Win11 Ready Workstation Upgrade

adminAdmin, Windows

Windows 11 Upgrade Procedure
For Workstations Already Windows 11 Ready

This procedure is for domain-joined workstations that already meet Windows 11 requirements (supported CPU, TPM 2.0, Secure Boot capable). It assumes no CPU replacement is needed.

1. Pre-Upgrade Preparation

A. Verify Windows 11 Readiness

  1. Check TPM statusIn PowerShell, run: 
    Get-TPM

    Confirm:

    • TPMPresent: True
    • TPMReady: True
  2. Check Secure Boot capabilityIn PowerShell, run: 
    Confirm-SecureBootUEFI

    If this returns True, Secure Boot is already enabled. If False, you can enable Secure Boot later after validating system stability.

  3. Confirm supported CPU & BIOS
    • Verify the CPU is on Microsoft’s Windows 11 supported list (e.g., Ryzen 5000-series).
    • Ensure the BIOS/UEFI firmware is updated to a stable, supported version.

B. Backup and Safety Steps

  1. Data protection
    • Confirm critical user data is backed up (OneDrive, File History, or other backup).
    • Optionally export a list of installed applications:
    wmic product get name,version > C:\\InstalledApps.txt
  2. Remove potential blockers
    • Uninstall legacy or conflicting antivirus/security tools if present.
    • Disconnect unnecessary USB storage devices.
    • Verify at least 30 GB of free disk space on the system drive.

2. Perform the Windows 11 Upgrade

A. Recommended: Windows 11 Installation Assistant

  1. Download the Windows 11 Installation Assistant from Microsoft’s software download page.
  2. Run the assistant as Administrator.
  3. Follow the prompts to upgrade to Windows 11. The system will reboot multiple times.

B. Alternative: In-Place Upgrade via ISO

    1. Download the official Windows 11 ISO.
    2. Mount the ISO and run:
setup.exe /dynamicupdate enable
  1. Select Keep personal files and apps and ensure you are upgrading to the correct edition (e.g., Windows 11 Pro).

Note: When upgrading an existing, properly joined domain workstation, you do not need to rejoin the domain. The machine account and trust relationship are preserved.

3. Post-Upgrade Validation

A. System & Driver Checks

  1. Confirm OS version and activation
    • Go to Settings > System > About and verify Windows 11 is installed.
    • Confirm Windows is activated.
  2. Verify Device Manager
    • Open Device Manager and confirm there are no unknown devices or warning icons.
    • Ensure chipset, storage, and display drivers are correctly installed.
  3. Run Windows Update
    • Install all important and recommended updates.
    • Apply any firmware or driver updates offered that are appropriate for your hardware.

B. Domain & Group Policy Validation

  1. Refresh Group PolicyIn PowerShell or Command Prompt, run: 
    gpupdate /force
  2. Verify domain connectivityConfirm the workstation can locate a domain controller: 
    nltest /dsgetdc:yourdomain.local
  3. Check login and mapped resources
    • Verify normal domain login behavior.
    • Confirm mapped drives, printers, and login scripts work as expected.

C. Security & Windows 11 Features

  1. Confirm TPM & Secure Boot under Windows 11
    • Re-run Get-TPM in PowerShell to confirm TPM is still present and ready.
    • If desired, enable Secure Boot in BIOS/UEFI once stability is confirmed.
  2. Verify endpoint protection
    • Confirm your primary security/AV agent (e.g., ESET) is installed, up to date, and reporting healthy.

4. Application & User Experience Validation

  1. Application compatibility
    • Test core applications (Office, browsers, line-of-business apps, VPN client, RDP tools, etc.).
    • Update or reinstall any applications that exhibit compatibility issues.
  2. User workflow validation
    • Confirm the user’s typical tasks work properly (email, file access, printing, line-of-business apps).
    • Check that desktop layout, taskbar, and Start menu behavior are acceptable.
  3. Short stability observation period
    • Allow at least one full workday of normal use to confirm there are no crashes, freezes, or recurring issues.

5. Finalization

  • Document the upgrade (hostname, date, operator, any issues/resolutions).
  • Mark the workstation as Windows 11-complete in your asset/CMDB system.
  • Schedule periodic checks for driver and firmware updates as part of normal maintenance.