Help CenterNote: DAC check requires ThreatLocker Windows Agent 10.6.3 or higher. Upgrading from Windows 10 to 11 through the ThreatLocker portal requires ThreatLocker Patch Management be enabled.
In preparation for the end of support for Windows 10 on October 14, 2025, ThreatLocker has created a DAC check that will inform you of machines with an OS that is past the End of Servicing. While Windows 10 will remain operational, technical assistance, feature updates, and security updates will no longer be provided. Microsoft urges users to update their OS to Windows 11 to ensure that their machines continue to receive proper support.
To perform this Windows 11 upgrade, you must first navigate to the 'Health Center' page of your portal using the left-hand menu.
Selecting 'Health Center' will immediately open the DAC page. From here, you can view all of the DAC check results applicable to machines in your organization. If you have a machine operating on Windows 10, it will display the 'Operating System Past End of Servicing' check.
To view the impacted machines in your organization, navigate to the 'Results' column of your DAC dashboard. This will display the computers that are impacted or not impacted by this DAC check. Selecting the 'red' portion of the 'Results' bar will open a pop-up containing a list of your impacted machines.
Note: If you do not have Patch Management in your organization, all buttons will be greyed out in this section. Hovering over the 'Upgrade Windows' button will yield the following message:
Patch Management module must be active
During the check, ThreatLocker will verify if machines in your organization that are impacted by 'Operating System Past End of Servicing' meet all of Microsoft's requirements for updating to Windows 11. Microsoft requires the following hardware and software requirements to update your machine to Windows 11. DAC will inform you if any of the following criteria are not met on your system:
- The following hardware is required:
-
Processor speed of greater than or equal to 1GHz with two logical cores and a 64-bit processor (x64)
- Please note that Microsoft provides lists of supported CPUs. While your processor may meet the criteria, it is essential to verify that it is also listed as one of the Windows 11 supported processors.
-
4 GB RAM
-
Storage device with greater than or equal to 64 GB of available space
-
Secure Boot Capable
-
TPM version 2.0
-
- The following software is required:
-
Windows 10 Version 2004 or later
-
Current build of greater than or equal to Windows 10 build 19041
-
Once DAC has evaluated each system, the 'Impacted' window will display machines with OSs that are at the end of servicing. Machines eligible for upgrading to Windows 11 will be displayed with an 'Upgrade Windows' button. If a machine is found not to meet the requirements, or if Patch Managment is not enabled, the 'Upgrade Windows' button in the 'Actions' column and the checkbox for selecting the machine will both be greyed out.
In addition to not being selectable, ThreatLocker will provide a reason why this machine cannot be upgraded to Windows 11. This reasoning is found by selecting the 'More Details' dropdown in the 'Dropdown' column.
The image above provides a note stating the following:
Secure boot unavailable. TPM Chip is either not present or not enabled.
ThreatLocker has identified that this machine cannot update to Windows 11 as it does not meet the hardware requirement that Secure Boot must be capable.
For machines that meet all Windows 11 Microsoft requirements, the 'Upgrade Windows' button and checkbox will be available.
Selecting the checkboxes to the left of the computers allows you to choose individual machines to upgrade Windows. You can also select all machines ready to be upgraded at once by choosing the checkbox at the top of this column.
Once at least one of these boxes is selected, a button labeled 'Upgrade (number of computers selected) Computer(s)' will appear.
If you only want to upgrade one computer, you can also select the 'Upgrade Windows' button that corresponds to that machine. After selecting either of these buttons, ThreatLocker will begin the installation process silently on the selected machines.