Skip to main content

Prevent Windows 11 Upgrade

TJ_Coppola
Forum|alt.badge.img

One of our users upgraded their own device to Windows 11 recently when it became available to them. This obviously isn’t a desirable situation for our enterprise if we’re trying to prevent any kind of incompatibility with our systems so I found this topic on the MS community. Based on that topic I created the following Worklet. The goal is to prevent any other users from seeing the Windows 11 upgrade notification or performing the upgrade. 
 

Evaluation

<#
.SYNOPSIS
    This Test script checks to see if the listed registry values are present
.DESCRIPTION
    This script queries the registry for the required values to prevent
    Windows 11 from installing.
.Notes
    File Name       :Prevent_w11_Eval.ps1
    Original Author :TJ Coppola
    Prerequisite    :PowerShell V2 over win7 and upper
#>

#define variables
$path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
$wu = Get-ItemProperty -Path $path

#check keys
if($wu.ProductVersion -match "Windows 10" -and $wu.TargetReleaseVersion -eq 1 -and $wu.TargetReleaseVersionInfo -match "21H2"){exit 0}
else{exit 1}

Remediation

<#
.SYNOPSIS
    This script creates registry values to prevent Windows 11 from
    installing. 
.DESCRIPTION
    This script queries the registry for the required values to prevent
    Windows 11 from installing then creates them if they are not 
    present.
.Notes
    File Name       :Prevent_w11.ps1
    Original Author :TJ Coppola
    Prerequisite    :PowerShell V2 over win7 and upper
#>

#Handle Exit codes:
trap {$host.ui.WriteErrorLine($_.Exception); exit 90 }

#define variables
$path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\"
$key = "WindowsUpdate"
$wu = Get-ItemProperty -Path $path$key

#create key
if(-not (Test-Path $path$key)){New-Item -Path $path -Name $key}
else{write-host $path$key "already exists."}

#create properties
Try{
    if(-not $wu.ProductVersion -match "Windows 10"){New-ItemProperty -Path $path -Name "ProductVersion" -Value "Windows 10"}
    else{write-host "Property" $wu.Productversion "already exists."}

    if(-not $wu.TargetReleaseVersion -eq 1){New-ItemProperty -Path $path -Name "TargetReleaseVersion" -Value 1}
    else{write-host "Property" $wu.TargetReleaseVersion "already exists."}

    if(-not $wu.TargetReleaseVersionInfo -match "21H2"){New-ItemProperty -Path $path -Name "TargetReleaseVersionInfo" -Value "21H2"}
    else{write-host "Property" $wu.TargetReleaseVersionInfo "already exists."}
    }
Catch{exit 1}

 

4 replies

B

Thanks for this, I got a couple of questions.

 

Does this need to be on a schedule or just ran once?

 

How do you get them to SEE the message or reverse this worklet so that they can see the notification to download Windows 11?

TJ_Coppola
Forum|alt.badge.img
  • TJ_Coppola
  • Author
  • Pro
  • 32 replies
  • March 21, 2022
bryan.singh wrote:

Thanks for this, I got a couple of questions.

 

Does this need to be on a schedule or just ran once?

 

How do you get them to SEE the message or reverse this worklet so that they can see the notification to download Windows 11?

It only needs to be run once.

They will see the original prompt to upgrade to Win11 whenever Microsoft rolls it out to them. As far as I know, you cant force it. 

To be clear, I haven’t been able to validate that this will prevent the message from appearing. Hopefully it will, but it’s reported to at least prevent automatic installation of Win11 through Windows Update. 

B

Ah well atleast it’s something!

Thanks for your effort in all of this. I need to find a solution to prevent the notification and the update from happening. We have some devices that got the install done already - we have to figure out how to roll it back to Windows 10 as well.

TJ_Coppola
Forum|alt.badge.img
  • TJ_Coppola
  • Author
  • Pro
  • 32 replies
  • March 21, 2022
bryan.singh wrote:

Ah well atleast it’s something!

Thanks for your effort in all of this. I need to find a solution to prevent the notification and the update from happening. We have some devices that got the install done already - we have to figure out how to roll it back to Windows 10 as well.

Rolling back should be possible within 10 days of install, but after that I have no idea what options are available.

If it were up to me I would back up the data and reinstall Windows 10. 

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings