# Configuration guide: Windows OS compliance {% hint style="warning" %} The configuration options on this page are only accessible to [administrators](https://docs.nexthink.com/platform/user-guide/administration/account-management/roles#roles-administration). Refer to the [Usage guide: Windows OS compliance](https://docs.nexthink.com/platform/library-packs/operating-systems/operating-systems-stability-security-and-compliance/operating-systems-stability-security-and-compliance-usage-guide) to use library content as a standard user. {% endhint %} This library pack will help you monitor and manage various operating systems to ensure their stability, compliance, and performance. This page will guide you through the structure of the content. ## **Included content and dependencies** This library pack contains the following content and dependencies: | Type | Name | Description | Dependencies | | ------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------ | | [Live dashboards](https://docs.nexthink.com/platform/user-guide/live-dashboards) | Windows OS compliance | Helps to monitor and manage various Windows operating system versions to ensure their stability, compliance, and performance | N/A | | [Remote actions](https://docs.nexthink.com/platform/user-guide/remote-actions) | Get BitLocker information | Returns basic information on BitLocker protection status. | | | [Remote actions](https://docs.nexthink.com/platform/user-guide/remote-actions) | Test pending reboot | Checks if the device is waiting to reboot for an update. | | | [Remote actions](https://docs.nexthink.com/platform/user-guide/remote-actions) | Install Windows update | Installs a ‘.msu’ patch on Windows devices. | N/A | | [Remote actions](https://docs.nexthink.com/platform/user-guide/remote-actions) | Invoke Windows update | Restarts Windows Update and BITS services on Windows devices and forces the device to check for updates. | N/A | | [Remote actions](https://docs.nexthink.com/platform/user-guide/remote-actions) | Get Windows Feature update diagnosis | Executes Microsoft tool SetupDiag.exe, that process Windows Feature update log files and returns a list of possible failure reasons or upgrade confirmation. | N/A | | [Remote actions](https://docs.nexthink.com/platform/user-guide/remote-actions) | Enable BitLocker Encryption | Enables BitLocker encryption on the device's system drive. | N/A | | [Custom fields](https://docs.nexthink.com/platform/user-guide/administration/content-management/custom-fields-management) | OS targeted quality update version | Defines the target quality update versions of Windows operating systems. | | | [Custom fields](https://docs.nexthink.com/platform/user-guide/administration/content-management/custom-fields-management) | OS supported version | Determines which Windows operating system versions, editions, and builds are supported. | | | [Custom fields](https://docs.nexthink.com/platform/user-guide/administration/content-management/custom-fields-management) | OS targeted feature update version | Defines the target feature update versions of Windows operating systems. Typically, this custom field requires version updates every month. | | ## **Configuring Windows OS Compliance** {% hint style="info" %} Adapt these suggested configuration steps to edit and customize content according to your organizational needs. {% endhint %} To effectively use this library pack, the content must be installed and configured appropriately. Below are some suggested steps to install and configure the content properly before use. Follow these steps to install and configure content: * Before configuration - Install library pack content from [Nexthink Library](https://docs.nexthink.com/platform/user-guide/nexthink-library) * [Step 1 - Configure remote actions](#step-1-configure-remote-actions) * [Step 2 - Configure custom fields](#step-2-configure-custom-fields) ### **Step 1 - Configure remote actions** Navigate to the [manage remote action](https://docs.nexthink.com/platform/user-guide/remote-actions/managing-remote-actions) administration page to review and edit your remote actions. Nexthink recommends the following configurations for these remote actions:
NameTriggerSchedule queryParameters to edit
Get BitLocker informationScheduled, daily
1 devices
2 | where operating_system.platform == windows and operating_system.name != "*server*"
Test pending rebootScheduled, daily
1 devices
2 | where operating_system.platform == windows and operating_system.name != "*server*"
Install Windows updateManual, can be triggered on multiple devices
  • Provide URL or UNC path to the update (.msu) file
Invoke Windows updateManual, can be triggered on multiple devices
Get Windows Feature update diagnosisManual, can be triggered on multiple devices
  • Configure the absolute path to the location of SetupDiag.exe tool on the target device. For example "C:\temp\SetupDiag.exe"
Enable BitLocker EncryptionManual, can be triggered on multiple devices
  • Enable or disable the 'Enforce AD backup' setting.
  • Define the drive encryption type used by BitLocker.
  • Define the encryption method used by BitLocker: 'Aes128', 'Aes256', 'XtsAes128' or 'XtsAes256'
### **Step 2 - Configure custom fields** Navigate to the [manage custom fields ](https://docs.nexthink.com/platform/user-guide/administration/content-management/custom-fields-management)administration page to review and edit your custom fields. {% hint style="info" %} Operating system versions in the custom fields below are subject to change due to regular patches released by vendors and Apple and Microsoft support policies. Typically, these versions need to be updated in the custom fields once a month to ensure you have the most current patch versions. {% endhint %} Nexthink recommends the following configurations for these custom fields:
NameNQL IDRule nameObjectNQL query
OS targeted quality update versionos_targeted_quality_update_versionwindows_10_quality_updatedevice
1 devices
2 | where operating_system.platform == windows and operating_system.name == "*windows 10*"
3 | where (operating_system.name == "*22h2*" and operating_system.build >= v19045.4717) or (operating_system.name == "*21h2*" and operating_system.build >= v19044.4651)
windows_11_quality_updatedevice
1 devices
2 | where operating_system.platform == windows and operating_system.name == "*windows 11*"
3 | where (operating_system.name == "*22H2*" and operating_system.build >= v22621.3958) or (operating_system.name == "*23H2*" and operating_system.build >= v22631.3958)
OS targeted feature update versionos_targeted_feature_update_versionwindows_10_feature_updatedevice
1 devices
2 | where operating_system.platform == windows and operating_system.name == "*windows 10*"
3 | where (operating_system.name =="Windows 10*22H2*" or (operating_system.name =="Windows 10*21H2*" and device.operating_system.name == "*ltsc*"))
windows_11_feature_updatedevice
1 devices
2 | where operating_system.platform == windows and operating_system.name == "*windows 11*"
3 | where operating_system.name == "*23H2*"
OS supported versionos_supported_versionwindows_unsupported_versiondevice
1 devices
2 | where operating_system.platform == windows and operating_system.name != "*server*"
3 | where (operating_system.name !in ["*enterprise*", "*education*", "*ltsc*", "*ltsb*"] and operating_system.name in ["*windows 11*"] and operating_system.build < v22621.521) or (operating_system.name !in ["*enterprise*", "*education*", "*ltsc*", "*ltsb*"] and operating_system.build < v19045.0) or (operating_system.name !in ["*ltsc*", "*ltsb*"] and operating_system.name in ["*pro*", "*pro*"] and operating_system.build < v19045.2130) or (operating_system.name in ["*enterprise*", "*education*"] and operating_system.name !in [ "*ltsc*", "*ltsb*"] and operating_system.build < v19044.0) or (operating_system.name in [ "*ltsc*", "*ltsb*"] and operating_system.build < v19044.0) or operating_system.name == "*Windows 7*" or operating_system.name == "*Windows 8*" or operating_system.build < v7601.0
windows_supported_versiondevice
1 devices
2 | where operating_system.platform == windows and operating_system.name != "*server*"
3 | where (operating_system.name !in ["*ltsc*", "*ltsb*"] and operating_system.name in ["*enterprise*", "*education*"] and operating_system.name == "*windows 11*" and operating_system.build > v22000.194) or (operating_system.name !in ["*ltsc*", "*ltsb*", "*enterprise*", "*education*"] and operating_system.name == "*windows 11*" and operating_system.build > v22621.521) or (operating_system.name !in ["*ltsc*", "*ltsb*"] and operating_system.name == "*windows 10*" and operating_system.name in ["*enterprise*", "*education*"] and operating_system.build > v19044.1288) or (operating_system.name !in ["*ltsc*", "*ltsb*"] and operating_system.name in ["*pro*", "*pro*"] and operating_system.name == "windows 10*" and operating_system.build > v19045.0) or (operating_system.name in ["*ltsc*", "*ltsb*"] and operating_system.build > v19044.0)
*** RELATED TOPICS * Overview page: [Windows OS Compliance](https://docs.nexthink.com/platform/library-packs/operating-systems/operating-systems-stability-security-and-compliance) * [Usage guide template: Windows OS Compliance](https://docs.nexthink.com/platform/library-packs/operating-systems/operating-systems-stability-security-and-compliance/operating-systems-stability-security-and-compliance-usage-guide) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nexthink.com/platform/library-packs/operating-systems/operating-systems-stability-security-and-compliance/operating-systems-stability-security-and-compliance-configuration-guide.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.