Skip to content

Instantly share code, notes, and snippets.

@buswedg

buswedg/rebuilding_win11_machine_from_scratch.md

Last active September 21, 2025 17:48
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save buswedg/3d0e817e7ab01023f72952206cdd6d59 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save buswedg/3d0e817e7ab01023f72952206cdd6d59 to your computer and use it in GitHub Desktop.
Download ZIP
Rebuilding a Windows 11 Machine from Scratch
Raw
rebuilding_win11_machine_from_scratch.md

Rebuilding a Windows 11 Machine from Scratch

What?

My very opinionated view of how to build a Windows 11 machine (from completely fresh OS install), with a focus on privacy and reduced bloat.

Why?

I normally rebuild my Windows machines a couple times a year. I've learnt various things along the way, and would like to have something laid out that I can consistently follow. So, I'm going to use this guide for my own reference, but also share it for anyone interested.

Note

This guide is based on an install of Windows 11 Pro 10.0.22631.

Steps

  1. Download a Windows 11 ISO image builder from UUP dump (https://uupdump.net/). When downloading the builder, I recommend you:
    • Use the 'Latest Public Release' build.
    • Include only the windows edition you intend to install.
    • Select 'Download and convert to ISO' as the download method.
    • In the conversion options page:
      • Select 'Include updates'.
      • Avoid selecting 'Run component cleanup'.
  2. Build the Windows 11 ISO by extracting the builder package and running 'uup_download_windows.cmd'.
  3. Burn the ISO to a freshly FAT32 formatted USB drive using Rufus (https://rufus.ie/en/). For the 'Customize Windows Installation' menu, I recommend you:
    • Remove requirement for 4GB+ RAM, Secure Boot and TPM 2.0
    • Remove requirement for an online Microsoft account
    • Create a local account with your desired username
  4. Boot to the USB, noting that you may need invoke boot options on startup or change your boot priority via BIOS.
  5. Install Windows 11. I recommend you:
    • Setup the machine as a 'new device' (if you connect to your Microsoft account during install).
    • Turn off all data sharing options on the privacy settings page.
    • Don't use any of the experience customizations.
    • Skip the mobile phone integration setup.
    • Decline M365 and the additional cloud storage offers.
  6. After the install, open 'Windows Updates' and perform an update. To do so:
    • Uncheck the option to 'get latest updates as soon as they're available'.
    • Select 'check for updates'.
    • Install any (non-preview release) updates through multiple reboots.
  7. If you were not prompted to name your computer during the install, you can change it manually. To do so:
    • Go to Settings > System > About > Rename this PC
  8. If you did not connect to your MSFT account during the install and want to change your full display name, you can do so by:
    • Opening the run dialog: Windows key + R
    • Launching Local Users and Groups by typing 'lusrmgr.msc' in the dialog box.
    • Opening the users folder and double clicking your user account in the Local Users and Groups window.
    • Entering in a new 'full name'.
  9. If you did not connect to your MSFT account during the install and want to allow sign-in using a PIN, you can do so by:
    • Go to Settings > Accounts > Sign-in options.
    • Selecting 'PIN (Windows Hello)' and entering your account password.
  10. Otherwise, if you did connect to your MSFT account during the install and used a PIN, I recommend you enable other sign-in options. To do so:
    • Go to Settings > Accounts > Sign-in options.
    • Uncheck "For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device (recommended)".
  11. If you did not connect to your MSFT account during the install and want to continue using a local account, I recommend not using OneDrive. Otherwise, I recommend limiting which files are synced and how they are synced. To do so:
    • Open the 'OneDrive' application.
    • Go to Settings and turn off the option to 'Save space and download files as you use them'.
    • Go to Backup > Manage backup, and stop backup of Desktop, Documents and Pictures.
  12. Run CTTWinUtil (https://github.com/ChrisTitusTech/winutil) to apply common tweaks. To do so:
    • Open a Powershell Prompt (with Admin rights).
    • Run 'irm "https://christitus.com/win" | iex'
    • On the 'Tweaks' page, apply the 'Standard' tweaks.
    • Also apply the following custom preferences on the 'Tweaks' page:
      • Dark Theme for Windows: enabled
      • Bing Search in Start Menu: disabled
      • Recommendations in Start Menu: disabled
      • Show Hidden Files: enabled
      • Show File Extensions: enabled
      • Search Button in Taskbar: enabled
      • Task View Button in Taskbar: disabled
      • Widgets Button in Taskbar: disabled
    • On the 'Updates' page, enable the 'Security Settings' for Windows Updates.
  13. If its a gaming-focused machine, I recommend:
    • Ensuring 'Virtual Machine Platform' remains unchecked in Windows Features.
    • Also turning off 'Core isolation- memory integrity'.
  14. Otherwise, if its a more development-focused machine and you intend to run a virtual platform (WSL for example), I recommend:
    • Ensuring 'Hyper-V', 'Virtual Machine Platform', and 'Windows Subsystem for Linux' remain checked in Windows Features.
  15. If you have a dedicated AMD or NVIDIA GPU, go through a process to clean/ re-install the GPU drivers manually. To do so:
    • Download the latest driver for your GPU.
    • Disable any network adapaters connecting you to the internet.
    • Restart your machine in safe mode.
    • Run Display Driver Uninstaller (https://www.guru3d.com/download/display-driver-uninstaller-download/).
    • Restart your machine.
    • Install the new GPU driver.
    • Enable any previously disabled network adapaters.
    • Restart your machine.
    • Note: If you have an NVIDIA GPU, you should use NVCleanInstall (https://nvcleanstall.net/) to download and build the driver package.
    • Note: If you connected to your MSFT account during the Windows install, make sure you disable 'only allow Windows Hello sign-in' (per above), and restart your machine at least one time after doing so. Without this change, you may get locked into a safe mode boot loop that asks to reset your security PIN, which cannot be done after disabling your network adpaters.
  16. Open 'Add or Remove Programs' and remove any unnecessary programs. I recommend using this helper script: https://github.com/buswedg/windows-helpers/tree/main/windows-app-uninstaller
  17. Turn off any unnecessary Windows optional features. To do so:
    • Go to Settings > Apps > Optional features.
    • Uninstall 'Windows Media Player Legacy', 'Steps Recorder', and 'Wordpad'.
  18. Use WinGet to install your preferred programs. I recommend using this helper script to install preferred packages in bulk: https://github.com/buswedg/windows-helpers/tree/main/winget-installer
  19. Download and install any preferred programs which WinGet doesn't offer.
  20. Open 'Task Manager' and go to Startup Apps. Turn off any apps which you don't want to run on boot.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment