Upgrading Windows 10 Devices to Windows 11 Using PowerShell

Upgrading devices to Windows 11 is becoming increasingly important for IT teams, whether you’re managing a small business environment, an enterprise fleet, or customer systems. However, this isn’t a typical feature update, Windows 11 introduces strict hardware requirements such as TPM 2.0, Secure Boot, and UEFI-only boot modes. Even capable machines can fail due to BIOS configuration, encryption layers, group policies, or third-party security controls.

Because of these variables, there is no guaranteed “one-click” upgrade path, and not every Windows 10 machine will be eligible. Before proceeding with any upgrade process, make sure that reliable backups or system restore images are in place. Rollouts should be staged and controlled, start with small test groups, observe the outcomes, and expand only when stable results are confirmed.

Hardware Requirements: Secure Boot and TPM 2.0 Are Mandatory

Windows 11 enforces two core hardware requirements:

• TPM 2.0 (Trusted Platform Module) must be present and active.
• Secure Boot must be supported and enabled in UEFI mode.

Systems still running in Legacy BIOS or CSM mode will not qualify. Even modern devices can have TPM or Secure Boot disabled in firmware, so verifying these settings early prevents wasted upgrade attempts. Older hardware that cannot meet these standards should remain on Windows 10 or be scheduled for replacement.

Use Microsoft’s PC Health Check Tool Before Attempting Any Upgrade

Before deploying any scripted installation, it’s best practice to confirm eligibility using Microsoft’s official PC Health Check tool. This small utility is designed to assess whether a device meets the minimum requirements for Windows 11, including CPU model, RAM, storage, Secure Boot status, and TPM state.

Even if you already use inventory or reporting tools, PC Health Check aligns directly with Microsoft’s enforcement logic, making it a trusted reference for upgrade planning.

Once devices are confirmed as eligible, you can proceed confidently with automation.

PowerShell Upgrade Path – A Controlled Alternative to Patch-Based Upgrades

Many patching or deployment tools can surface Windows 11 as an optional update and where that works reliably, it’s a perfectly valid path. However, for those who prefer greater control over timing, logging, or user interaction, a scripted PowerShell-based upgrade is an effective alternative.

Below is an example script that downloads Microsoft’s Windows 11 Installation Assistant and initiates a silent upgrade.  Please note that AI was used to generate this script, and we have tested it on a few systems successfully. However, as things change quickly in the Windows update and Microsoft world, it is obviously recommended to test it manually on some devices before using it in an automated manner.

$LogDir = "$env:ProgramData\_Windows_Upgrade\logs"

$DownloadDir = "$env:ProgramData\_Windows_Upgrade"

$File = "$DownloadDir\Windows11InstallationAssistant.exe"

$Url = "https://go.microsoft.com/fwlink/?linkid=2171764"




# Create download directory if it doesn't exist

if (-not (Test-Path $DownloadDir)) {

    New-Item -ItemType Directory -Path $DownloadDir -Force | Out-Null

}




# Download the Windows 11 Installation Assistant

Write-Host "Downloading Windows 11 Installation Assistant..."

Invoke-WebRequest -Uri $Url -OutFile $File

Write-Host "Download complete."




# Run the installer silently

Write-Host "Starting silent upgrade..."

Start-Process $File -ArgumentList "/quiet /auto upgrade /eula accept /showoobe none /compat ignorewarning" -Wait

Write-Host "Upgrade process initiated."

This can be executed locally, through logon scripts, or via centralised tools such as Group Policy, SCCM, Intune, RMM platforms, or custom automation frameworks.

Roll Out in Controlled Batches – Never All at Once

Regardless of the method used, upgrade attempts should be phased. Start with a handful of devices, confirm stability, monitor user feedback, and then continue in structured waves. Avoid mass rollouts unless you have verifiable recovery and support coverage in place.

With the right preparation, a Windows 11 upgrade can be a smooth and predictable process. Taking time to verify hardware eligibility, run the PC Health Check tool, ensure Secure Boot and TPM 2.0 are enabled, and confirm reliable backups will greatly reduce surprises during deployment. Whether you choose a scripted method using PowerShell or a traditional update mechanism, approaching the rollout in controlled stages with clear validation steps is the key to a successful transition.

Paul Kelly is the Head Nerd for N‑central at N‑able. You can follow him on LinkedIn and Reddit at u/Paul _Kelly. Alternatively you can email me direct.