A guide to golden images: What they are & what to include

joanne profile
Joanne Yip|August 10, 2023
Graphic of a computer monitor overlaid with horizontal series of five circles each with a check mark spread across, with the center one enlarged for emphasis.
Graphic of a computer monitor overlaid with horizontal series of five circles each with a check mark spread across, with the center one enlarged for emphasis.

Used in computer imaging, a golden image contains the contents of a reference computer’s hard disk drive or virtual disk. Sometimes referred to as a master image or base image, a golden image includes the operating system, settings, and software that user devices need to function in a corporate environment. (And no, we don’t mean Candy Crush or Klondike.) 

Applying a golden image to multiple user devices can save you a ton of time while allowing you to keep your endpoint environment clean and consistent. We’ll take you through what golden images typically include, why they’re useful, and important best practices to keep in mind.  

What to include in a golden image 

Golden images are usually deployed to new devices or when reimaging existing machines. The components to include in a golden image should include:   

  • An operating system (usually Windows) — patched and updated 

  • Line-of-business software like Microsoft Office  

That said, a golden image can contain more or less than this list, depending on whether it’s a thick disk image, a thin disk image, or a hybrid disk image. So many choices, so little time! 

Thick images vs. thin images 

Thick images include not only standard software and settings but also the unique apps, hardware drivers, and customizations needed for specific users or device groups. Thick images tend to have larger file sizes and are less scalable in diverse environments.  

Thin images, on the other hand, typically include only the operating system files. Because they’re lightweight, they’re faster to deploy. But you’ll need to separately configure your machines and deploy any additional software they require — which adds time to your imaging process.  

Hybrid images fall in between the two. With file-based imaging tools like SmartDeploy, you can create a golden image that includes only generic operating system files, software, and settings — and deploy it to any device make or model. Device-specific drivers and other software can be slipstreamed with your image or deployed separately.

Of course, you can image computers manually, but that’s a lot of work for most busy sysadmins. Unless you’re supporting only a few devices or highly customized systems (or you get a real kick out of doing things the hard way), it’s worth investing some time to create quality golden images and using them to manage your fleet. 

Benefits of golden images 

A golden image allows you to set up or image user devices efficiently, ensuring that they’re consistent, secure, and compliant with what your organization and end users need.  

Time savings 

Using a golden image means you don’t have to configure devices one by one. Whether you’re rolling out new hardware or carrying out a Windows migration project, it takes you less time to get to the finish line.  

Consistency 

Using computer imaging software like SmartDeploy to create your golden image and automate deployment workflows, you reduce the risk of human error and inconsistencies across your device fleet.  

Device security and performance 

Some choose to forego imaging altogether (e.g., by using Windows Autopilot and Microsoft Intune), but we wouldn’t recommend it. Applying a custom master image to company devices removes unwanted bloatware and security vulnerabilities, making sure that your fleet is compliant and running smoothly right from the start.  

Golden images are like plants. You reap what you sow. A regular dose of TLC paired with the right tools and best practices can yield beautiful results.  

Golden image best practices 

To ensure the quality of your golden image and smoother deployments, consider the following best practices. 

Use virtual reference machines 

Using virtual machines to create your master image, you save on physical space and hardware equipment costs (and the pain of budget discussions with your boss). With a virtual machine, it’s also easier to roll back if issues occur during imaging or deployment. And if your fleet grows, you can also scale more quickly. 

Fully patch your reference operating system  

Make sure your reference operating system is fully patched and updated before capturing and deploying your golden image. Operating systems that are up to date run a lower risk of security vulnerabilities and performance issues.  

Disable antivirus and other third-party security software  

The general advice is to disable your antivirus software or other third-party security apps on your console machine and don’t install it at all on your golden image. On Windows operating systems, for instance, security software can wreak havoc on critical utility programs, like Sysprep.  

Up for some computer imaging best practices?

Here are three tips and tricks for how to simplify computer imaging.

Leave out sensitive data 

Anything you don’t want bad actors to get their hands on, leave it out of your golden image. That means no API keys, no passwords, and definitely no drunk photos from last year’s Christmas party. 

Leave out apps that retrieve hardware information 

Some remote apps, like VPN, when installed on a device, pull hardware information for reporting to the console. Instead of installing such apps on the reference machine, it’s better to install them on end-user devices after deploying your golden image. 

Test before deployment 

Test for compatibility, security, and performance issues before deploying your golden image. Even if problems occur, they won’t cause disruptive downtime. Pro tip: Use virtual machines to create flexible, self-contained testing environments, or select low-impact users to form test groups.  

Keep your image library up to date 

Keeping your operating system images up to date can go a long way in making life a little easier during deployments since you don’t have to spend extra time installing updates and security patches. Updated images are also less likely to run into issues.  

“For Windows, I’d go with updating your golden image every time Microsoft releases a major Windows update. The general best practice is to create a new image with the new ISO file instead of doing an in-place upgrade. It’s also the cleanest, healthiest approach. For minor updates and patches, the cadence really depends on your environment, security needs, and risk thresholds.” – Austin Delaney, lead sales engineer at SmartDeploy

Use file-based imaging software 

How you make the most of your golden image depends a lot on the computer imaging software you use. Using file-based imaging tools can make it easier for you to streamline workflows, support diverse hardware, and scale your operations.  


If you’re looking for more imaging flexibility and lower overheads, SmartDeploy is versatile, easy to use, and hardware independent. With offline media, local network, and cloud-based deployment options, you can deliver your golden images just as easily to local and remote devices from a single platform. Check out our live demo or download a free 15-day trial to explore SmartDeploy’s features and functionalities for yourself.   

joanne profile
Joanne Yip

Joanne has always loved the impact that words can make. When she isn’t typing away in the world of sysadmin, Joanne loves hiking with her husband and dog, true-crime podcasts, and dreaming of her next scuba diving adventure.

Related articles

Ready to get started?

See how easy device management can be. Try SmartDeployfree for 15 days — no credit card required.