How to Disable Automatic Windows 11 Upgrade [PowerShell Script]

As businesses across the globe prepare to adapt to the latest iteration of Microsoft’s operating system, many IT professionals and Managed Service Providers (MSPs) are seeking ways to control the transition. If your organization isn’t quite ready to make the leap and you’re searching for a method to disable automatic Windows 11 upgrade, you’ve landed on the right blog. Here, we’ll dissect an invaluable PowerShell script that disables Windows 11 upgrades efficiently.

The Necessity for Control

Before diving into the script, it’s worth considering why one might want to disable Windows 11 updates. Windows 11 comes with a bevy of new features and security upgrades, but every IT professional knows that new doesn’t always mean better—at least, not right away. New versions can break compatibility with existing software or create unforeseen issues that are only manageable once known. Therefore, having the power to control when to upgrade can save you from unexpected headaches.

The Script:

This PowerShell script serves as your control mechanism. Specifically, it disables Windows 11 upgrade by locking the TargetReleaseVersion and TargetReleaseVersionInfo to the currently installed version of your Windows OS. For a team of IT professionals or MSPs, this is like striking gold; it offers a seamless way to manage hundreds or thousands of machines.

<#
.SYNOPSIS
    Disables Windows 11 upgrade.
.DESCRIPTION
    Disables Windows 11 upgrade by locking the TargetReleaseVersion and TargetReleaseVersionInfo to the currently installed version.
.EXAMPLE
    No parameters needed
    Disables Windows 11 upgrade.
.OUTPUTS
    None
.NOTES
    Minimum OS Architecture Supported: Windows 10
    Release Notes:
    Disallows the upgrade offer to Windows 11 to appear to users
    (c) 2023 NinjaOne
    By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https://www.ninjaone.com/terms-of-use.
    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. 
    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. 
    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. 
    Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. 
    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. 
    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. 
    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
#>
[CmdletBinding()]
param ()

begin {
    function Test-IsElevated {
        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()
        $p = New-Object System.Security.Principal.WindowsPrincipal($id)
        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
    }
    function Set-ItemProp {
        param (
            $Path,
            $Name,
            $Value,
            [ValidateSet("DWord", "QWord", "String", "ExpandedString", "Binary", "MultiString", "Unknown")]
            $PropertyType = "DWord"
        )
        # Do not output errors and continue
        $ErrorActionPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue
        if (-not $(Test-Path -Path $Path)) {
            # Check if path does not exist and create the path
            New-Item -Path $Path -Force | Out-Null
        }
        if ((Get-ItemProperty -Path $Path -Name $Name)) {
            # Update property and print out what it was changed from and changed to
            $CurrentValue = Get-ItemProperty -Path $Path -Name $Name
            try {
                Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false -ErrorAction Stop | Out-Null
            }
            catch {
                Write-Error $_
            }
            Write-Host "$Path$Name changed from $CurrentValue to $(Get-ItemProperty -Path $Path -Name $Name)"
        }
        else {
            # Create property with value
            try {
                New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false -ErrorAction Stop | Out-Null
            }
            catch {
                Write-Error $_
            }
            Write-Host "Set $Path$Name to $(Get-ItemProperty -Path $Path -Name $Name)"
        }
        $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Continue
    }
}
process {
    if (-not (Test-IsElevated)) {
        Write-Error -Message "Access Denied. Please run with Administrator privileges."
        exit 1
    }

    # Get Current Version
    $release = (Get-ItemProperty -Path "HKLM:SOFTWAREMicrosoftWindows NTCurrentVersion" -Name ReleaseId).ReleaseId
    $ver = (Get-ItemProperty -Path "HKLM:SOFTWAREMicrosoftWindows NTCurrentVersion" -Name DisplayVersion).DisplayVersion
    $TargetReleaseVersion = if ($release -eq '2009') { $ver } Else { $release }

    # Block Windows 11 Upgrade by changing the target release version to the current version
    try {
        Set-ItemProp -Path "HKLM:SOFTWAREPoliciesMicrosoftWindowsWindowsUpdate" -Name "TargetReleaseVersion" -Value 1 -PropertyType DWord
        Set-ItemProp -Path "HKLM:SOFTWAREPoliciesMicrosoftWindowsWindowsUpdate" -Name "TargetReleaseVersionInfo" -Value "$TargetReleaseVersion" -PropertyType String
        Set-ItemProp -Path "HKLM:SOFTWAREMicrosoftWindowsUpdateUXSettings" -Name "SvOfferDeclined" -Value 1646085160366 -PropertyType QWord
    }
    catch {
        Write-Error $_
        Write-Host "Failed to block Windows 11 Upgrade."
        exit 1
    }
    exit 0
}
end {}

 

Script Highlights

1. Administrator Rights: The script includes a function to check whether it’s run with administrator privileges—critical for modifying system settings.
2. Registry Changes: The script modifies registry key settings, ensuring that machines adhere to the policy to remain on their current version.
3. Scalability: This script can be deployed across multiple machines, making it an invaluable tool for MSPs.
4. No Parameters Needed: Simplifying the user experience, the script does not require any parameters to run.

How to Use the Script

1. Save the Code: Save the script into a file with a .ps1 extension, say DisableWin11Upgrade.ps1.
2. Run as Administrator: Open PowerShell as an administrator and navigate to where your script is saved.
3. Execute: Run .DisableWin11Upgrade.ps1.

If the script runs successfully, it will modify the necessary registry entries to disable automatic Windows 11 upgrades.

Integrating the Script with NinjaOne

The integration between this PowerShell script to disable automatic Windows 11 upgrade and NinjaOne can streamline your upgrade management process further.

Steps to Integrate:

1. Upload the Script: Use NinjaOne’s script repository to upload the PowerShell script.
2. Policy Assignment: Once uploaded, the script can be assigned to various policies that control a group of systems or specific client environments.
3. Schedule Execution: With NinjaOne’s scheduler, you can set up the script to run at specific intervals or during maintenance windows.
4. Monitoring & Alerts: Configure NinjaOne to monitor the specific registry keys that the script modifies. This way, you’ll be alerted immediately if any changes occur.
5. Reporting: Use NinjaOne’s reporting tools to verify the success of the script across your managed systems.

By combining this PowerShell script with NinjaOne’s robust capabilities, you not only get a method to disable Windows 11 upgrades but also a system to manage, monitor, and report on this activity at scale. It adds another layer of efficiency and security to your IT environment.

Final Thoughts

For IT professionals and MSPs dealing with a significant number of systems, this PowerShell script offers a reliable and efficient way to disable Windows 11 upgrades across the board. It’s not just about resisting change; it’s about controlling it to better fit your organization’s needs. You’re no longer subject to the whims of automatic updates that could potentially disrupt your carefully orchestrated IT environment.

You may also be interested in How to Enable Automatic Windows 11 Upgrade with PowerShell.