Since i‘ve been doing this sort of thing for many years here are some basic rules:
- Get LTSC (W10) or IoT/Enterprise (W11) images to begin with
- Get https://www.ntlite.com/ .. you won‘t find any other tool which does a better job at removing packages, adding drivers, etc. Worth every penny with great support.
- Use GroupPolicies to configure your system. Take the time and download them for Office, Edge, Chrome, Firefox and update those that come with Windows.
- Integrate drivers not only for the base image but also in the recovery and setup image.
- Install a firewall (binisoft is fine)
- Use NextDNS
- If you don’t mind the security implications: Disable Defender, SmartScreen, BootGuard and VBS (use bcdedit)
- Disable Microcode loading (delete the DLL)
- Disable Spectre/Meltdown mitigations
- If you need Office: Use the LTSC version
Most third party tools are outdated or do stupid stuff which isn’t needed. You can silence Windows with the right GroupPolicies quite easy.
replies(4):