Excerpt from my Windows installation doc

Windows Setup Excerpt.md

Windows Installation

Creating Partitions (gdisk)

• (Setup-dependent) Run blkdiscard or nvme format -s [1/2] -r (followed by blkdiscard) for the disk.
• EFI:
  • Size: 100MiB
  • Type: EF00 (EFI System Partition) (Type may be optional depending on modern UEFI firmware)
• MSR (Microsoft Reserved):
  • Size: 16MiB
  • Type: 0C01 (Microsoft Reserved Partition)
  • Always discard/zero the MSR after creation.
• Root/OS Partition:
  • Size: ((Disk Size * 0.9) - (EFI + MSR))
  • Type: 0700 (Microsoft Basic Data)

Installing Windows (Windows ISO)

1. Boot from the Windows installation media and press Shift + F10 to open CMD.
2. Partition Formatting:
   • Run diskpart
   • List disks: list disk
   • Select disk: select disk [number]
   • List partitions: list partition
   • EFI Partition:
     • Select partition: select partition [number]
     • Format: format quick fs=fat32 label="EFI"
     • Assign letter: assign letter=S
   • Microsoft Reserved (MSR) Partition: No action needed.
   • Root/OS Partition:
     • Select partition: select partition [number]
     • Format: format quick fs=ntfs label="Windows"
     • Assign letter: assign letter=W
   • Creating a ReFS Volume (Optional):
     • Select partition: select partition [number]
     • Format: format quick fs=ReFS label="[label]"
     • Letter is assigned automatically.
   • Exit diskpart: exit
3. Windows Image Deployment:
   • Assumptions:
     • E:\ is the installation medium
   1. Get Index Number of Available Editions:
      • dism /Get-WimInfo /WimFile:"E:\sources\install.wim"
   2. Apply Selected Windows Edition:
      • dism /Apply-Image /ImageFile:"E:\sources\install.wim" /index:[edition_index] /ApplyDir:W:\
   3. Install Bootloader:
      • W:\Windows\System32\bcdboot.exe "W:\Windows" /s S:
4. Finalize Installation:
   • Shutdown the system: wpeutil shutdown
   • Ensure networking is disconnected.
   • Start PC and press F12 repeatedly for EFI binary selector.

OOBE (Out Of Box Experience)

1. Press Shift + F10 to open CMD.
2. Start PowerShell with Scripts/PowerShell_BypassExecPol.bat
3. Import Group Policy: Scripts/OOBE/Import_Template_GPO.ps1
4. Deprovision bloat apps: Scripts/OOBE/Deprovision_Bloat_Appx.ps1
5. Run C:\Windows\System32\oobe\BypassNRO.cmd - Expect automatic restart
6. Complete OOBE Setup:
   • Use empty (no) password.

Initial Offline Setup and Configuration

• Set user password from Ctrl+Alt+Delete menu

Note:

Type: EF00 (EFI System Partition) (Type may be optional depending on modern UEFI firmware)

From my experience, modern UEFI firmware will just search any FAT32 partition for viable EFI executables. Using another type (like 0700) can avoid issues with other OS installs trying to insert themselves on the same partition.

Size: ((Disk Size * 0.9) - (EFI + MSR))

I keep 10% for SSD over-provisioning. This is the same as Samsung Magician last time I used it.

Set user password from Ctrl+Alt+Delete menu

Avoids mandatory recovery question or hints, just sets a plain password.

[EDIT] Check out the comment from WinkelCode below. Very helpfull 😄

[original] You can also leave network connected, and upon microsoft account creation/login,
confuse Windows by inputting an email address that has been used too many times. The go-to email for this method is "no@thankyou.com" which you can add on the Let's add your Microsoft account screen. Type a random password and done, profit.

to disconnect the network if you cannot do so manually (cable, hardware switch, virtually):
Shift+F10 and typing ipconfig /release

@CodeAsm

Thank you for your comment, let me address the points you made;

1. When doing the method of intentionally entering a locked account, I recommend using mail@example.com or mail@example.org as these are owned by the IANA (https://www.iana.org/help/example-domains), so you can be sure you aren't interfering with someone else's account.

2. This is nit-picking, but ipconfig /release doesn't disconnect the network, it just releases the DHCP lease. But yes, in practice, without an assigned IP address, programs effectively have no network connection. If you need to actually disconnect the network in software, you can use PowerShell:

Get-NetAdapter -Name Ethernet | Disable-NetAdapter
Get-NetAdapter -Name Ethernet | Enable-NetAdapter

Requires elevated privileges, -Name Ethernet is applicable in my case, use Get-NetAdapter to check which adapter(s) you want to turn off. This should also persist through reboots (OOBE onwards).

3. Turning off the network actually has nothing to do with the Microsoft account. It's to prevent Windows Update from installing drivers before I do my manual driver installations. Windows already installs some drivers during the OOBE. In my case, the drivers I am worried about causing issues is the chipset and GPU driver, so I make sure I have them installed before Windows gets a chance to try and install them via Windows Update. When they are installed manually, Windows Update doesn't touch them (at least from my experience).

I hope this explains it, if you have any other questions feel free to ask.

@WinkelCode
Thank you for answering, these comments are very helpful and indeed ways better then the source I got them from: https://www.howtogeek.com/836157/how-to-use-windows-11-with-a-local-account/ (I was wondering if a example.con would work too)

Ill adapt my own notes to reflect these. and maybe try it again as I made my current win11 virtual hdd too small (20GB is full like real fast) sometimes stating something wrong, spark correct answers to arise 😄 😉

Ow, how would one start PowerShell from within the installer environment? or just start one from the CLI ?

@CodeAsm

Ow, how would one start PowerShell from within the installer environment? or just start one from the CLI ?

(I just checked back on some of my GH Gists and saw your edit)

I use Shift + F10 to pull up command prompt, then start powershell.exe.

Edit: You can also do powershell.exe -ExecutionPolicy Bypass to be able to run unsigned .ps1 scripts temporarily.