I had a goal: to turn a small, modern PC into a completely silent, ultra-reliable backup server. I wanted a machine that could sit in a corner and run for years, sipping power and generating virtually no heat or noise. I could do it with Linux, but for some unrelated reasons, I had to do it on Windows. But a default installation of Windows 11 is anything but quiet.

A modern Windows OS is a bustling metropolis of activity. It’s constantly talking to the cloud, checking for updates, running telemetry services, scanning files with Defender, indexing drives, and running dozens of scheduled tasks. For a desktop, this is fine. For a dedicated appliance that needs to be stable and predictable, it’s a nightmare of unwanted reboots, random CPU spikes, and unnecessary disk I/O.

My solution? I decided to tame the beast. After extensive research and testing, I’ve created min-win.ps1, a comprehensive PowerShell script designed to strip down and harden Windows 10 or 11 into the perfect, minimalist appliance OS. Today, I’m releasing it for everyone.

What is min-win.ps1?

At its core, min-win.ps1 is a powerful configuration tool that systematically disables non-essential features to create a quiet, low-heat, and stable Windows environment. It’s not just another “debloater” that blindly removes apps. It’s an intelligent, reversible hardening script focused on long-term stability for always-on systems.

You can configure exactly what you want to disable through a simple $true/$false switch system right at the top of the script.

Here’s a high-level look at what it can do:

Key Features

Disabling Telemetry & Cloud Integration

The script surgically cuts the strings to Microsoft’s data collection services. This includes:

• Telemetry: Disables the DiagTrack service and related data collection policies.
• Cloud Content: Turns off tailored experiences, Spotlight, consumer features, and third-party suggestions.
• Error Reporting: Shuts down Windows Error Reporting (WER) and the Customer Experience Improvement Program (CEIP) tasks.
• Desktop Noise: Disables Widgets, web search, Cortana, and the advertising ID.

Tame Windows Update and Defender

For an appliance, you — not the OS — must be in control of reboots and security scans.

• Windows Update: The script configures policies to prevent automatic updates and reboots. It then goes a step further by disabling the underlying services (wuauserv, UsoSvc, WaaSMedicSvc) and the dozens of scheduled tasks in the Update Orchestrator. This effectively puts a full stop to all automatic update activity.
• Microsoft Defender: On an isolated machine behind a hardware firewall, Defender’s real-time protection is often unnecessary overhead. The script can apply policies to disable real-time monitoring, behavior monitoring, and other active components. (Important: You must disable Tamper Protection in Windows Security first for this to work effectively).

Optimize for Power, Thermals, and Performance

Noise and heat are the enemies of an always-on appliance.

• Power & Thermals: A dedicated mode sets the “Power Saver” plan, caps the maximum CPU state (e.g., to 70%), disables aggressive turbo boosting, and sets the system cooling policy to passive. The result is a cool, quiet system with a dramatically lower power draw.
• Boot & Stability: Disables Fast Startup (HiberbootEnabled), ensuring a clean, full system boot every time, which prevents a wide range of quirky driver and service issues.

Intelligent Service & Task Management

The script gives you granular control over dozens of Windows services and scheduled tasks that are often unneeded on a server. You can easily disable:

• Printing and Faxing
• Windows Search / Indexer
• Bluetooth, Wi-Fi, and Offline Files
• Xbox and gaming services
• .NET optimization tasks, scheduled defrags, and more.

Safety First: The Reversible Power Tool

I designed min-win.ps1 with safety as the top priority. Toggling system services can be dangerous, and disabling the wrong kernel driver can easily lead to an “INACCESSIBLE_BOOT_DEVICE” error. Here’s how the script protects you:

1. Snapshot & Restore: Before making a single change in apply mode, the script generates a snapshot.json file. This file records the original state of every single registry key, service, and task it plans to touch. If you ever want to undo everything, you can simply run the script in restore mode with that snapshot file to revert the system to its previous state.
2. Built-in “Guard Rails”: The script contains an explicit “never disable” list of critical boot, storage, and filesystem drivers (storahci, stornvme, ntfs, etc.). It actively checks the “Type” of a service and will refuse to disable anything that identifies as a kernel or filesystem driver, preventing catastrophic boot failures.
3. Full Audit Log: Alongside the snapshot, the script creates changes.json and changes.txt, a detailed, human-readable log of every single action it took.

How to Get Started

Getting your minimal Windows appliance running is easy:

1. Download the Script: Grab min-win.ps1 from my website [Your Website/GitHub Link Here].
2. Configure: Open the script and review the $Config section at the top. Toggle features from $true to $false based on your needs. The defaults are a great starting point for a minimal server.
3. Run a Dry Run (Recommended): Open an administrative PowerShell and run the script in save mode. This won’t change anything but will create a snapshot and backup files in C:\min-win-backups\.PowerShellPowerShell.exe -ExecutionPolicy Bypass -File ".\min-win.ps1" -Mode save
4. Apply Changes: Once you’re ready, run it in apply mode. It will automatically create a new timestamped backup folder with the snapshot before applying the configuration.PowerShellPowerShell.exe -ExecutionPolicy Bypass -File ".\min-win.ps1" -Mode apply
5. Reboot and Verify: After applying, reboot your machine. You can then run the script in verify mode to get a clean PASS/WARN/FAIL report confirming that all changes have stuck.

A Critical Security Warning

This script is a powerful tool designed for a specific purpose. Disabling Windows Update and Microsoft Defender removes critical security layers from your OS. You should ONLY use this script on a dedicated appliance that is isolated and sits behind a properly configured hardware firewall. DO NOT run this on a general-purpose desktop that you use for browsing the public internet.

Get The Script

My little backup server has been running completely silently for weeks now, cool to the touch and perfectly stable. It does its job without any fuss, exactly as an appliance should.

If you have a similar project or just want to gain more control over your Windows environment, I invite you to check out the script.

Give it a try on a test machine and let me know what you think!