Creating a Custom Windows Image

Although creating custom Windows images is sometimes seen as an antiquated practice, there are still plenty of cases where it makes sense. Maybe you're out in the field with no network connection, or you just want more than a vanilla install without SCCM. Preinstall your favourite utilities, strip out bloat, or automate setup tasks so you can deploy a machine that’s ready to use within minutes. This post walks you through how I build a custom Windows 11 image that boots straight into a configured environment, runs a setup script, and is ready for cloning. I recommend keeping the base image lean, and leaving apps, updates, and installs to a management framework like MDM solutions such as Intune, SCCM, or PDQ Deploy.

Step 1: Build a Base VM

The safest way to make a master image is in a VM. I used Windows 11 Pro, but you can do the same with Home, Enterprise, or Server.

1. Create a VM in your hypervisor of choice.
2. Install Windows 11 as normal, but create a dedicated setup account (e.g., SetupUser).
3. Once on the desktop:
   • Remove unwanted apps and bloat.
   • Install any software you always want on fresh deployments (or, do this at a later stage once the device is added to your management environment).
   • Copy your C:\script.ps1 setup script into place (we’ll talk about what it can do next).
   • Configure it to auto-run once on boot.

To make it run automatically with elevated PowerShell on first boot, run:

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" `
    -Name "RunStartupScript" `
    -Value "powershell.exe -ExecutionPolicy Bypass -File C:\script.ps1"

Then set a blank password for your setup account so it logs in without prompting.

Step 2: What the Setup Script Can Do

This is where the fun starts. Your PowerShell script can automate pretty much anything you could do manually, including:

• Waiting for network connectivity before doing anything.
• Creating local admin accounts and setting their passwords.
• Renaming the computer dynamically.
• Downloading files via SFTP.
• Extracting installers and running silent setups.
• Setting up one-time autologon for multiple reboots.
• Tweaking registry settings to skip first-run annoyances.

Here’s a small example snippet you could include:

function Ensure-LocalAdmin {
    param([string] $User,[string] $PlainPassword)
    $sec = ConvertTo-SecureString $PlainPassword -AsPlainText -Force
    if (-not (Get-LocalUser -Name $User -ErrorAction SilentlyContinue)) {
        New-LocalUser -Name $User -Password $sec -PasswordNeverExpires:$true -UserMayNotChangePassword:$true
    }
    Add-LocalGroupMember -Group 'Administrators' -Member $User -ErrorAction SilentlyContinue
}

Ensure-LocalAdmin -User 'techadmin' -PlainPassword 'S3cur3P@ss!'

This function checks if a local admin account exists, creates it if it doesn’t, and ensures it’s part of the Administrators group.

In my own workflow, the script handles post-reboot tasks too; running once as SYSTEM at startup, installing agents, disabling first-run junk, and cleaning up staging folders before handing the PC over to MDM.

Step 3: Capture the Image

Once your VM is prepped and your script is in place:

1. Shut down the VM.
2. Add a new empty virtual disk (around 20GB is fine).
3. Mount the Windows 11 installer ISO and boot into it.
4. Press Shift+F10 to open Command Prompt and run:

diskpart
list disk
select disk 1   (make sure this is the empty disk)
clean
create partition primary
format fs=ntfs quick
assign letter=E
exit

5. Capture the system partition:

diskpart
list volume
select volume 1
assign letter=C
exit
dism /Capture-Image /ImageFile:E:\CustomInstall.wim /CaptureDir:C:\ /Name:"Custom Windows"

Let DISM finish, it'll create your new .wim file on the secondary disk.

Step 4: Extract the WIM

If you're on a Linux host (or WSL) you can mount the virtual disk and grab the .wim:

sudo apt install qemu-utils
sudo modprobe nbd
sudo qemu-nbd -r -c /dev/nbd1 /path/to/vm-disk.vmdk
ls -al /dev/nbd1p*
sudo mount /dev/nbd1p1 ./mountfolder

Now copy CustomInstall.wim out to your working folder.

Step 5: Build Your Deployment USB

1. Create a standard Windows 11 USB installer using Rufus or a similar utility. I'd avoid the official Media Creation Tool, as it formats the USB with FAT32, imposing a 4GB file size limit and requiring the install.wim to be split into multiple SWM segments.
2. Navigate to /sources on the USB and replace install.wim with your CustomInstall.wim.
3. In the same /sources folder, create a file called ei.cfg with:

[Channel]
OEM

This bypasses edition checks and helps ensure Windows installs your image without asking unnecessary questions.

Step 6: Deploy Anywhere

Now you have a USB that installs your Windows, preloaded with your tools, accounts, and settings, and running your setup script automatically. Pop it into any machine, install, and watch it configure itself.