Windows 11 is introducing a change that will give users, including businesses, more control over updates during the initial setup process (OOBE). This means you’ll have a say in what gets installed when setting up a new or existing Windows installation.
This upcoming feature lets you ensure critical security patches and improvements are applied right away, streamlining the setup process. Previously, devices often booted to the desktop with outdated software, requiring separate update cycles.
Managing Updates During OOBE via Group Policies and AutoPilot
Microsoft is currently testing the ability to manage updates during the OOBE phase using Group Policies and AutoPilot. This functionality is slated for release in mid-2025. This approach provides centralized control over updates, ensuring consistent security and feature levels across all devices within an organization.
Step 1: Access the Group Policy Management Console (GPMC) on a domain controller or a machine with the Remote Server Administration Tools (RSAT) installed.
Step 2: Create a new Group Policy Object (GPO) or edit an existing one that applies to the target computers.
Step 3: Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update.
Step 4: Look for the policy setting related to “Updates during OOBE” (the exact name may vary depending on the version of the Administrative Templates).
Step 5: Enable the policy and configure the desired settings. Options might include allowing or disallowing updates during OOBE.
Step 6: Link the GPO to the Organizational Unit (OU) containing the computers that should receive the policy.
Step 7: Force a Group Policy update on the client computers by running the command gpupdate /force in an elevated command prompt.
Automatic Rollout in Mid-2025
The update process will occur automatically during the OOBE, ensuring devices are secure from the start by receiving the latest quality updates immediately after the out-of-box experience. This change will be a vital one as it guarantees all devices in your organization are secure out of the box.
The download and installation time can vary depending on update size, network conditions, and hardware. Estimated duration is around 20 minutes.
Step 1: Begin the Windows 11 OOBE as usual by booting up a new device or performing a clean installation.
Step 2: Connect to a network when prompted. Windows will detect available updates.
Step 3: The OOBE process will automatically download and install any applicable updates, if permitted by the new policy setting.
Step 4: The installation progress will be shown on screen, along with an indicator.
Step 5: After the updates are installed, the OOBE will proceed to the next steps, such as setting up your account and preferences.
As of now, no action is required. Just wait for when the policy and the Autopilot changes go live.
This enhancement will reduce update-related delays and reboots, allowing users to get started with fully updated systems.