A guide to golden images

joanne profile
Joanne Yip|Updated April 25, 2024
Graphic of a computer monitor overlaid with horizontal series of five circles each with a check mark spread across, with the center one enlarged for emphasis.
Graphic of a computer monitor overlaid with horizontal series of five circles each with a check mark spread across, with the center one enlarged for emphasis.

Used in computer imaging, a golden image is a copy of a reference computer’s virtual or hard disk drive and its contents. Sometimes referred to as a master image or base image, a golden image includes the operating system, settings, and software that user devices need to function in a corporate environment.

Applying a base image to multiple user devices can save you a ton of time while allowing you to keep your endpoint environment clean and consistent. We’ll take you through what golden images typically include, why they’re useful, and important best practices to keep in mind.

What to include in a golden image 

Golden images are usually deployed to new devices or when reimaging existing machines. The components to incorporate in a golden image should include:   

  • An operating system (usually Windows) — patched and updated 

  • Line-of-business software like Microsoft Office  

That said, a golden image can contain more or less than this list, depending on whether it’s a thick disk image, a thin disk image, or a hybrid disk image. So many choices, so little time!

Thick images vs. thin images

Thick images include not only standard software and settings but also the unique apps, hardware drivers, and customizations needed for specific users or device groups. Thick images tend to have larger file sizes and are less scalable in diverse environments.  

Thin images, on the other hand, typically include only the operating system files. Because they’re lightweight, they’re faster to deploy. But you’ll need to separately configure your machines and deploy any additional software they require — which adds time to your imaging process.  

Hybrid images fall in between the two. With file-based imaging tools like SmartDeploy, you can create a golden image that includes only generic operating system files, software, and settings — and deploy it to any device make or model. Device-specific drivers and other software can be slipstreamed with your image or deployed separately. (And no, we don’t mean Candy Crush or Klondike — unless you’ve deemed that a business-essential app. We won’t judge.)

Benefits of using a golden image 

By using custom golden images, you can save time when setting up devices while ensuring that endpoints are consistent, secure, and compliant with what your organization and end users need.

Time savings 

Using a golden image means you don’t have to configure devices one by one. Whether you’re rolling out new hardware or moving Windows 10 devices to Windows 11, it takes you less time to get to the finish line — without compromising on the consistency and performance of your fleet.  


Using computer imaging software like SmartDeploy to create and deploy your custom image, you reduce the risk of human error and inconsistencies across your device fleet.  

Bloatware removal 

Some choose to forego image creation altogether (e.g., by using Windows Autopilot and Microsoft Intune), but we wouldn’t recommend it. Applying a clean custom image to company devices removes unwanted bloatware and security vulnerabilities that can impact device security and performance.

Golden images are like plants. You reap what you sow. A regular dose of TLC paired with the right tools and best practices can yield beautiful results. (No offense to those born without green thumbs and, FWIW, you’re not alone.)

Golden image best practices 

To ensure the quality of your golden image and smoother deployments, consider the following best practices. 

Use virtual machines

Using a virtual machine to create your master image, you save on physical space and hardware equipment costs (and the pain of budget discussions with your boss). With a virtual machine, it’s also easier to roll back if issues occur during imaging or deployment. And if your fleet grows, you can also scale more quickly.

Fully patch your reference operating system

Make sure your reference operating system is fully patched and updated before capturing and deploying your golden image. Operating systems that are up to date run a lower risk of security vulnerabilities and performance issues.

Disable antivirus and other third-party security software

The general advice is to disable your antivirus software or other third-party security apps on your console machine and don’t install it at all on your golden image. On Windows operating systems, for instance, security software can wreak havoc on critical utility programs, like Sysprep. And don’t worry, you can always install them post-imaging.

Leave out sensitive data

Anything you don’t want bad actors to get their hands on, leave it out of your master image. That means no API keys, no passwords, and definitely no drunk photos from last year’s holiday party.

Leave out apps that retrieve hardware information

Some remote apps, like VPN, when installed on a device, pull hardware information for reporting to the console. Instead of installing such apps on the reference machine, it’s better to install them on end-user devices after deploying your golden image.

Test before deployment

Test for compatibility, security, and performance issues before deploying your golden image. Even if problems occur, they won’t cause disruptive downtime. Pro tip: Use virtual machines to create flexible, self-contained testing environments, or select low-impact users to form test groups.

Keep your image library up to date

Keeping your operating system images up to date can go a long way in making life a little easier during deployments since you don’t have to spend extra time installing updates and security patches. Updated images are also less likely to run into issues (or trigger unforeseen user meltdowns).

“For Windows, I’d go with updating your golden image every time Microsoft releases a major Windows update. The general best practice is to create a new image with the new ISO file instead of doing an in-place upgrade. It’s also the cleanest, healthiest approach. For minor updates and patches, the cadence really depends on your environment, security needs, and risk thresholds.” – Austin Delaney, lead sales engineer at SmartDeploy

Choose the right computer imaging software for your use case

Choose computer imaging software that works best for your environment and use case. For instance, disk cloning software (e.g., Clonezilla) is useful for creating a clone image as a backup of a specific machine. Meanwhile, file-based imaging software (e.g., SmartDeploy) makes it easier for you to streamline your imaging workflows when managing diverse hardware.

Golden images FAQs 

What is the difference between a golden image and a master image?

There is no difference. A golden image is also called a master image or a base image. In other words, po-tay-to, po-tah-to.

How do I make a golden image?

You can create a golden image using sector-based software (aka disk cloning tools) or file-based imaging software. Sector-based tools are platform independent and best for creating exact copies of specific devices. But you have less flexibility to customize your deployments, and you need to maintain physical reference computers (and enough spare to store them). In contrast, file-based tools are hardware independent, use virtual machines and single-instance storage, and give you more flexibility and control over your image deployment process.

Can I use a physical computer to capture my golden image?

Yes, you can use a physical computer to capture your golden image. When creating your master image, you can use either physical or virtual reference computers. Compared to using virtual machines, using physical computers is generally less scalable and can cost more money and effort to maintain — especially if you manage diverse hardware.

If you’re looking for more imaging flexibility and lower overheads (and a happier life in IT), SmartDeploy is versatile, easy to use, and hardware independent. You can deliver your golden images to Windows machines using offline media, local networks, or the cloud (no VPN needed, leveraging your corporate cloud storage account). To learn how it works, request a live demo or download a free 15-day trial to explore SmartDeploy’s full range of features and functionalities.

joanne profile
Joanne Yip

Joanne has always loved the impact that words can make. When she isn’t typing away in the world of sysadmin, Joanne loves hiking with her husband and dog, true-crime podcasts, and dreaming of her next scuba diving adventure.

Related articles

Ready to get started?

See how easy device management can be. Try SmartDeployfree for 15 days — no credit card required.