top of page
Search

(133) Windows 11 Pro Not Upgrading to Windows 11 Enterprise

  • Writer: Mr B SOE way
    Mr B SOE way
  • Jun 24, 2024
  • 2 min read

A customer reached out for help in regards to Windows 11 Pro is not automatically activating to Windows 11 Enterprise. There is a KB: KB5036980 which breaks the Windows 11 Enterprise subscription activation. Also Rudy has mentioned about it too, kudos to him!


To make nice and easy, what you can is deploy it as a Win32 App package.


# Define the registry key path and value
$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MfaRequiredInClipRenew"
$registryValueName = "Verify Multifactor Authentication in ClipRenew"
$registryValueData = 0  # DWORD value of 0
$sid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-4")  
# or SID S-1-5-4 for the interactive group

# Check if the registry key already exists
if (-not (Test-Path -Path $registryPath)) {
    # If the key doesn't exist, create it and set the DWORD value
    New-Item -Path $registryPath -Force | Out-Null
    Set-ItemProperty -Path $registryPath -Name $registryValueName -Value $registryValueData -Type DWORD
    Write-Output "Registry key created and DWORD value added."
} else {
    Write-Output "Registry key already exists. No changes made."
}

# Add read permissions for SID (S-1-5-4,interactive users) to the registry key with inheritance
$acl = Get-Acl -Path $registryPath
$ruleSID = New-Object System.Security.AccessControl.RegistryAccessRule($sid, "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.AddAccessRule($ruleSID)
Set-Acl -Path $registryPath -AclObject $acl
Write-Output "Added 'Interactive' group and SID ($sid) with read permissions (with inheritance) to the registry key."

#Start the scheduledtask
Get-ScheduledTask -TaskName 'LicenseAcquisition' | start-scheduledtask
#Start-Process "$env:SystemRoot\system32\ClipRenew.exe"
$Path = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MfaRequiredInClipRenew"
$Name = "Verify Multifactor Authentication in ClipRenew"
$Type = "DWORD"
$Value = "0"
Try {
    $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
    If ($Registry -eq $Value){
        Write-Output "Detected"
       Exit 0
    }
    Exit 1
}
Catch {
    Exit 1
}

Package the application with the Intune wrapper: https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool


Program:

Install command: powershell.exe -executionPolicy bypass -file "./Install.ps1"

Uninstall command: uninstallcmdline


Detection:

Rules format: Use a custom detection script

Run script as 32-bit process on 64-bit clients: No Enforce script signature check and run script silently: No


Deploy as required to your test group.

Then add it to your ESP as required for it take effect.


 
 
 

Comments

bottom of page