How to Use PowerShell to Check Windows 11 Upgrade Readiness at Scale

Checking whether a PC is prepared for a Windows 11 upgrade has become an urgent task for many IT teams and organizations. With Windows 10 extended support end dates looming and Windows 11 representing Microsoft’s vision for modern computing security, performance, and manageability, the pressure is on to ensure device fleets are compatible—and to do so efficiently. For sysadmins and technical leads seeking automation, PowerShell still stands out as one of the most robust tools for sweeping upgrade readiness at enterprise scale.

Why PowerShell for Windows 11 Readiness?​

PowerShell’s strength in system automation and inventory makes it perfect for audit jobs like this: checking compliance against new OS requirements, pulling detailed hardware data from individual or remote machines, and wrapping the checks inside a repeatable process. A PowerShell approach allows organizations to quickly answer vital questions—are our endpoints ready for the Windows 11 jump? Where are the show-stoppers?—without investing heavily in centralized cloud management if it’s not already a fit for their environment.
Let’s walk through a full, hands-on process for determining upgrade readiness for Windows 11, including validating claims about each individual requirement, and examine the strengths and risks of relying on a do-it-yourself PowerShell path.

---

The Key Windows 11 System Requirements​

Microsoft’s minimum hardware requirements for Windows 11, as of recent official documentation, are clear but strict:

• A compatible 64-bit CPU (Intel, AMD, or Qualcomm) on the supported processor list.
• TPM (Trusted Platform Module) version 2.0.
• UEFI firmware with Secure Boot.
• 4 GB RAM minimum (more recommended for smooth operation).
• 64 GB or greater available storage.
• DirectX 12-compatible graphics with a WDDM 2.0 driver.
• Internet connectivity for setup/GUIDED-setup.
• A high-definition (720p) display, >9” diagonal (less commonly checked via script).

For IT pros, most concern centers on TPM 2.0, Secure Boot, CPU model, partition style, and available RAM/storage—the essential hardware gating the upgrade path.

Confirming Each Requirement with PowerShell​

Let’s critically analyze how each requirement is checked using PowerShell, referencing publicly available methods and reflecting on reliability based on official Microsoft sources and community validation.

1. Checking for TPM 2.0​

The following PowerShell snippet uses Windows Management Instrumentation (WMI) to retrieve the TPM spec version:
Get-CimInstance -Namespace "Root/CIMV2/Security/MicrosoftTpm" -ClassName Win32_Tpm
This command is industry-standard. The key field is SpecVersion; if it reports 2.0 (or greater, though currently 2.0 is the max), the device passes this requirement. Beware: if no hardware TPM is installed or firmware TPM emulation is disabled, this check will return no data. Systems with TPM 1.2 may show partial compatibility with some features, but Microsoft is clear—TPM 2.0 is required for Windows 11 except on certain exemption lists, which are rare and mostly enterprise-specific.

Parsing the Version​

A more robust script extracts just the SpecVersion, and uses version comparison:

$TPMSpec = (Get-CimInstance -Namespace "Root/CIMV2/Security/MicrosoftTpm" -ClassName Win32_Tpm).SpecVersion -split ',' | select -first 1
if ([string]::IsNullOrEmpty($TPMSpec)) {
    Write-Output "TPM is not installed in computer"
} else {
    $Version = [version]$TPMSpec
    If ($Version -ge '1.2'){ "TPM is Win11 compliant" } else { "TPM is installed but not Win11 compliant" }
}

Caution: The minimum for Windows 11 in almost every documentation instance is TPM 2.0, not 1.2, but very rare exemption scenarios for certain device classes may appear in custom enterprise images; always double-check against Microsoft’s hardware compatibility documentation for edge cases.

2. Verifying Secure Boot Support​

Secure Boot’s presence and activation are critical. They are tied to UEFI firmware, with Secure Boot’s status being accessible via:
Confirm-SecureBootUEFI
This outputs True if Secure Boot is enabled and supported, False if not, and errors if run on a system with legacy BIOS rather than UEFI. It’s a highly reliable indicator as it leverages the core UEFI runtime service.

3. Ensuring UEFI Partition (GPT style)​

Windows 11 cannot boot from legacy MBR partitions; disks must use GPT. The following provides partition type:
(Get-Disk 0).partitionStyle
The output is either GPT or MBR. Windows 11 setup will block installation on MBR drives. Note: Always check that Disk 0 is the OS-boot disk; advanced setups with multiple disks may require adjusting the script to detect the windows boot volume.

4. RAM and Storage: Quick Checks​

RAM and available disk space checks are typically fast and accurate:

# RAM in GB
[math]::Round((Get-CimInstance Win32_ComputerSystem).TotalPhysicalMemory / 1GB)

# Free disk space on C: in GB
[math]::Round((Get-PSDrive C).Free / 1GB)

Microsoft’s minimum is 4GB RAM and 64GB free space, though for real-world usability, double those targets is often recommended. Scripting will show usable amounts, which may be slightly below physically installed RAM due to device reservations.

5. CPU Compatibility​

The CPU check is not just a matter of instruction set but precise model matching against Microsoft’s published supported processor lists. Retrieve the installed CPU name with:
(Get-CimInstance -ClassName Win32_Processor).Name
It is up to the admin to map this string against the official supported CPU list (published and regularly updated by Microsoft for Intel, AMD, and Qualcomm). No PowerShell script (unless regularly updated with these lists) can guarantee “green” or “red” unless this step is manually audited or a script installs/updates the supported CPU tables, so automation risk for false positives or negatives here is non-trivial.

6. DirectX 12 Support​

DirectX 12 support is required, primarily for consistency of graphics and performance across Windows 11 devices. WMI cannot directly check this; instead, PowerShell must invoke DirectX Diagnostic Tool (dxdiag):

$dxdiagOutput = "$env:TEMP\dxdiag_output.txt"
Start-Process -FilePath "dxdiag.exe" -ArgumentList "/t $dxdiagOutput" -Wait
$dxLine = Select-String -Path $dxdiagOutput -Pattern "DirectX Version"
if ($dxLine) {
    $rawLine = $dxLine.Line.Trim()
    $version = $rawLine -replace "DirectX Version:\s*", ""
    if ($version -match "12") {
        "DirectX 12 or higher is supported"
    } else {
        "DirectX 12 not detected"
    }
} else {
    "Could not detect DirectX version from dxdiag output"
}

While reliable on modern systems, parsing text files for this purpose is clunky but effective, since there’s no native WMI interface for graphics or DirectX version. False negatives are rare if dxdiag completes; failures usually mean the graphics subsystem is not initialization at all (a showstopper).

---

Bringing It All Together: The Unified Script​

Manually running checks on hundreds of machines is not scalable. Integrating all the above queries into a PowerShell script provides a scalable solution for both manual and automation-friendly audits.
A typical unified script, as exemplified by community experts, collects each data point, gracefully handles errors, and outputs the results in an object or table format for easy reporting and filtering. For example:

# Get-Windows11ReadinessReport.ps1

$TPMResult = try {
    $TPMSpec = (Get-CimInstance -Namespace "Root/CIMV2/Security/MicrosoftTpm" -ClassName Win32_Tpm).SpecVersion -split ',' | Select-Object -First 1
    if ([string]::IsNullOrEmpty($TPMSpec)) {
        "TPM is not installed in computer"
    } else {
        $Version = [version]$TPMSpec
        if ($Version -ge '1.2') { "TPM is Win11 compliant" } else { "TPM is installed but not Win11 compliant" }
    }
} catch {"TPM check failed: $_"}

$SecureBoot = try {Confirm-SecureBootUEFI} catch {"Secure Boot check failed or not supported"}

$PartitionStyle = try {(Get-Disk 0).PartitionStyle} catch {"Partition style check failed: $_"}

$MemoryGB = try {[math]::Round((Get-CimInstance Win32_ComputerSystem).TotalPhysicalMemory / 1GB)} catch {"Memory check failed: $_"}

$DiskFreeGB = try {[math]::Round((Get-PSDrive C).Free / 1GB)} catch {"Disk space check failed: $_"}

$CPUName = try {(Get-CimInstance -ClassName Win32_Processor).Name} catch {"CPU check failed: $_"}

$DirectXResult = try {
    $dxdiagOutput = "$env:TEMP\dxdiag_output.txt"
    Start-Process -FilePath "dxdiag.exe" -ArgumentList "/t $dxdiagOutput" -Wait
    $dxLine = Select-String -Path $dxdiagOutput -Pattern "DirectX Version"
    if ($dxLine) {
        $rawLine = $dxLine.Line.Trim()
        $version = $rawLine -replace "DirectX Version:\s*", ""
        if ($version -match "12") { "DirectX 12 or higher is supported" } else { "DirectX 12 not detected" }
    } else {
        "Could not detect DirectX version from dxdiag output"
    }
} catch {"DirectX check failed: $_"}

$Report = [PSCustomObject]@{
    TPM           = $TPMResult
    SecureBoot    = $SecureBoot
    PartitionType = $PartitionStyle
    MemoryGB      = $MemoryGB
    FreeDiskGB    = $DiskFreeGB
    CPU           = $CPUName
    DirectX       = $DirectXResult
}

$Report

This object-oriented approach makes results easy to consume, filter, or export—such as piping the output to CSV or importing into Excel for further analysis.

Running at Scale: Remote Execution​

PowerShell Remoting allows the script to run against multiple systems using Invoke-Command, provided credentials and network access allow it. Example:
Invoke-Command -ComputerName Server1, Server2, Server3 -FilePath .\Get-Windows11ReadinessReport.ps1
Results can be aggregated or exported using modules such as ImportExcel for Excel integration, giving enterprises a near turn-key inventory for upgrade planning.

---

Strengths and Limitations of PowerShell-Based Readiness Checks​

Strengths​

• Transparency: Every decision rule is visible—unlike black-box readiness tools. You know exactly how each requirement is checked.
• Customization: Tight control—extend the script to suit your custom standard, e.g. to check for extra RAM, or device-specific policies.
• No Licensing Dependencies: Organizations not using Microsoft Endpoint Manager or Intune can still gather readiness data, sidestepping extra licensing costs.
• Automation & Scale: Script can be pushed or run remotely, and easily tweaked for mass environments.
• Integration-Ready: Output can be piped into CSV, Excel, or other ITSM/reporting pipelines for further processing.

Weaknesses & Risks​

• CPU Model Matching: The script cannot, by default, guarantee the CPU is on Microsoft’s approved list unless that list is embedded and maintained in the script, or compared externally. This is a frequent stumbling block and source of false negatives/positives.
• GUI Elements Not Covered: No script checks for display size/resolution—a rare but occasionally relevant requirement for specialty machines.
• Firmware Oddities: On some systems (particularly legacy or custom enterprise hardware), TPM/UEFI/Secure Boot may not be surveyed correctly due to BIOS/firmware anomalies or locked settings.
• Permissions: Scripts must be run as administrator to query TPM or Secure Boot, and PowerShell execution policies may require adjustment.
• Limited by Local Data: Systems not currently powered on, or off the network, cannot be tested remotely unless using other tools.
• Parsing Fragility: For items like DirectX (requiring dxdiag output parsing), future Windows updates changing string output can break detection.

PowerShell vs. Microsoft’s Official Tools​

For environments tightly integrated with Azure AD and Microsoft 365, there are higher-level solutions:

• PC Health Check Tool: Fast for consumers, but not scriptable, and doesn’t scale or report results for fleets of PCs.
• Microsoft Endpoint Manager/Endpoint Analytics/Update Compliance: Ideal for large orgs using centralized Modern Management. Provides automatic scoring, reporting, and compliance summaries—but requires MDM onboarding, sometimes additional licensing, and cloud exposure.
• Windows Assessment and Deployment Kit (ADK): Offers “Get-WindowsUpgradeEligibility” for deeper testing but is bulkier and less agile than PowerShell for quick-hit admin tasks.

For orgs not using cloud device management, PowerShell remains best for rapid baseline checking and reporting.

---

Real-World Applications and Pro Tips​

• Network Automation: By combining PowerShell Remoting with Active Directory queries, enterprises can scan hundreds of computers in minutes, surfacing outliers for targeted remediation.
• Scheduled Compliance Checks: The script can be incorporated into scheduled tasks for ongoing compliance audits, with results automatically emailed or logged to central sources.
• Bulk Reporting: Use output objects to create dashboard-style Excel or PowerBI reports identifying areas needing hardware upgrades before deployment planning.
• Migration Planning: Results can inform both tactical (e.g., upgrade RAM, replace drives) and strategic (budget for replacing legacy CPUs) migration decisions.

---

Critical Analysis​

Using PowerShell for Windows 11 upgrade readiness provides clarity, rapid deployment, and flexibility. Its biggest asset is transparency—admins see all logic, modifiable for future rule changes or new requirements from Microsoft. This agility is a key strength over consumer tools or slow-to-update GUIs.
However, one must not overstate reliability in certain gray areas—especially around CPU compatibility and unique hardware scenarios. The absence of automated CPU/as-of-date-list cross-checking within PowerShell scripts can lead to overlooked ineligible devices or unnecessary upgrade blockages. IT departments need to couple scripting with ongoing review of Microsoft’s changing support lists and system firmware/driver updates.
In addition, PowerShell-based methods do not cover every organizational concern (e.g., driver packages, particular software compatibility, or environmental dependencies). Any readiness assessment should be paired with direct upgrade testing (ideally in labs or with pilot users) and validation against the latest published requirements on Microsoft’s own official documentation page.

---

Conclusion​

PowerShell scripting unlocks the ability to scan, analyze, and report Windows 11 upgrade readiness at scale, without the financial or technical lock-in of proprietary tools or cloud-based management if not yet adopted. For sysadmins and technical leads, understanding how to script and interpret readiness tests—and the downstream decisions that flow from them—remains a crucial skill in managing the transition from Windows 10 to Windows 11.
No single method is foolproof. A combination of PowerShell-driven data gathering, regular cross-referencing to Microsoft's evolving hardware standards, and pilot deployments will yield the most reliable path to successful and supported Windows 11 upgrades.
For those with limited tooling or mandates for on-premise independence, PowerShell isn’t just an option; it’s the gold standard for actionable insight and progress tracking. Just remember: like every admin tool, it’s only as accurate as both the script’s logic and the vigilance you apply in confirming and updating your baseline data.

---

Frequently Asked Questions​

How can I check Windows 11 readiness?

• Use Microsoft’s PC Health Check Tool for single devices, or community/PowerShell scripts for scalable checks of TPM, Secure Boot, CPU, RAM, and disk space.
• For enterprise: PowerShell scripts plus cross-checks against official CPU support lists ensure the most accurate view.

How do I manually upgrade from Windows 11 22H2 to 24H2?

• Download the ISO from Microsoft. Mount with Mount-DiskImage, then run setup.exe with appropriate arguments from an elevated prompt, followed by a restart.

How can I repair Windows 11 using PowerShell?

• Use DISM /Online /Cleanup-Image /RestoreHealth, then sfc /scannow from an elevated PowerShell. These tools repair or replace corrupt system files.

---

By using, customizing, and understanding these PowerShell-based strategies, sysadmins gain both the power and the responsibility to steer their organizations safely into the Windows 11 era, equipped with actionable, transparent, and verifiable upgrade data.

---

Source: Petri IT Knowledgebase Check Windows 11 Upgrade Readiness Using PowerShell