out​

• Resolved a range of taskbar and system tray edge cases, including auto-hide peek issues and focus problems when using app preview thumbnails.
• File Explorer EFS dialogs now respond properly to increased text scaling in this flight — addressing an accessibility regression some Insiders reported.
• A compatibility fix for Windows Studio Effects: an earlier build produced camera preview failures for some external webcams when studio effects were enabled; Microsoft has patched many affected cases and advises disabling Studio Effects as a temporary workaround if you see the issue.
• A number of other targeted fixes include improvements to Settings (incorrect link speed reporting for some network adapters), Hyper-V TPM VM start failures on ARM64, and protected media playback issues in certain media apps that use Enhanced Video Renderer with HDCP enforcement.

Known issues to watch for​

• Click to Do: right-edge gesture may show swipe visuals on the wrong display.
• Lock/login screen: touch keyboard may fail to launch on the login screen in some cases; the on-screen keyboard from accessibility menu is a workaround.
• Xbox controllers: a Bluetooth driver configuration can cause serious bugchecks; Microsoft documents an uninstall-by-driver procedure to recover.
• Taskbar preview animations were temporarily disabled because they interfered with sharing a window from its preview; these animations may return in a later flight.

---

Analysis: strengths, trade-offs and risks​

Strengths — polish, security, and AI-driven productivity​

• Dark mode improvements address a long-standing UX complaint. This is a visible polish that benefits a broad user base, especially on OLED and low-light setups. It’s a small but high-impact QoL change.
• ESS peripheral support can bring enterprise-grade biometric protections to a wider set of devices — a net security gain if hardware vendors and OEMs adopt the required certificates and drivers. For managed fleets, having more ESS-compliant hardware options is valuable.
• Click to Do additions feel practical: object extraction and unit conversion are natural micro-accelerations that demonstrate where on-device Copilot features can reduce friction. For Copilot+ hardware, these features showcase the productivity promise of integrating small LLM and vision models into daily workflows.

Trade-offs and user-impact risks​

• Reduced install-time freedom: the move to remove local-account bypasses raises legitimate concerns. Users who rely on local accounts (privacy reasons, offline settings, device handoffs, certain enterprise or lab setups) will have to rely on deployment tools, unattend files or third-party installers such as Rufus to maintain their workflows. Those workarounds can be technical and fragile, and Microsoft may close them over time. The change effectively raises the barrier for a classic local-first experience.
• Hardware/driver dependency for ESS: while peripheral ESS support is a net win, its security guarantees depend on hardware certificates, drivers and firmware. That adds operational work for IT and OEMs and creates a transition period where behavior will vary between devices. Administrators should validate per-device compatibility before wide deployment.
• Preview instability: these features are staged and experimental. Insiders should expect partial rollouts and potential regressions (audio stutters, camera preview failures, green-screen hibernation bugs reported in earlier flights). Installing preview builds on mission-critical machines remains inadvisable.

Accessibility note​

• Improvements such as EFS dialogs responding to text scaling are important for accessibility. However, dark-mode changes must be tested with high-contrast and increased-text configurations to ensure dialogs remain legible and controls remain discoverable for assistive technologies. The staged rollout means not all Insiders can validate these flows uniformly today.

---

How enthusiasts and admins should approach these builds​

• If you run Insiders on a daily driver: treat these flights as testing grounds. Expect partial rollouts and known issues; keep backups and avoid relying on experimental Copilot features for critical workflows.
• If you care about a local-only install experience: plan for deployment options (unattend.xml automated installs, vendor-provided imaging, or Rufus-created media). Be aware these are not supported consumer flows and may be closed off by future updates. Track Microsoft’s OOBE policy and the Insider blog for changes.
• If you manage fleets and plan to enable ESS with peripheral readers: validate devices against Microsoft’s ESS compatibility checklist — look for match-on-chip sensors, vendor-signed firmware, and driver updates. ESS improves security but is only as good as the weakest link in the device/driver chain.

---

Quick reference: enabling / testing the headline features (for testers only)​

• To try the darkened File Explorer dialogs: enroll in the appropriate Insider channel (Dev/Beta where the 25H2 enablement flight is present) and make sure you have the staged feature enabled by Microsoft. Some community guides demonstrate using ViVeTool to flip hidden flags, but this is unsupported and experimental. Restart after enabling the flag to see changes.
• To check ESS peripheral readiness:
• Plug in the fingerprint peripheral.
• Open Device Manager > Biometric devices and check the device properties; verify whether the registry keys described in Microsoft’s ESS docs (SecureFingerprint = 1 under the device’s WinBio Configurations path) appear.
• Use Settings > Accounts > Sign-in options > Additional settings to configure the external device toggle if required by your hardware.
• To experiment with naming C:\Users at OOBE:
• On the Microsoft account sign-in page in OOBE press Shift + F10.
• Run: cd oobe then SetDefaultUserFolder.cmd <YourFolderName> (16 chars max).
• Continue with MSA sign-in and complete OOBE. If the folder name is valid it will be applied. This is a preview-only flow; administrators should not rely on it for large-scale deployments without validation.

---

Final verdict — cautious optimism with practical concerns​

This set of Insider flights is notable because it mixes tangible UX polish (dark-mode completion for file dialogs) with larger platform-level direction changes (ESS peripheral expansion and stricter OOBE flows). On balance:

• The dark-mode fixes and Click to Do enhancements are solid wins for user experience and productivity, and they address long-standing friction points.
• The ESS expansion is strategically important for improving biometric security across more device types, but it places new responsibilities on hardware and driver ecosystems.
• The most contentious change — removing easy local-account bypasses from OOBE — materially affects power users and certain IT scenarios. Microsoft’s security and setup-consistency rationale is understandable, but the trade-off reduces immediate installation flexibility and raises the friction for privacy-first setups.

For Windows enthusiasts and IT pros the practical guidance is simple: test these builds in controlled labs, verify hardware and deployment toolchains (especially for ESS or local-account workflows), and treat staged Insiders features as previews rather than guarantees. The direction — more cohesive dark mode, more secure biometrics, and deeper Copilot integration — is positive. The means, however, require trade-offs that will not satisfy everyone. Watch the Insider blog and vendor driver updates closely as these features move toward broader availability.

---

Conclusion
Windows 11’s newest preview builds continue a two-track evolution: visible UX progress that makes the OS feel more finished, and platform-level hardening that centralizes account- and hardware-based security. For most users the dark-mode and Copilot conveniences will be welcome; for privacy-focused installers and some power scenarios the setup changes are inconvenient and raise real questions about user choice. The important practical fact is that these features and restrictions are being rolled out gradually and iteratively — tested through Insiders before they land broadly — so organizations and advanced users have a window to validate and adapt. Monitor the Insider release notes, validate device firmware/drivers if you plan to adopt ESS peripherals, and treat preview builds as testbeds rather than drop-in upgrades for production systems.

---

Source: Neowin Windows 11 25H2 finally gets long-requested dark mode improvements and more in new build