Windows - Configuration - Set Registry Keys for Latest Windows 11 Feature Upgrades

What the Windows 11 Registry Key Configurator does

This Automox Worklet™ configures registry keys in the Windows Update policies section to make the latest Windows 11 feature upgrade available to your endpoints.

The Worklet sets four registry keys in HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: TargetReleaseVersion, TargetReleaseVersionInfo, ProductVersion, and DisableWUfBSafeguards. These keys instruct Windows Update to make the latest build of Windows 11 available for deployment.

For Windows 10 endpoints, the Worklet first validates hardware compatibility using the PC Health Check before modifying any registry settings. This prevents registry changes on endpoints that cannot upgrade to Windows 11.

Why configure Windows 11 feature upgrade registry keys

Windows 11 feature upgrades require specific registry configuration to appear in Windows Update. Without these settings, endpoints may not detect or offer the latest Windows 11 builds, leaving your infrastructure on outdated versions with potential security vulnerabilities.

Automating registry configuration maintains consistency across your endpoints. Manual registry changes are error-prone and difficult to audit at scale. The Worklet also prevents attempting upgrades on incompatible hardware by validating TPM 2.0, Secure Boot, disk space, and RAM requirements before making changes.

Using this Worklet with Automox policies streamlines your Windows 11 deployment strategy. You can enable feature upgrades across hundreds of endpoints simultaneously while verifying each endpoint meets Windows 11 requirements.

How Windows 11 registry key configuration works

1. Evaluation phase: Checks if the endpoint is already on the latest Windows 11 build specified by the winBuild parameter. If the endpoint runs Windows 10 (build 19041 or higher), executes the PC Health Check to verify TPM 2.0, Secure Boot availability, 64-bit architecture, 4GB RAM, and 64GB disk space. Validates that all four required registry keys exist with correct values in the WindowsUpdate policy path.

2. Remediation phase: Creates the WindowsUpdate registry key if it does not exist. Stores any existing registry key values for rollback purposes. Adds the four Windows 11 feature upgrade registry keys with their correct types and values: TargetReleaseVersion (DWORD), TargetReleaseVersionInfo (String), ProductVersion (String), and DisableWUfBSafeguards (DWORD). If any key fails to apply, automatically rolls back changes and reverts to original values.

Windows 11 feature upgrade configuration requirements

• Windows 10 version 2004 (build 19041) or higher, or any Windows 11 version below the latest build

• For Windows 10 endpoints upgrading to Windows 11: TPM 2.0 enabled and activated, Secure Boot UEFI available, 64-bit processor, 4GB RAM minimum, 64GB primary storage minimum

• Administrator permissions on the endpoint

• No conflicting Windows Update policies from Intune or Group Policy; Automox recommends disabling these if you enable this Worklet

• The winBuild parameter defaults to 24H2; you can customize it to target other Windows 11 releases available on Microsoft's release information page

Expected Windows 11 registry configuration state

After successful remediation, the Windows Update policies on your endpoints will contain the four required registry keys configured to make the latest Windows 11 build available. Windows Update will begin offering the Windows 11 feature upgrade within hours, allowing you to deploy it through the Automox Windows Feature Updates policy template.

Endpoints that fail the evaluation phase (such as Windows 10 endpoints without TPM 2.0) will not have their registry modified. The Worklet logs which endpoints are Windows 11-ready and which require hardware upgrades. You can then focus remediation efforts on endpoints that need hardware changes before Windows 11 deployment.

How to validate set registry keys for latest windows 11 feature upgrades changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for set registry keys for latest windows 11 feature upgrades.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Get-ItemProperty, Write-Output, Get-ItemPropertyValue.

4. Validate remediation effects from script operations such as New-Object, Get-ItemProperty, Get-Item, then rerun evaluation for compliance.