Used in computer imaging, a golden image contains the contents of a reference computer’s hard disk drive or virtual disk. Sometimes referred to as a master image or base image, a golden image includes the operating system, settings, and software that user devices need to function in a corporate environment. (And no, we don’t mean Candy Crush or Klondike.)
Applying a golden image to multiple user devices can save you a ton of time while allowing you to keep your endpoint environment clean and consistent. We’ll take you through what golden images typically include, why they’re useful, and important best practices to keep in mind.
What to include in a golden image
Golden images are usually deployed to new devices or when reimaging existing machines. The components to include in a golden image should include:
An operating system (usually Windows) — patched and updated
Line-of-business software like Microsoft Office
That said, a golden image can contain more or less than this list, depending on whether it’s a thick disk image, a thin disk image, or a hybrid disk image. So many choices, so little time!
Thick images vs. thin images
Thick images include not only standard software and settings but also the unique apps, hardware drivers, and customizations needed for specific users or device groups. Thick images tend to have larger file sizes and are less scalable in diverse environments.
Thin images, on the other hand, typically include only the operating system files. Because they’re lightweight, they’re faster to deploy. But you’ll need to separately configure your machines and deploy any additional software they require — which adds time to your imaging process.
Hybrid images fall in between the two. With file-based imaging tools like SmartDeploy, you can create a golden image that includes only generic operating system files, software, and settings — and deploy it to any device make or model. Device-specific drivers and other software can be slipstreamed with your image or deployed separately.
Of course, you can image computers manually, but that’s a lot of work for most busy sysadmins. Unless you’re supporting only a few devices or highly customized systems (or you get a real kick out of doing things the hard way), it’s worth investing some time to create quality golden images and using them to manage your fleet.
Benefits of golden images
A golden image allows you to set up or image user devices efficiently, ensuring that they’re consistent, secure, and compliant with what your organization and end users need.
Time savings
Using a golden image means you don’t have to configure devices one by one. Whether you’re rolling out new hardware or carrying out a Windows migration project, it takes you less time to get to the finish line.
Consistency
Using computer imaging software like SmartDeploy to create your golden image and automate deployment workflows, you reduce the risk of human error and inconsistencies across your device fleet.
Device security and performance
Some choose to forego imaging altogether (e.g., by using Windows Autopilot and Microsoft Intune), but we wouldn’t recommend it. Applying a custom master image to company devices removes unwanted bloatware and security vulnerabilities, making sure that your fleet is compliant and running smoothly right from the start.
Golden images are like plants. You reap what you sow. A regular dose of TLC paired with the right tools and best practices can yield beautiful results.
Golden image best practices
To ensure the quality of your golden image and smoother deployments, consider the following best practices.
Use virtual reference machines
Using virtual machines to create your master image, you save on physical space and hardware equipment costs (and the pain of budget discussions with your boss). With a virtual machine, it’s also easier to roll back if issues occur during imaging or deployment. And if your fleet grows, you can also scale more quickly.
Fully patch your reference operating system
Make sure your reference operating system is fully patched and updated before capturing and deploying your golden image. Operating systems that are up to date run a lower risk of security vulnerabilities and performance issues.
Disable antivirus and other third-party security software
The general advice is to disable your antivirus software or other third-party security apps on your console machine and don’t install it at all on your golden image. On Windows operating systems, for instance, security software can wreak havoc on critical utility programs, like Sysprep.
Leave out sensitive data
Anything you don’t want bad actors to get their hands on, leave it out of your golden image. That means no API keys, no passwords, and definitely no drunk photos from last year’s Christmas party.
Leave out apps that retrieve hardware information
Some remote apps, like VPN, when installed on a device, pull hardware information for reporting to the console. Instead of installing such apps on the reference machine, it’s better to install them on end-user devices after deploying your golden image.
Test before deployment
Test for compatibility, security, and performance issues before deploying your golden image. Even if problems occur, they won’t cause disruptive downtime. Pro tip: Use virtual machines to create flexible, self-contained testing environments, or select low-impact users to form test groups.
Keep your image library up to date
Keeping your operating system images up to date can go a long way in making life a little easier during deployments since you don’t have to spend extra time installing updates and security patches. Updated images are also less likely to run into issues.
“For Windows, I’d go with updating your golden image every time Microsoft releases a major Windows update. The general best practice is to create a new image with the new ISO file instead of doing an in-place upgrade. It’s also the cleanest, healthiest approach. For minor updates and patches, the cadence really depends on your environment, security needs, and risk thresholds.” – Austin Delaney, lead sales engineer at SmartDeploy
Use file-based imaging software
How you make the most of your golden image depends a lot on the computer imaging software you use. Using file-based imaging tools can make it easier for you to streamline workflows, support diverse hardware, and scale your operations.
If you’re looking for more imaging flexibility and lower overheads, SmartDeploy is versatile, easy to use, and hardware independent. With offline media, local network, and cloud-based deployment options, you can deliver your golden images just as easily to local and remote devices from a single platform. Check out our live demo or download a free 15-day trial to explore SmartDeploy’s features and functionalities for yourself.