Skip to content

Instantly share code, notes, and snippets.

@buswedg

buswedg/rebuilding_win11_machine_from_scratch.md

Last active March 21, 2026 16:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save buswedg/3d0e817e7ab01023f72952206cdd6d59 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save buswedg/3d0e817e7ab01023f72952206cdd6d59 to your computer and use it in GitHub Desktop.
Download ZIP
Rebuilding a Windows 11 Machine from Scratch
Raw
rebuilding_win11_machine_from_scratch.md

Rebuilding a Windows 11 Machine from Scratch

What?

My very opinionated view of how to build a Windows 11 machine (from completely fresh OS install), with a focus on privacy and reduced bloat.

Why?

I normally rebuild my Windows machines a couple times a year. I've learnt various things along the way, and would like to have something laid out that I can consistently follow. So, I'm going to use this guide for my own reference, but also share it for anyone interested.

Note

This guide is based on an install of Windows 11 Pro 10.0.26200 Build 26200.

Steps

  1. Download a Windows 11 ISO image builder from UUP dump (https://uupdump.net/). When downloading the builder, I recommend you:
    • Use the 'Latest Public Release' build.
    • Include only the Windows edition you intend to install (e.g., Windows 11 Pro).
    • Select 'Download and convert to ISO' as the download method.
    • In the conversion options page:
      • Select 'Include updates'.
      • Avoid selecting 'Run component cleanup'.
  2. Build the Windows 11 ISO by extracting the builder package and running uup_download_windows.cmd.
  3. Burn the ISO to a freshly FAT32-formatted USB drive using Rufus (https://rufus.ie/en/). In the 'Customize Windows Installation' prompt, select:
    • Remove requirement for 4GB+ RAM, Secure Boot and TPM 2.0.
    • Remove requirement for an online Microsoft account.
    • Create a local account with your desired username.
  4. Boot from the USB (you may need to invoke boot options on startup or change your boot priority via BIOS/UEFI).
  5. Install Windows 11. I recommend you:
    • Set up the machine as a 'new device' (if you connect your Microsoft account).
    • Turn off all data sharing options on the privacy settings page.
    • Decline all targeted experience customizations.
    • Skip mobile phone integration.
    • Decline M365 and additional cloud storage offers.
  6. Open Windows Updates and perform any available updates. To do so:
    • Press Win + R and run ms-settings:windowsupdate.
    • Uncheck the option to 'Get the latest updates as soon as they're available'.
    • Select 'Check for updates'.
    • Install any (non-preview) updates, allowing for any necessary reboots.
  7. Rename your computer (if not prompted during install). To do so:
    • Press Win + R and run ms-settings:about.
    • Click 'Rename this PC', enter your desired name, and follow the prompts to restart.
  8. Update your full display name (if using a local account). To do so:
    • Press Win + R and run lusrmgr.msc.
    • Open the Users folder, double-click your user account.
    • Enter a new 'Full name' and apply.
  9. Update your sign-in options (if using a local account). To do so:
    • Press Win + R and run ms-settings:signinoptions.
    • Select 'PIN (Windows Hello)' and configure.
  10. Update OneDrive settings (if using a Microsoft account). To do so:
    • Open OneDrive and its settings.
    • Turn off 'Save space and download files as you use them'.
    • In Backup > Manage backup, stop the backup of Desktop, Documents, and Pictures.
  11. Set Powershell execution poliy to Unrestricted. To do so:
    • Open PowerShell as Administrator and run: 
      Set-ExecutionPolicy unrestricted
  12. Run CTTWinUtil (https://github.com/ChrisTitusTech/winutil) to apply common tweaks. To do so:
    • Open PowerShell as Administrator and run:
    irm "https://christitus.com/win" | iex
    • On the 'Tweaks' page, apply the 'Standard' tweaks.
    • Also apply the following custom preferences on the 'Tweaks' page:
      • Dark Theme for Windows: enabled
      • Bing Search in Start Menu: disabled
      • Recommendations in Start Menu: disabled
      • Show Hidden Files: enabled
      • Show File Extensions: enabled
      • Search Button in Taskbar: enabled
      • Task View Button in Taskbar: disabled
      • Widgets Button in Taskbar: disabled
    • On the 'Updates' page, enable 'Security Settings' for Windows Updates.
  13. Configure virtualization features depending on the machine's purpose:
    • For a Gaming Machine — you may want to disable Memory Integrity to improve performance. To do so:
      • Press Win + R and run windowsdefender://coreisolation.
      • Turn off Memory Integrity.
      • Disable Virtualization Based Security (VBS) (if desired) If you want to go further, you can completely disable the Windows Hypervisor (and in-turn, VBS) to improve performance. To do so:
        • Check current status — open PowerShell as Administrator and run: 
          systeminfo
          If active, it will show: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
        • Disable Hyper-V and Hypervisor Launch — run the following commands: 
          Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
bcdedit /set hypervisorlaunchtype off
        • Restart the system.
        • Disable UEFI Variable Lock and Device Guard / Credential Guard (if necessary) If you have UEFI Lock on, or likewise, if any VBS features (such as Device Guard (DG) or Credential Guard (CG)) are still using the hypervisor, they must also be disabled to ensure no hypervisor components remain active. To disable UEFI Lock, DG and CG, use the DG Readiness Tool: 
          .\DG_Readiness.ps1 -Disable
          On your next boot, you'll be asked to confirm whether to remove CG and VBS. Note that you'll need to provide your account password for login as Windows Hello (PIN) will be disabled for this boot.
        • Verify final status — open PowerShell as Administrator and run: 
          systeminfo
          If disabled, it will show: 
          Virtualization-based security: Status: Not enabled
Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
                           Virtualization Enabled In Firmware: Yes
                           Second Level Address Translation: Yes
                           Data Execution Prevention Available: Yes
    • For a Development Machine — you may want to instead enable virtualization-based features (Hyper-V, WSL, etc.). To do so: Open PowerShell as Administrator and run: 
      Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All -NoRestart
Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform -NoRestart
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux -NoRestart
    (Restart your machine if you applied either of these.)
  14. If you have a dedicated AMD or NVIDIA GPU, go through a process to clean/ re-install the GPU drivers manually. To do so:
    • Download the latest driver for your GPU.
    • Disable any network adapaters connecting you to the internet.
    • Restart your machine in safe mode.
    • Run Display Driver Uninstaller (https://www.guru3d.com/download/display-driver-uninstaller-download/).
    • Restart your machine.
    • Install the new GPU driver.
    • Enable any previously disabled network adapaters.
    • Restart your machine.
    • Note: If you have an NVIDIA GPU, you should use NVCleanInstall (https://nvcleanstall.net/) to download and build the driver package.
  15. Remove unnecessary programs and Windows optional features. I recommend using these PowerShell helper scripts:
  16. Use WinGet to install preferred programs. I recommend using this helper script to install preferred packages in bulk:
  17. Download and install any remaining programs WinGet doesn't offer.
  18. Manage startup apps. Press Ctrl + Shift + Esc to open Task Manager, navigate to the Startup Apps tab, and disable unnecessary items.
  19. Disable Hibernation to save disk space (no hiberfil.sys) and avoid potential driver initialization errors from fast startup. To do so:
    • Open PowerShell as Administrator and run: 
      powercfg /hibernate off

Troubleshooting

Windows Repair

  1. Repair active system files via Administrative PowerShell:
sfc /scannow
  1. Repair the system image source by running DISM:
DISM /Online /Cleanup-Image /RestoreHealth

Reset Windows Update

Run the following in an Administrative PowerShell to clear the cache and restart update services:

net stop wuauserv
net stop bits
Remove-Item -Path "$env:windir\SoftwareDistribution\*" -Recurse -Force
net start wuauserv
net start bits

Other

  • Flush DNS cache:
ipconfig /flushdns
  • Check disk for errors (requires restart):
chkdsk c: /f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment