Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Windows 11 / Check Windows 11 Hardware Readiness with PowerShell Script

May 15, 2024 Active DirectoryPowerShellWindows 11

Check Windows 11 Hardware Readiness with PowerShell Script

In this article, we’ll look at how to use the official Microsoft HardwareReadiness.ps1 PowerShell script to perform a bulk Windows 11 hardware compatibility check on domain computers.

This script checks that the computer meets the following minimum requirements to run Windows 11:

  • Compatible x64 processor (full list of supported CPUs)
  • 4+ GB RAM
  • Minimum 64 GB hard drive size
  • Device with UEFI and Secure Boot enabled
  • Video card compatible with DirectX 12 and WDDM 2.0 drivers
  • TPM 2.0 module

To manually check that a specific machine’s hardware is compatible with Windows 11 requirements:

  1. Download the HardwareReadiness.ps1 script (https://aka.ms/HWReadinessScript).
  2. Open an elevated Windows PowerShell console (the script uses the Get-WMIObject cmdlet, which is not supported in recent versions of PowerShell Core)
  3. Enable PowerShell script execution in the current session: Set-ExecutionPolicy -Scope Process RemoteSigned
  4. Run the script:
    .\HardwareReadiness.ps1

Using Windows 11 Hardware Readiness PowerShell script

The script has returned the code 0. This means your computer meets the hardware requirements for Windows 11 (returncode:0 , resurnresult=CAPABLE).

{"returnCode":0,"returnReason":"","logging":"Storage: OSDiskSize=427GB. PASS; Memory: System_Memory=32GB. PASS; TPM: TPMVersion=2.0, 0, 1.38. PASS; Processor: {AddressWidth=64; MaxClockSpeed=3901; NumberOfLogicalCores=12; Manufacturer=AuthenticAMD; Caption=AMD64 Family 25 Model 80 Stepping 0; }. PASS; SecureBoot: Capable. PASS; ","returnResult":"CAPABLE"}

Suppose you need to perform a mass Windows 11 compatibility check on enterprise computers. In that case, you can run this PowerShell script and collect information using tools such as SCCM, Intune, or even WSUS (which can also deploy third-party software and scripts). For simple cases, you can run this PowerShell script through Group Policies and save the results in the computer object properties in Active Directory.

The original script code needs to be modified slightly.

Note that the code of this PowerShell script file is digitally signed by Microsoft. However, the signing certificate has expired in 2022.

Edit the HardwareReadiness.ps1 file and add the following code at the end, before the #SIG # Begin signature block:

$outObject = $outObject | ConvertTo-Json -Compress
$computer = $env:COMPUTERNAME
$ComputerSearcher = New-Object DirectoryServices.DirectorySearcher
# Specify your domain name
$ComputerSearcher.SearchRoot = "LDAP://DC=WOSHUB,DC=LOC"
$ComputerSearcher.Filter = "(&(objectCategory=Computer)(CN=$Computer))"
$computerObj = [ADSI]$ComputerSearcher.FindOne().Path
$computerObj.Put( "Info", $outObject )
$computerObj.SetInfo()

Save Win11 Hardware Readiness report to Active Directory

This PowerShell code writes Windows 11 compatibility information to the Info computer attribute in Active Directory.

Copy the PS1 script file to the \\woshub.loc\Netlogon folder on the domain controller.

Copy the HardwareReadiness.ps1 file to the domain controller's NETLOGON share

Open the Domain Group Policy Management console (gpmc.msc), create a new GPO, and link it to the computer’s OU.

Navigate to Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup / Shutdown) -> Startup -> tab PowerShell Scripts, and specify the UNC path to the HardwareReadiness.ps1 script

Running Windows 11 compatibility check PowerShell script via GPO

Go to Computer Configuration -> Administrative Templates -> System -> Group Policy. Enable the policy Configure Logon Script Delay and set a 1-minute script execution delay.

Also, enable the Always wait for the network at computer startup and logon option under Computer Configuration -> Admin Templates -> System -> Logon.

Read more about how to run logon PowerShell scripts via GPO.

Reboot the client’s computer. Start the ADUC console (dsa.msc) and open the computer properties. Go to the Attribute Editor tab and check that the Info parameter now contains the results of checking your computer for Windows 11 compatibility. In the Attribute Editor tab, check that the Info parameter now contains the results of your computer’s Windows 11 compatibility check.

Windows 11 compatibility check results in computer properties in AD

Once the logon script has been run on all computers, you can quickly view information about compatible and incompatible computers from Active Directory by using the Get-ADComputer cmdlet:

Get-ADComputer -Filter {enabled -eq "true"} -properties *| Where-Object {$_.info -ne $null}

Get report for Windows 11 compatibility from Active Directory

For more detailed information about incompatible computers and specific computer hardware that does not meet the Win 11 minimum requirements, run the following PowerShell script:

$Report = @()
$computers = Get-ADComputer -Filter {enabled -eq "true"} -properties *| Where-Object { $_.Info -match '"returnCode":1'}
foreach ($computer in $computers){
    $jsonString =$computer.info
    $object = $jsonString | ConvertFrom-Json
    $returnReasonValues = $object.returnReason -split ', '
    $CompInfo = [PSCustomObject]@{
          "Computer" = $computer.name
          "NonCompatibleItems" = $returnReasonValues
        }
    $Report += $CompInfo
}
$Report|fl
The ConvertFrom-Json cmdlet is used to convert data from JSON format.

Find Windows 11 incompatible computers with PowerShell

Currently, you can ignore checking for TPM, Secure Boot, and other hardware requirements during a clean install of Windows 11 by using several registry options in the LabConfig key. And with the AllowUpgradesWithUnsupportedTPMorCPU key, you can upgrade to Windows 11 even on computers with unsupported hardware.
2 comments
3
Facebook Twitter Google + Pinterest
previous post
Create a Multi-OS Bootable USB Flash Drive with Ventoy
next post
How to Copy/Paste to MS Word without Losing Formatting

Related Reading

Configure NTP Time Source for Active Directory Domain

May 6, 2025

How to Cancel Windows Update Pending Restart Loop

May 6, 2025

View Windows Update History with PowerShell (CMD)

April 30, 2025

Change BIOS from Legacy to UEFI without Reinstalling...

April 21, 2025

Remove ‘Your License isn’t Genuine’ Banner in MS...

April 21, 2025

2 comments

Upendra July 31, 2024 - 1:40 pm

Hi , thanks for sharing excellent script , I tried it and its giving expected output like TPM and processor. However its not showing if SecureBoot is not compatible.
here is the sample {“returnCode”:1,”returnReason”:”TPM, Processor, SecureBoot, ” if I capture the output in CSV file then it skips it. Please help

Reply
UD September 3, 2024 - 2:03 pm

Hi again , modified however still getting below error

{“returnCode”:1,”returnReason”:”TPM, Processor, “,”logging”:”Storage: OSDiskSize=232GB. PASS; Memory: System_Memory=8GB. PASS; TPM: TPMVersion=1.2, 2, 3. FAIL; Processor: {AddressWidth=64; MaxClockSpeed=2195; NumberOfLogicalCores=4; Manufacturer=GenuineIntel; Caption=Intel64 Family 6 Model 61 Stepping 4; }. FAIL; SecureBoot: Undetermined. UNDETERMINED; UnauthorizedAccessException Unable to set proper privileges. Access was denied.; “,”returnResult”:”NOT CAPABLE”}

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMware
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025
  • How to Write Logs to the Windows Event Viewer from PowerShell/CMD

    March 3, 2025
  • How to Hide (Block) a Specific Windows Update

    February 25, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Allow Non-admin Users RDP Access to Windows Server
  • How to Disable NTLM Authentication in Windows Domain
  • Configure Windows LAPS (Local Administrator Passwords Solution) in AD
  • Refresh AD Groups Membership without Reboot/Logoff
  • Enable Single Sign-On (SSO) Authentication on RDS Windows Server
  • How to Add, Set, Delete, or Import Registry Keys via GPO
  • How to Reset Active Directory Domain Admin Password
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top