Nano11: Extreme Windows 11 Slimdown to 2.29GB for VMs

NTDEV’s latest builder shrinks a full Windows 11 ISO down to a reported 2.29 GB by surgically removing nearly everything most users expect from a modern desktop OS — from Xbox and Solitaire to Windows Update and Windows Defender — producing an extremely compact, intentionally unserviceable image aimed at VMs, testbeds, and legacy-hardware experiments.

Background / Overview​

Windows 11’s on-disk footprint and bundled services have long frustrated enthusiasts who want leaner installations for older hardware, automated labs, and rapid VM provisioning. Community projects such as tiny11 popularized the idea of a pared-down Windows 11 by using Microsoft’s own servicing tools to remove inbox apps and switch to higher-ratio compression. Nano11 is the latest, more extreme evolution of that lineage: a PowerShell-driven pipeline that aggressively prunes optional packages, strips parts of the servicing stack, and re-exports images using recovery-style compression to hit headline-grabbing ISO sizes in the low gigabytes.
NTDEV — the developer behind tiny11 — describes nano11 as “all the essentials, none of the fluff,” and explicitly warns that nano11 is experimental and not intended for daily drivers. The project documentation and demos show the tool removes core services and the Windows Component Store (WinSxS) in its most extreme profiles, making the result unserviceable via Microsoft’s standard update mechanisms.

---

What nano11 actually is​

Nano11 is not a new edition of Windows; it is a scripted, reproducible process that:

• Starts from an official Microsoft Windows 11 ISO (WIM or ESD).
• Mounts the image offline and uses DISM to remove packages, features, drivers, languages, fonts, and inbox apps.
• Optionally prunes or neutralizes parts of WinSxS and the servicing stack to eliminate update/servicing overhead.
• Re-exports the image using LZMS/LZX “recovery” compression and builds a bootable ISO with oscdimg.exe (Windows ADK).

That combination — surgical removals plus high-ratio compression — is what produces dramatically smaller ISOs and a much reduced installed footprint. The project’s included unattended answer file also automates OOBE behavior and can bypass Microsoft Account enrollment during setup.

Two operation modes: Serviceable vs Core / Nano​

• Serviceable (tiny11-like): Removes inbox apps and uses compression to shrink images while preserving servicing paths so Windows Update and adding/removing features remain possible. This mode aims to be usable as a lighter everyday install.
• Core / Nano (extreme): Removes servicing infrastructure (WinSxS pruning or neutralization), Windows Update components, Defender, many drivers and system services. The resulting image is fast and tiny but cannot be updated or easily repaired in place; it’s intended for ephemeral test VMs and very specific scenarios.

---

What gets removed — a representative list​

Nano11 variants and forks differ slightly, but community reporting and the project documentation converge on a consistent, aggressive removal list. Expect many of the following to be gone in extreme builds:

• Inbox apps: Xbox apps, Solitaire, Clipchamp, Mail & Calendar, Media Player, Feedback Hub, Photos, Maps, GetHelp, and other UWP/Win32 preinstalls.
• Microsoft cloud hooks: OneDrive integration and some Office/Outlook consumer bits.
• Browsing runtimes: Edge components and legacy IE artifacts may be removed or stripped.
• Security and servicing: Windows Update hooks, parts of the Windows Component Store (WinSxS), and Windows Defender (in some variants).
• Platform features: BitLocker support, Search, Windows Hello / biometrics, IME (input method editors), accessibility extras, and optional language packs.
• Drivers and media: Most optional drivers (some builds intentionally keep only VGA, networking, and storage), audio subsystems, and optional fonts/wallpapers.
• Telemetry, scheduled tasks, and diagnostic helpers that inflate the image.

This is not a light “debloat” — it is a surgical amputation intended to produce a minimal runtime environment.

---

How nano11 achieves a 2.29 GB ISO (the mechanics)​

Three technical levers combine to produce the dramatic size reduction:

• Offline package removal with DISM. Removing packages, language packs, drivers and runtime assemblies before export reduces the payload that must be stored in the image. When you remove WinSxS contents or neutralize servicing components, you remove a lot of duplicate and fallback binaries used for updates and feature servicing.
• Recovery-style compression (LZMS/LZX). Exporting the image with the /Compress:recovery flag uses LZMS/LZX algorithms which produce much higher compression ratios than default XPRESS modes. The result: smaller ESD/WIM outputs at the cost of higher CPU and memory during export and potentially longer install expand times. This compression step is the multiplier behind the headline numbers.
• Post-install trims. The builder can further shrink the live installed footprint by disabling hibernation, removing the pagefile, and running CompactOS or other on-disk compactions. Combined with the earlier removals, these steps produce installed systems that — in demos — occupy only a few gigabytes.

Community demonstrations have shown a stock 7.04 GB Windows 11 ISO reduced to ~2.29 GB for an aggressive nano11 build; installed footprints in demos vary by source ISO (LTSC vs consumer), languages, and which features were removed but have been reported in the low single‑gigabyte range under certain configurations. Treat numbers as configuration-dependent outcomes, not guaranteed results for every run.

---

Use cases where nano11 makes sense​

Nano11’s design choices are niche but useful in a handful of scenarios:

• Lightweight, ephemeral VMs for CI/testing. Fast spin-up and small disk requirements are attractive for automated testbeds that are routinely reimaged and don’t require updates.
• Malware analysis and sandboxing. Minimal images reduce noise from consumer features and simplify control over a test environment.
• Legacy hardware demonstrations or offline kiosks. For very specific offline tasks where no updates or cloud integration are required, a tiny image can be a workable compromise.
• Educational and research labs. Teaching Windows image servicing, DISM workflows, and compression techniques benefits from a reproducible minimal image.

For mainstream desktops, corporate endpoints, or connected devices with personal data, nano11 is not a recommended path.

---

The trade-offs: security, serviceability, compatibility​

These are not minor caveats — they are fundamental trade-offs you must accept if you choose an extreme nano11 profile:

• No automatic security updates. Removing Windows Update or parts of the servicing stack means Microsoft’s cumulative and out-of-band fixes will not be applied through normal channels. That leaves any connected machine exposed to new vulnerabilities after the image’s snapshot date. This is the single largest risk.
• Reduced/removed defenses. Some nano11 variants remove Windows Defender and other security agents. That requires installing, maintaining, and trusting alternative endpoint protection if the machine will be networked.
• Driver and hardware gaps. By pruning optional drivers, the image may lack support for Wi‑Fi chips, cameras, fingerprint readers, GPUs, or other peripherals. Getting these working often requires manually installing unsigned drivers or re-imaging with a less aggressive build.
• Loss of feature compatibility. Removing search, BitLocker, OneDrive integration, or biometric support breaks dependent workflows and applications that expect these platform services.
• Supply-chain and trust issues. Nano11 scripts repackage official Microsoft ISOs, but the removal and repack steps are executed by third‑party scripts. Best practice is to build from an official ISO you downloaded yourself and audit the script before running it. If you download prebuilt nano11 ISOs from the internet, you inherit supply-chain risk.
• Licensing unchanged. Stripping features does not change Microsoft’s licensing requirements — activation and valid licenses are still necessary. Community write-ups reiterate that these altered images are not a licensing loophole.

---

Security guidance and hardening recommendations (if you still want to experiment)​

• Build from an official Microsoft ISO you download yourself; don’t use random prebuilt ISOs from untrusted mirrors.
• Review the builder script and understand every DISM removal and registry tweak it applies before running it. Community forks vary, and authorship matters.
• Use nano11 only in segmented or air‑gapped networks, or behind tightly controlled firewalls and endpoint protection.
• Run alternative, supported antivirus/EDR if Defender is removed. Maintain a manual reimaging cadence for security patches.
• Prefer serviceable tiny11 mode for any system that must remain updated; reserve nano/core mode for short-lived VMs or labs.

---

The ecosystem: forks, attribution, and how to find the builder​

Nano11 is not a single canonical repository maintained under a single author in the same way Microsoft maintains Windows. Instead, the nano11 name describes an approach and a family of scripts — some maintained by NTDEV and others by forks such as winwastaken/nano11builder or nano11-dev projects. Differences between forks can be substantial: which builds they support, the SKU/language constraints, included post-setup tooling, and warnings about compatibility. Always check the repository README, commit history, and issue tracker to understand scope and authorship.
NTDEV’s own announcement frames nano11 as a direct descendant of tiny11 core, designed for “quick and dirty development testbeds,” and the community has already replicated and packaged variants with prebuilt downloads and “extras” toolkits. That forking culture is useful — but it’s also the reason attribution and guarantees about what’s inside any given ISO can be fuzzy.

---

Alternatives and less‑extreme options​

If the goal is a smaller, faster Windows without sacrificing updateability and a reasonable level of security, consider:

• Tiny11 (serviceable mode): Keeps servicing paths intact while removing many inbox apps. A balanced trade-off for enthusiasts who want a lighter desktop.
• Custom unattended deployments (corporate imaging): Use Microsoft’s official image servicing guidance to remove selected components while preserving updateability (suitable for managed fleets).
• Windows LTSC or IoT Enterprise (licensed): For embedded or kiosk scenarios where minimal, stable platforms are required under Microsoft’s supported channels.
• Lightweight Linux distributions: For older hardware or single-purpose machines where Windows-level compatibility is not required.

---

Practical, step‑by‑step summary for advanced users (high level)​

• Download the official Windows 11 ISO matching the SKU you intend to use.
• Obtain the nano11 or tiny11 script from a reputable repository and inspect each command.
• Install the Windows ADK if you need oscdimg.exe to create bootable ISOs.
• Run the builder with elevated permissions on a clean build host; choose the conservative, serviceable profile unless you explicitly want an unserviceable core image.
• Verify the output ISO, preferably by rebuilding an image yourself and checking file hashes; do not use unverified prebuilt ISOs for production or sensitive data.

---

Critical analysis: strengths, novelty, and the real risks​

Strengths

• Technical ingenuity. Nano11 demonstrates how far you can push Microsoft’s servicing stack and compression to produce remarkably small Windows images without inventing custom compression tools. The project uses Microsoft tooling (DISM, oscdimg) rather than opaque third‑party compressors, making builds auditable for technically competent users.
• Clear niche utility. For labs, CI, malware analysis, or legacy hardware demos, a tiny, standardized image reduces storage and speeds provisioning.
• Educational value. The scripts teach real DISM workflows and image servicing best practices for those learning Windows internals.

Risks and limitations

• Security and serviceability trade-offs are existential. Removing updates and Defender turns a built image into a static snapshot that cannot be safely exposed to the internet for long. That makes nano11 experiments attractive for curiosity but perilous for everyday use.
• Compatibility can be brittle. Missing drivers or platform services can break common scenarios; recovering a device often requires reimaging.
• Supply-chain trust. Forked repositories and prebuilt ISOs introduce potential for malicious tampering; insist on building from first principles if you plan to trust a nano build with any sensitive workloads.
• Misattribution in reporting. Community forks sometimes blur credit between NTDEV and others; treat each repo and ISO on its own merit and verify the author and readme.

In short: nano11 is a fascinating technical demonstration and a useful tooling pattern for limited contexts, but it intentionally sacrifices the very features (updates, defenders, drivers) that make a general‑purpose OS safe and maintainable.

---

Final verdict: who should (and should not) use nano11​

Use nano11 if:

• You manage ephemeral VM fleets for testing and need fast, tiny images.
• You run air-gapped labs or forensic sandboxes where updates and Defender are intentionally not required.
• You are an enthusiast or researcher wanting to learn Windows image servicing and compression techniques.

Do not use nano11 if:

• You need a connected, secure, long-term workstation.
• Your environment requires vendor support, Windows Update, or compatibility with modern apps and peripherals.
• You are uncomfortable auditing build scripts or managing manual reimaging and alternative security stacks.

---

Nano11 is a bold, technically impressive answer to a common complaint about big modern OS images: if you remove almost everything, Windows can be shockingly small. The project’s value lies in experimentation, education, and specialized tooling for lab and CI environments. But that value arrives only after accepting substantial operational and security costs — a trade-off clearly documented by the developer and reflected in independent reporting. For most users, the more measured tiny11 serviceable path or official Microsoft deployment customization provides a safer, more practical balance between footprint and long‑term maintainability.

---

Source: PC Gamer This tiny version of Windows 11 fits into just 2.29 GB and is 'extremely aggressive' in removing bloat such as Xbox, Solitaire and Defender

 

[ChatGPT]

I installed Windows 11 from a nano‑sized 2.4 GB ISO and the finished system used just 8.36 GB on disk — a result that compresses a typical Windows 11 footprint to roughly two‑thirds smaller than a regular install, accomplished with the community project Nano11 Builder and a few post‑install tweaks.

Background​

The Nano11 Builder (often shortened to nano11) is the latest, intentionally extreme member of a family of community image builders that began with projects such as Tiny11. These toolchains take an official Microsoft Windows 11 ISO, perform offline servicing to remove inbox apps, drivers, fonts, languages and even parts of the Windows servicing stack, and then re‑export the image using much stronger compression than the stock distribution. The result: bootable ISOs and installed images measured in single‑digit gigabytes.
NTDEV’s Tiny11 variants showed that meaningful footprint reductions are possible without rewriting Windows; Nano11 pushes that idea to the limit by removing far more — including the Windows Component Store (WinSxS) and some servicing components in its most aggressive profiles. The project is distributed as a PowerShell script that relies on Microsoft’s own tooling (DISM and oscdimg) to keep the workflow auditable. The author explicitly warns the builder is experimental and intended for lab/test images, not production machines.

---

What the recent install results actually show​

• The stock Windows 11 ISO used in the comparison weighed about 5.69 GB before any changes.
• The Nano11 build (the nano profile) produced an ISO in the low‑single‑gigabyte range (reported ~2.14–2.4 GB depending on the source build).
• After installing the nano ISO in a VirtualBox VM (4 cores, 8 GB RAM, 40 GB virtual disk), the live OS used 8.36 GB of virtual storage. That’s the figure reported from the hands‑on install described in the Tom’s Hardware write‑up.
• For comparison, a “Tiny” profile build from the same lineage reportedly used 10.1 GB after installation under the same conditions, showing that nano removes significantly more payloads.

Multiple outlets and the project repo corroborate that the two levers behind these numbers are aggressive offline removal and high‑ratio image compression (LZMS / LZX via DISM export and CompactOS post‑install).

---

How Nano11 works — technical overview​

Core components and workflow​

• Start from an official Microsoft Windows 11 ISO (WIM or ESD).
• Mount the install image offline and use DISM (Deployment Image Servicing and Management) to remove:
• inbox UWP/Win32 apps,
• optional drivers and services,
• language packs and IMEs,
• many nonessential system components, and — in Core/nano mode — portions of the WinSxS store and servicing hooks.
• Re‑export the image with recovery‑style compression (the /Compress:recovery / LZMS/LZX modes) to produce a much smaller install image.
• Build a bootable ISO with the ADK tool oscdimg.exe. The script also injects an autounattend.xml to automate OOBE and bypass Microsoft Account enforcement when requested.
• After the first boot, optionally run compact.exe /CompactOs:always (or selective /EXE:LZX compression) and remove large runtime files like the pagefile to reduce the live on‑disk footprint further. The CompactOS LZX option is documented in Microsoft’s command reference and is the main post‑install compression tool used by these projects.

Why compression matters​

The single biggest multiplier is compression: exporting the install image with recovery/LZX compression reduces the bytes shipped in the ISO dramatically, while CompactOS (LZX) applied to installed binaries reduces the live footprint by storing system executable files compressed on NTFS and decompressing them on demand. The trade‑off is CPU and memory usage during export and potentially higher runtime decompression overhead during file access. Microsoft documents the compact tool and its algorithms; community posts and developer notes confirm the practical benefits and resource costs of heavy compression.

---

Hands‑on realities: what to expect during build and install​

Build time and hardware needs​

• Building a Nano11 ISO is CPU and RAM intensive when using recovery compression. Reports show the builder can take tens of minutes to hours depending on host specs; a 90‑minute run on an 8th‑gen Intel Core i5 laptop is consistent with community experiences. Expect high memory use and long DISM export steps for LZMS/LZX.

Installation quirks observed​

• The install process can fail at stages of Windows Setup depending on which setup method was used and which components were removed. In one documented case, the installer repeatedly crashed at 75% until the builder’s author or the community suggested the older setup process, which successfully completed the install. That demonstrates there’s fragility in the pipeline that can reveal itself during Windows Setup on certain hardware or VM configurations.
• Some builders and users bypass TPM, Secure Boot and RAM checks with tools like Rufus or by adjusting setup behavior; this is separate from the nano builder itself but commonly used in community installs that target older hardware. Those bypasses carry security and support implications.

Out‑of‑the‑box behavior of a nano install​

• Expect a very lean desktop: no web browser, no Defender, no Windows Update, and few user‑facing apps. The Microsoft Store may be present in some builds, but core conveniences are usually absent. That makes the image functionally a minimal runtime rather than a full consumer desktop.

---

Security and servicing implications — the core risks​

The choices that make nano images tiny are precisely those that make them risky for everyday use.

• No Windows Update / Unserviceable images: In Core/nano mode the builder removes servicing infrastructure and sometimes WinSxS, which prevents standard servicing (Windows Update) and makes it impossible to add languages, drivers, or features later. This permanently limits patching and official security updates for that image. The project README and multiple news outlets emphasize this is intentional.
• Reduced attack surface vs. reduced defenses: While removing optional services and inbox apps reduces the attack surface, removing Windows Defender and update mechanisms removes built‑in defenses. For ephemeral test VMs or offline appliances this is acceptable; for any internet‑connected or production system it materially raises risk.
• Driver and feature limitations: Many device drivers are removed (only VGA/Net/Storage preserved in some profiles). Expect nonfunctional hardware and lack of driver support for things like Wi‑Fi, USB cameras, biometrics, and advanced GPU features until you manually add compatible drivers — if that’s even possible in a non‑serviceable image.
• Legal / Support considerations: These community images are built from official ISOs and use Microsoft tooling, but they are not sanctioned Microsoft distributions. Enterprises should not use them for business assets; consumer users should understand the absence of official support and future updates.

---

Use cases where Nano11 makes sense​

Nano11 is purpose‑built for a narrow set of scenarios:

• VM lab images and ephemeral testbeds: Rapid provisioning of minimal Windows 11 instances for CI, fuzzing, testing of specific apps, or research where the full Windows baggage is unnecessary.
• Appliances with a single, static role: Embedded or kiosk‑style machines that do not require updates, external network connectivity, or user customization (e.g., a locked‑down emulator box that never sees the internet).
• Legacy hardware experiments: Bringing up Windows 11 in lab environments on older hardware purely for experimentation (but remember driver limits).

It is explicitly not recommended for regular desktop or enterprise deployment, remote worker machines, or any system that must remain patched and supported.

---

A practical, high‑level checklist for trying Nano11 safely​

• Use a disposable test environment: virtual machines with snapshots, not production hardware.
• Start from an official Microsoft ISO downloaded directly from Microsoft.
• Read the Nano11 README and understand the removal list and the unserviceable warning.
• Ensure the build host has adequate RAM (16 GB or more recommended for recovery compression) and disk space — LZMS/LZX exports are memory‑ and time‑intensive.
• Be prepared to use unattended answer files or local account workarounds to bypass Microsoft Account enforcement if you want an offline/local login.
• After install, apply CompactOS if you aim to shrink the live footprint, but be aware CompactOS does not change servicing constraints and may affect runtime performance on slow storage.
• If the build or setup fails, check the project issues and community threads — many users report setup crashes that are resolved by switching to a different setup method or by altering the profile.

---

How to reduce risk if you want a slim but maintainable Windows 11​

If the goal is a smaller but serviceable Windows 11 (suitable for everyday use and updates), consider alternatives:

• Use Tiny11 or a “serviceable” profile of the builder rather than the extreme nano/Core mode. Tiny11 aims to remove inbox bloat while preserving servicing paths. That provides substantial savings without permanently disabling Windows Update.
• Perform selective removals instead of WinSxS pruning. Remove UWP inbox apps and consumer features, but keep update and servicing components intact so you can receive patches.
• Use CompactOS judiciously: it shrinks on‑disk size with controlled runtime cost and is supported by Microsoft tooling. Read Microsoft’s Compact documentation before applying it broadly.
• Keep a base restored image or a system backup to return to a supported state if required.

---

Community moderation and trust considerations​

Community image projects are valuable experiments, but caution is required:

• The Nano11 repo is open‑source and uses Microsoft tools, which makes the pipeline auditable. Still, prebuilt images distributed through third‑party sites can be modified — always verify checksums and, ideally, build from the source script yourself. The GitHub repo explicitly encourages building locally and warns users about the experimental nature of the script.
• Independent reporting from PC Gamer, Windows Central and TechRadar confirms the method and repeated warnings about unsuitability for daily use. Cross‑checking multiple independent outlets is prudent before trusting numeric claims for every configuration.

---

Verdict — where Nano11 fits in the Windows ecosystem​

Nano11 is a technical curiosity and a useful lab tool: it demonstrates the degree to which Windows 11’s default image contains optional payloads and shows how image servicing + modern compression can produce extremely small results. For Windows enthusiasts, embedded developers, and testing teams, Nano11 is a fast way to produce tiny, reproducible images — provided they accept the explicit trade‑offs.
However, the project’s core characteristics — removing Defender and update mechanisms, pruning WinSxS, and stripping drivers — make it unsuitable as a general‑purpose or production OS. The very properties that enable a 2–4 GB ISO or an 8–10 GB install also remove essential safety nets and future flexibility. The Tom’s Hardware hands‑on install that landed at an 8.36 GB live footprint highlights how extreme trimming yields impressive numbers, but it also underscores the fragility and manual maintenance that follow.

---

Final practical recommendations​

• Use nano11 only in isolated testbeds and for specific appliance use cases where offline static images are acceptable.
• For lighter everyday Windows 11 installations that remain serviceable, prefer Tiny11 or a conservative offline servicing approach that keeps update and defender infrastructure intact.
• Build from source: download the official Windows ISO and run the Nano11 Builder locally; don’t rely on downloaded prebuilt ISOs from unverifiable sources.
• Budget hardware for building: use hosts with ample RAM and CPU for DISM’s recovery compression, or accept long build times.
• Document and snapshot everything: keep images and VM snapshots so you can recover to a known good state if you later need a system with servicing intact.

The Nano11 experiment is a compelling demonstration of what’s possible when you combine Microsoft’s offline servicing tools with high‑ratio compression and an aggressive removal profile. It’s a strong reminder that Windows’ default image is a balance of features, convenience and support — and that balance can be shifted dramatically, but not without cost.

---

Source: Tom's Hardware Here's how I installed Windows 11 using a nano-sized 2.4GB ISO — final install weighed in at a mere 8.36GB, two-thirds the size of a normal Windows install, courtesy of Nano11 Builder