Performing in-place upgrades on the Windows operating system is routine now. Many of us have bemoaned the 2-year support cycle for Windows 10 but upgrades became a regular event. Windows 11 presents some greater challenges given the broader context of supply chain issues affecting many industries worldwide. Windows 11 requires elements such as TPM 2.0 and 8th-generation Intel CPUs, requirements which many fleets may not meet.
The Problem
So…what’s the problem? Some organizations are going to need to place orders for substantial numbers of PCs that vendors cannot readily fill. Semiconductor shortages were a routine issue in the 2010s and the pandemic has exacerbated them further. Demand for PCs grew but shipments shrank resulting in net declines in overall PC shipments. Simply put, a bulk order of thousands of PCs placed in the next couple of years may not get fulfilled in a timely manner.
The logistical challenge is not the only consideration. Corporate budgets come together slowly and are generally rigid once set. Waiting until mid-2023 to bring this topic to your boardroom may put you on an extremely stressful budgetary timeline and invite the dreaded “Why are we just hearing about this now?!” line of questioning.
The Windows 10 operating system has support until 2025 but 3 years is not much time in an enterprise. Organizations must create awareness of the problem, build hardware refreshes into budgets, and have new hardware in place by 2025. This article only addresses one of those elements; awareness. You must know the scope of the problem in your enterprise to begin to address it.
The Solution(s)
Microsoft Script
Microsoft published a script to help organizations make assessments about Windows 11 readiness. The script itself is great and gets us 85% of the way there but we need speed and scale. What platform provides both? Tanium! Let’s get to work.
Implementing the Microsoft script into a Tanium Package requires some minor modifications. I added some basic code at line 511 to export the results of the script execution to a CSV. The CSV will be read by the Sensor we create later.
## Modifications for Tanium integration ##
$delimiterProblem = $outObject.returnReason.Split(',').Replace(' ','') # Address delimiter issue / hashtable-to-csv issue / output legibility issue
$x = 0
foreach ($item in $delimiterProblem) {
if ($x -eq 0) {
$reasonString = $item
}
if ($x -gt 0 -and $x -lt ($delimiterProblem.Count - 1)) {
$reasonString = -join ($reasonString,';',$item) # Transition to semicolons as needed rather than presumptive trailing commas
}
$x++
}
# Establish PSCustomObject for clean export to CSV
$customOutput = [PSCustomObject]@{
logging = $outObject.logging
returnCode = $outObject.returnCode
returnReason = $reasonString
returnResult = $outObject.returnResult
}
$customOutput | Export-Csv -Path C:\win11hardwareReadiness.csv -NoTypeInformation -Force
Tanium Package
The Package is relatively simple and only relies on the modified Microsoft script that includes the amendments above. I named the package Windows 11 Upgrade Readiness Assessment and the script within HardwareReadiness-custom.ps1 but you may call them whatever you like. The Package itself does not take long to run so the other defaults can be kept.
The Command for the package should be as follows:
cmd /c powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NonInteractive -NoProfile -File ".\HardwareReadiness-custom.ps1"
Tanium Sensor
The Sensor utilizes most defaults but does require some custom columns as shown below. I named the Sensor Windows 11 Upgrade Capability but you may name it whatever you like.
The Sensor will ingest the CSV data and present it to the console as the defined columns using a script. The script to be defined in and executed by the Sensor is as follows:
# Return Result, Return Reason, Return Code, Logging
$reportPath = 'C:\win11hardwareReadiness.csv'
if (!(Test-Path -Path 'C:\win11hardwareReadiness.csv')) {
Write-Output 'C:\win11hardwareReadiness.csv not found. The Windows 11 Fleet Readiness Assessment package must be invoked on this system in order for this sensor to function.'
exit
}
else {
$readinessCSV = Import-Csv -Path 'C:\win11hardwareReadiness.csv'
}
Write-Output "$($readinessCSV.returnResult) ~ $($readinessCSV.returnReason) ~ $($readinessCSV.returnCode) ~ $($readinessCSV.logging)"
Additionally, the Sensor depends upon a delimeter since we expect columnar output so be sure to select the Split into multiple columns option and configure the Use delimeter option to expect a tilde ( ~ ).
Conclusion
The Windows 11 Upgrade Readiness Assessment Tanium Package must be executed of endpoints of interest first. After that, you may run the Windows 11 Upgrade Capability Sensor to gather results.
The following Question can be used for targeting to limit the results gathering to endpoints that are known to have executed the Package already.
Get Windows 11 Upgrade Capability from all machines with ( Windows OS Type contains windows workstation and File Exists[“C:\win11hardwareReadiness.csv”] starts with File Exists )
Disclaimer: Any code made available on this site is free to use at your own discretion but it is provided without any explicit or implied guarantees of support, reliability, or functionality. I accept no responsibility in the event that the code, in its original form or any derivative versions thereafter, malfunctions or causes problems . Anything from this site that you decide to work with should be tested thoroughly in development environments in collaboration with your Technical Account Manager (TAM) until such time that you, the responsible party, decides that you are satisfied with its outcomes.