Skip to content

Instantly share code, notes, and snippets.

@buswedg

buswedg/rebuilding_win11_machine_from_scratch.md

Last active April 27, 2026 20:27
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save buswedg/3d0e817e7ab01023f72952206cdd6d59 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save buswedg/3d0e817e7ab01023f72952206cdd6d59 to your computer and use it in GitHub Desktop.
Download ZIP
Rebuilding a Windows 11 Machine from Scratch
Raw
rebuilding_win11_machine_from_scratch.md

Rebuilding a Windows 11 Machine from Scratch

What?

My very opinionated view of how to build a Windows 11 machine (from completely fresh OS install), with a focus on privacy and reduced bloat.

Why?

I normally rebuild my Windows machines a couple times a year. I've learnt various things along the way and would like to have something laid out that I can consistently follow. So, I'm going to use this guide for my own reference but also share it for anyone interested.

Note

This guide is based on an install of Windows 11 Pro 25H2 (OS Build 26200.8246).

Steps

  1. Download the Windows 11 ISO image builder from UUP dump (https://uupdump.net/). When downloading the builder, I recommend you:
    • Use the 'Latest Public Release' build.
    • Include only the Windows edition you intend to install (e.g., Windows 11 Pro).
    • Select 'Download and convert to ISO' as the download method.
    • In the conversion options page:
      • Select 'Include updates'.
      • Avoid selecting 'Run component cleanup'.
  2. Build the Windows 11 ISO by extracting the builder package and running uup_download_windows.cmd.
  3. Burn the ISO to a freshly FAT32-formatted USB drive using Rufus (https://rufus.ie/en/). In the 'Customize Windows Installation' prompt, select:
    • Remove requirement for 4GB+ RAM, Secure Boot and TPM 2.0.
    • Remove requirement for an online Microsoft account.
    • Create a local account with your desired username.
  4. Boot from the USB (you may need to invoke boot options on startup or change your boot priority via BIOS/UEFI).
  5. Install Windows 11. I recommend you:
    • Set up the machine as a 'new device' (if you connect your Microsoft account).
    • Turn off all data sharing options on the privacy settings page.
    • Decline all targeted experience customizations.
    • Skip mobile phone integration.
    • Decline M365 and additional cloud storage offers.
  6. Open Windows Updates and perform any available updates. To do so:
    • Press Win + R and run ms-settings:windowsupdate.
    • Uncheck the option to 'Get the latest updates as soon as they're available'.
    • Select 'Check for updates'.
    • Install any (non-preview) updates, allowing for any necessary reboots.
  7. Rename your computer (if not prompted during install). To do so:
    • Press Win + R and run ms-settings:about.
    • Click 'Rename this PC', enter your desired name, and follow the prompts to restart.
  8. Update your full display name (if using a local account). To do so:
    • Press Win + R and run lusrmgr.msc.
    • Open the Users folder, double-click your user account.
    • Enter a new 'Full name' and apply.
  9. Update your sign-in options (if using a local account and don't intend to disable Credential Guard) including enabling PIN (Windows Hello). To do so:
    • Press Win + R and run ms-settings:signinoptions.
    • Select 'PIN (Windows Hello)' and configure.
  10. Update OneDrive settings (if using a Microsoft account). To do so:
    • Open OneDrive and its settings.
    • Turn off 'Save space and download files as you use them'.
    • In Backup > Manage backup, stop the backup of Desktop, Documents, and Pictures.
  11. Run CTTWinUtil (https://github.com/ChrisTitusTech/winutil) to apply common tweaks. To do so:
    • Open PowerShell as Administrator and run: 
      irm "https://christitus.com/win" | iex
    • On the 'Tweaks' page, apply the 'Standard' tweaks.
    • Also apply the following custom preferences on the 'Tweaks' page:
      • Bing Search in Start Menu: disabled
      • Dark Theme for Windows: enabled
      • Recommendations in Start Menu: disabled
      • Search Button in Taskbar: enabled
      • Show File Extensions: enabled
      • Show Hidden Files: enabled
      • Task View Button in Taskbar: disabled
      • Widgets Button in Taskbar: disabled
    • On the 'Updates' page, enable 'Security Settings' for Windows Updates.
  12. Remove unnecessary Windows optional features such as Legacy Media Player and Steps Recorder. To do so:
    • Open PowerShell as Administrator and run: 
      Remove-WindowsCapability -Online -Name "Media.WindowsMediaPlayer~~~~12.0.0.0"
Remove-WindowsCapability -Online -Name "App.StepsRecorder~~~~0.0.1.0"
  13. Remove unwanted Windows Store Apps. I recommend using this helper script to bulk uninstall Store Apps:
  14. Use WinGet to install preferred programs. I recommend using this helper script to install preferred packages in bulk:
  15. Download and install any remaining programs WinGet doesn't offer.
  16. Manage startup apps. Press Ctrl + Shift + Esc to open Task Manager, navigate to the Startup Apps tab, and disable unnecessary items.
  17. Add any exclusion paths you like to Windows Defender. I recommend use this helper script to exclude paths in bulk:
  18. (OPTIONAL) If you have a Gaming focused machine you may want to disable certain virtualization-based features to improve performance. To do so:
    • Disable Memory Integrity
      • Press Win + R and run windowsdefender://coreisolation.
      • Turn off Memory Integrity.
    • Disable Windows Hypervisor (Hyper-V) and Virtualization Based Security (VBS) (if desired) — If you want to go further, you can completely disable Hyper-V (including VBS). For a detailed guide, see this gist.
  19. (Optional) If you have a Development focused machine you may want to instead enable virtualization-based features (Hyper-V, WSL, etc.). To do so:
    • Open PowerShell as Administrator and run: 
      Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All -NoRestart
Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform -NoRestart
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux -NoRestart
  20. (Optional) If you have a dedicated AMD or NVIDIA GPU, go through a process to clean/ re-install the GPU drivers manually. To do so:
    • Download the latest driver for your GPU. Note that if you have an NVIDIA GPU, I recommend you use NVCleanInstall to download and build the driver package rather than using the direct package from NVIDIA.
    • Disable any network adapaters connecting you to the internet.
    • Restart your machine in safe mode.
    • Run Display Driver Uninstaller.
    • Restart the system.
    • Install the new GPU driver.
    • Enable any previously disabled network adapaters.
    • Restart the system.
  21. (Optional) Disable Hibernation to save disk space (no hiberfil.sys) and avoid potential driver initialization errors from fast startup. To do so:
    • Open PowerShell as Administrator and run: 
      powercfg /hibernate off

Troubleshooting

Windows Repair

  1. Repair active system files via Administrative PowerShell:
sfc /scannow
  1. Repair the system image source by running DISM:
DISM /Online /Cleanup-Image /RestoreHealth

Reset Windows Update

Run the following in an Administrative PowerShell to clear the cache and restart update services:

net stop wuauserv
net stop bits
Remove-Item -Path "$env:windir\SoftwareDistribution\*" -Recurse -Force
net start wuauserv
net start bits

Other

  • Flush DNS cache:
ipconfig /flushdns
  • Check disk for errors (requires restart):
chkdsk c: /f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment