One of our users upgraded their own device to Windows 11 recently when it became available to them. This obviously isn’t a desirable situation for our enterprise if we’re trying to prevent any kind of incompatibility with our systems so I found this topic on the MS community. Based on that topic I created the following Worklet. The goal is to prevent any other users from seeing the Windows 11 upgrade notification or performing the upgrade.
Evaluation
<#
.SYNOPSIS
This Test script checks to see if the listed registry values are present
.DESCRIPTION
This script queries the registry for the required values to prevent
Windows 11 from installing.
.Notes
File Name :Prevent_w11_Eval.ps1
Original Author :TJ Coppola
Prerequisite :PowerShell V2 over win7 and upper
#>
#define variables
$path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
$wu = Get-ItemProperty -Path $path
#check keys
if($wu.ProductVersion -match "Windows 10" -and $wu.TargetReleaseVersion -eq 1 -and $wu.TargetReleaseVersionInfo -match "21H2"){exit 0}
else{exit 1}
Remediation
<#
.SYNOPSIS
This script creates registry values to prevent Windows 11 from
installing.
.DESCRIPTION
This script queries the registry for the required values to prevent
Windows 11 from installing then creates them if they are not
present.
.Notes
File Name :Prevent_w11.ps1
Original Author :TJ Coppola
Prerequisite :PowerShell V2 over win7 and upper
#>
#Handle Exit codes:
trap {$host.ui.WriteErrorLine($_.Exception); exit 90 }
#define variables
$path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\"
$key = "WindowsUpdate"
$wu = Get-ItemProperty -Path $path$key
#create key
if(-not (Test-Path $path$key)){New-Item -Path $path -Name $key}
else{write-host $path$key "already exists."}
#create properties
Try{
if(-not $wu.ProductVersion -match "Windows 10"){New-ItemProperty -Path $path -Name "ProductVersion" -Value "Windows 10"}
else{write-host "Property" $wu.Productversion "already exists."}
if(-not $wu.TargetReleaseVersion -eq 1){New-ItemProperty -Path $path -Name "TargetReleaseVersion" -Value 1}
else{write-host "Property" $wu.TargetReleaseVersion "already exists."}
if(-not $wu.TargetReleaseVersionInfo -match "21H2"){New-ItemProperty -Path $path -Name "TargetReleaseVersionInfo" -Value "21H2"}
else{write-host "Property" $wu.TargetReleaseVersionInfo "already exists."}
}
Catch{exit 1}