How To Create a Windows 11 Golden Image with Preinstalled Software
Manually configuring Windows 11 for every new hire is a recipe for inconsistency and wasted billable hours. Between debloating the OS, toggling privacy settings, and installing the standard "must-have" software suite, a single workstation can eat up half a day.
By creating a Windows 11 Golden Image, you move from manual labor to automated precision. In this guide, we’ll walk through the process of using Audit Mode and Sysprep to build a clean, pre-configured master image that ensures every machine in your fleet is identical, secure, and ready for production on day one.
Prerequisites
Before we dive into the image creation process, ensure you have the following tools and assets ready. Using a virtual environment is critical here, as it allows us to capture a "clean" state without hardware-specific driver interference.
| Requirement | Recommendation / Source | Why it’s needed |
| Hypervisor | To build the image in a controlled, hardware-agnostic environment. | |
| Windows 11 ISO | The base operating system for your Golden Image. | |
| AnyBurn | To modify and re-package the ISO with your new image. | |
| Software Assets | Ninite / Individual Installers | The "Preinstalled" part of your Golden Image. |
Hypervisor
While VirtualBox is a great open-source tool, VMware is the industry standard for image capturing due to its superior driver handling and snapshot stability. I will be using VMware for this guide, but the logic remains the same if you choose another platform.
Windows 11 ISO
Ensure you download the latest multi-edition ISO directly from Microsoft. Using an outdated ISO will result in a massive Windows Update overhead during the build process, which we want to avoid.
AnyBurn
AnyBurn is a lightweight but powerful utility that allows us to take our captured
.WIM file and swap it back into a bootable ISO format. This is the "secret sauce" for creating a deployable disk.Software & Licensing
Gather your installers beforehand to save time.
For Freeware: Use
Ninite .exethat installs all your basics (Chrome, VLC, 7-Zip, etc.) in one go.
For Commercial Software: Ensure you have your Volume License (VL) keys or sufficient retail seats.
Preparing The VM
Centralize Your Deployment Assets
Before touching your hypervisor, create a dedicated build directory on your host machine (e.g.,
C:\GoldenImage_Build). Move your Windows 11 ISO, AnyBurn setup, and all your software installers into this folder. Keeping everything in a single, easily accessible path prevents broken directory links and makes mounting files to your VM much faster later on.
Setup VM
Open VMware (or your preferred hypervisor) and initiate the setup for a new Virtual Machine. Name the VM and save it to your preferred directory.
While you can leave most basic parameters at their defaults, you must configure the following to meet Windows 11's strict hardware requirements:
Security (Encryption & vTPM): Because Windows 11 requires a TPM chip, VMware will automatically prompt you with an Encryption Information screen during the setup wizard.
Under Choose Encryption Type, select "Only the files needed to support a TPM are encrypted." (This is faster and less resource-intensive than encrypting the entire VM).
Type a secure password or use the auto-generated one provided.
Check the box to "Remember the password on this machine in Credential Manager" so you aren't prompted for it every time you boot the VM.
- Firmware: Set the boot type to UEFI and enable Secure Boot.
CPU & RAM: Allocate at least 2 Cores and 4GB of RAM (8GB is recommended for a smoother build process).
Install Windows
After creating the VM, now it is time to install Windows 11. When you turn on the VM it will display a message saying "Press any key to boot from CD or DVD". Press "Enter" or any other key to proceed to the Windows installation setup.
Then in the next stage select your language and keyboard settings.
When prompted to "Select Setup Option", select "Install Windows 11" and toggle "I agree everything will be deleted including files, apps, and settings" and click "Next".
On the next step it will ask for the product key. As we are creating a custom OS, click on "I don't have a product key".
Note: When using the "Customized ISO" make sure that you properly activate your Windows Instance(s).
In the next step it will ask you to select image we want to install. While it doesn't matter which image you chose at this stage as Windows will enable/disable features based on the product key you use to activate Windows 11, I will use Windows 11 Pro image anyway.
In the next step read the user agreement and accept it and proceed to the next step.
After accepting the agreement, the wizard will prompt you to select the location to install Windows 11. While this is the step where we typically partition our hard disk, as this is a VM, and how we partition it doesn't affect our customized ISO, we will use the full disk. Select the drive and click "Next".
In the next window, the wizard will ask you to confirm the installation. Click "Install" and wait for the installation to finish.
TIP: If you feel like the installation is slow, you can try the following trick.
- Press Shift + F10 to open a Command Prompt.
- Type taskmgr and press Enter to open the Task Manger
- In the opened Task Manger go to Processes section and set the priority of following services to High.
- Setup.exe
- SetupHost.exe
This might increase your installation speed by a certain amount. Though it might have the opposite effect on some instance. In such cases, set the priority to Normal again.
Accessing Audit Mode
After installation it will take you the OOBE screen where you have to select your region, keyboard region, and create a new user etc. Press Ctrl + Shift + F3 at the OOBE screen.
This will immediately restart the VM and log you into the built in local Administrator account.
After login in it will display the "System Preparation Tool" window. We will use it later, close it for now.
VMware Tools
To streamline this process, our VM needs access to files—such as AnyBurn, ISO files, and other software setups—on the host machine. Our next step is to install VMware Tools, which unlocks native file sharing and clipboard support between the guest and the host.
Open the VM menu of VMware and click on "Install VMware Tools". This action will automatically mount a virtual installation DVD to your guest operating system.
Inside your virtual machine, open File Explorer and navigate to This PC. Double-click the newly mounted DVD drive to open it, and run the setup application to launch the installation wizard.
Follow the installation wizard with default selections to complete the installation of VMware Tools.
When you click finish it will ask for your permission to restart the PC. Click "Yes".
Partitioning & File Sharing
Adding an Extra HDD
Now it is time to add a separate partition, and a shared folder to continue our process. First Shutdown the VM and click on the VM menu of VMware and select Settings.
Click on the "Add" button in the Hardware section of the Virtual Machine Settings window.
Select Hard Disk from the hardware list and click Next. You can proceed through the rest of the wizard using the default values until the setup is complete.
Once you have added the new hard disk, it is time to configure a shared folder between the host and guest machines.
Enable Shared Folders
Switch over to the Options tab at the top of the Virtual Machine Settings window. From the list on the left, select Shared Folders.
On the right side of the window, under the Folder sharing settings, select the Always enabled option. Then, click the Add button at the bottom to continue. This will open a wizard. Click Next.
In the wizard that appears, click the Browse... button and navigate to the folder on your host machine that contains all your necessary files—such as setups, ISOs, and other software. Then click Next.
Then click Finish.
Formatting the Extra HDD
Once the VM is powered on, click the Windows Start button, search for Disk Management (or "Create and format hard disk partitions") and open the utility.
As soon as Disk Management opens, an Initialize Disk window will automatically pop up. Ensure your newly added disk is checked, select GPT (GUID Partition Table) as the partition style, and click OK.
Right click on the unallocated space of the new disk and select New Simple Volume.
Locate the Unallocated space on your new disk, right-click it, and select New Simple Volume from the context menu.
The wizard will now ask you to specify the volume size. Leave the default maximum value exactly as it is to use the entire disk, and click Next.
This screen will prompt you to configure the formatting settings. You can enter a Volume label of your choice (e.g., "Data"), leave the File system and Allocation unit size at their default settings, and click Next.
Finally, review your settings on the summary screen and click Finish to complete the volume creation and close the wizard.
Your new partition is now fully formatted, mounted, and ready to use. You can now use this dedicated space to store the customize image.
Install Software
Open File Explorer and click on Network in the left sidebar to access your previously shared folder.
If you do not see the shared folder and instead see a yellow banner stating, "Network discovery and file sharing are turned off," click on the message and select Turn on network discovery and file sharing. If prompted about public networks, select the first option to change the network from public to private.
Once connected, open your shared folder which is in \\vmware-host\Shared Folders\. This directory contains all the setup files and assets required for your golden image. Proceed to install all your necessary software. In this example, I will use a Ninite installer to quickly deploy multiple applications at once.
Bypass the Microsoft Account Requirement (Disable NRO)
During the standard Windows Out-of-Box Experience (OOBE), Microsoft forces users to connect to the internet and log in with a Microsoft account. Since most of us prefer using local accounts for base images, we need to disable this network requirement.
Note: If you are creating this image for mass enterprise deployments, you can skip this step, as you can bypass the requirement later using an unattend.xml answer file.
Because we are currently in Audit Mode, we can edit the registry now so the bypass is permanently baked into our golden image. Press Windows Key + R to open run window, then type regedit and press Enter to open registry editor.
Navigate to the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBEThen create a new Binary value by Right clicking on the right side of the window, expand New and select DWORD (32-bit) Value and rename it as BypassNRO.
Double-click BypassNRO to open it, set the Value data to
1, and click OK.
Now you can close the Registry Editor and move on to the next step.
Running Sysprep to Generalize the Image
Now that the software is installed and our custom settings are configured, it is time to generalize the virtual machine using Windows’ built-in Sysprep tool. This crucial step removes hardware-specific information and unique identifiers (like the SID), ensuring the image is clean and ready for deployment across multiple machines without conflicts.
Press Windows Key + R on your computer, type sysprep and press Enter.
This will automatically open the Sysprep directory in File Explorer. Double-click the sysprep application in that folder to launch the tool.
In the System Preparation Tool window select the Generalize option, and select Shutdown from Shutdown options menu. Then click OK
Capturing The Image
Turn your VM back on. As soon as the virtual machine powers up, quickly spam the Esc to interrupt the normal boot process and access the boot menu. Then select the CD/DVD as the boot drive.
When the "Press any key to boot from CD or DVD..." message appears on the screen, immediately press Enter (or any other key) to boot into your capture environment. Then select your language settings, and then keyboard layout in each window and click Next.
In the next window, select "Repair my pc" and click Next.
Select your keyboard layout again when prompted, and then select "Troubleshoot" from the "Choose an option" window.
Before starting the capture process, we first need to identify the correct drive letter for our Windows partition and the Data partition. While you might assume that the Windows partition is the
C: drive, the Windows recovery environment frequently reassigns drive letters. Use the following commands to open DiskPart and list your attached volumes:Enter DiskPart:
diskpartList Disks:
list disk
List Volumes:
list volume 
Based on the example output above, the drive letter assigned to our Windows partition is actually
D:, while our new Data partition is C:. To confirm this is correct, we will exit DiskPart, switch to the D: drive, and list its directories to ensure it contains our OS files. Run the following commands:Enter a partition (replace the letter with yours):
D:
List content in the partition:
dir
Now that we have confidently identified both the Windows and Data partitions, we can initiate the capture process. First, switch back to the X: drive (the temporary WinPE environment where the DISM tool is located), and then run the capture command.
Note: Be sure to replace the placeholder tags with your actual drive letters, and remember that this process may take some time depending on the size of your image and the speed of your disk.
Switch back to the X drive:
X:
Run the DISM capture command:
dism /capture-image /imagefile:<Data_Partition>:\install.wim /capturedir:<Windows_Partition>:\ /Name:Win11
After the process is completed, exit the command prompt and continue the normal boot process.
Customizing the Windows ISO
When you boot the VM again after the Sysprep generalization process, Windows will take you back to the initial Out-of-Box Experience (OOBE) setup screen. Press Ctrl + Shift + F3 to bypass this screen and switch back into Audit Mode, logging you in as the built-in local Administrator.Open File Explorer and click on Network in the left sidebar to access your shared folder on the vmware-host. Locate the AnyBurn setup file and run it, proceeding through the installation using the default configurations. The application should start up automatically once finished; if it does not, simply double-click the new AnyBurn icon on your desktop to open it.
Click on Edit image file, navigate to your previously shared folder on the vmware-host, and select your previously downloaded Windows 11 ISO file. Then click Next.
Click the Add button, navigate to the Data partition where you saved your custom/captured image, and select the new install.wim file you captured earlier using the DISM command.
Then click Next, and in the following window, enter a descriptive name for your new ISO (e.g., Custom_Win11_25H2_English_x64.iso) and set the destination path to your shared folder.
Click Create Now and wait for the compilation process to finish.
When the process is completed click Exit to close AnyBurn, and shutdown your VM.
Congratulations, you have successfully created your own customized Windows 11 golden image! You can now verify your work by spinning up a new virtual machine using your newly created ISO. Moving forward, this custom image can be used for rapidly deploying VMs, enterprise mass installations, or creating bootable USB drives loaded with all your pre-installed software and settings. If you found this guide helpful, please leave a comment below and share it with your colleagues!
Comments
Post a Comment