A community developer has created the smallest Windows 11 desktop environment yet: a 2.2 GB ISO that installs to just 2.8 GB on disk. Dubbed Nano11, this script-based project builds on earlier Tiny11 and Tiny11 Core efforts but slashes deeper into the operating system's components, discarding Windows Update, Defender, and the servicing stack entirely. The result is a static, unserviceable image that boots to a functional desktop—provided you accept the vanishingly thin security margin and the fact that you can never add drivers, languages, or features to it.

The Evolution of Minimal Windows

Over the past two years, a lineage of community projects has sought to reverse Windows 11's storage bloat. The most prominent is Tiny11, created by developer NTDEV, which uses official deployment tools like DISM to remove packaged applications, telemetry services, and optional features. By applying LZX or LZMS compression to system binaries, Tiny11 trimmed a standard Windows 11 installation from 20–40 GB down to around 8 GB or less.

An experimental branch, Tiny11 Core, pushed further, producing ISO files around 2 GB and installed footprints of 3–4 GB by aggressively pruning the component store and enabling CompactOS with LZX compression. Nano11 represents the next step. NTDEV released the Nano11 script as an extreme debloating recipe that goes beyond anything previously attempted, stripping out not just bloatware but entire subsystems that most users consider essential.

How Nano11 Achieves Such Drastic Size Reduction

The script follows a multi-step engineering process that combines component removal with high-ratio compression:

  • It mounts an official Windows 11 image offline using DISM or WIMGAPI.
  • It removes all bundled UWP/WinUI apps: Clipchamp, News, Weather, Xbox, Your Phone, Teams, Copilot hooks, and more.
  • It disables or removes background services, scheduled tasks, and telemetry agents.
  • It strips the WinSxS store aggressively, deleting duplicate binaries and optional components that normally allow safe servicing.
  • It cuts Windows Update, Windows Defender, and large parts of the servicing stack.
  • Finally, it applies LZX compression to the offline WIM or enables CompactOS with LZX on the installed system, compressing system executables on disk.

This two-pronged approach—surgical removal plus runtime compression—enables the staggering footprint reductions. The developer warns that the LZX compression step “uses A LOT of RAM” and takes considerable time, but the payoff is a WIM that decompresses on demand, trading CPU cycles for storage.

The Numbers: How Small Can Windows 11 Get?

NTDEV’s Nano11 ISO clocks in at 2.2 GB, and the installed OS occupies only 2.8 GB. This compares to roughly 20–30 GB for a stock Windows 11 Home installation and even smaller than many lightweight Linux distributions. The Tiny11 Core variant had already demonstrated ISOs as small as 2 GB with installed sizes around 3–4 GB, but Nano11 beats those figures by an additional 500 MB to 1 GB depending on the base image.

These numbers are not theoretical; they come from reproducible builds using the publicly available script. However, the exact size depends on the SKU used (Enterprise, Pro, LTSC, IoT), the language packs retained, and the compression level. The Nano11 script works with Windows 11 25H2 images and remains compatible with newer releases, although the developer emphasizes that each build is static and cannot accept updates.

What Gets Removed

Nano11 eliminates nearly everything that can be removed without breaking the boot process or the basic desktop shell. The removal list includes:

  • All modern bundled apps: News, Weather, Mail, Calendar, Solitaire, Office Hub, Clipchamp, Spotify, Disney+, and others.
  • Microsoft Edge, Teams, Copilot, and OneDrive integration.
  • Windows Update components and associated services.
  • Windows Defender, the Malicious Software Removal Tool, and all security agents.
  • Telemetry services, diagnostic tracking, and feedback hubs.
  • Sound, video, and printer drivers unless explicitly retained.
  • The servicing stack’s ability to add features, languages, or drivers.
  • The recovery environment and most of the WinSxS backup store.

What remains is a bare-bones window manager, basic input support, core system processes, and enough networking to allow limited connectivity. The desktop still renders, file explorer works, and you can launch third-party applications—but many system utilities are gone, and any software that relies on removed components will fail.

The Sharp Trade-offs

Nano11’s footprint comes at a trio of non-negotiable costs:

No Windows Updates. Without Windows Update, the operating system never receives security patches, feature improvements, or bug fixes. Any vulnerability discovered after the build date remains permanently exploitable unless the image is rebuilt from scratch. This alone makes Nano11 unsuitable for internet-connected production machines.

No Built-in Anti-Malware. Windows Defender is stripped out entirely. The system boots with zero real-time protection against viruses, ransomware, or other threats. Users must manually install and maintain a third-party security solution, but many of those solutions may depend on services that are also missing.

Unserviceable Image. The script renders the OS “not serviceable” by design. You cannot add a language pack, install a new driver, or enable a Windows feature through traditional means. Even simple changes like adding a printer may require rebuilding the image. The developer’s documentation states plainly: “You cannot add back features or languages in an image created with this script!”

These limitations convert Nano11 from a general-purpose operating system into a throwaway appliance. If you need to change anything, you start over.

Legitimate Use Cases

Despite the severe constraints, the engineering achievement has clear, narrow applications:

  • Virtual Machines and Testbeds: Ephemeral VMs for software testing, driver validation, or CI pipelines benefit from a tiny, fast-deploying Windows instance. Snapshots and rollbacks make patching irrelevant.
  • Embedded Systems and Appliances: Devices that run a fixed workload, receive updates through controlled image replacement, and never connect to open networks can use a stripped OS to save storage and reduce attack surface.
  • Legacy Hardware Revival: Old PCs with limited storage (e.g., 16 GB eMMC) that cannot fit a standard Windows 11 install may run Nano11 for light offline tasks, though driver support becomes a challenge.
  • Research and Education: Studying the minimum operational set of Windows components helps developers understand system dependencies and can inform more resilient design.

In each of these scenarios, the absence of updates and Defender is manageable because the host is either isolated or replaced rather than patched.

Security and Maintenance Risks in Detail

Using Nano11 on any machine that handles sensitive data or connects to the internet is a high-risk proposition. Without patches, familiar Windows vulnerabilities become permanent backdoors. Privilege escalation bugs like PrintNightmare or remote code execution flaws in networking stacks will never be fixed. Ransomware groups actively scan for unpatched systems; a Nano11 host with a static IP becomes a sitting target.

Driver compatibility also erodes over time. New hardware—USB4 peripherals, NVMe controllers, Wi-Fi 7 adapters—often requires updated drivers that cannot be injected into an unserviceable image. Even if you download a driver package, Windows may refuse to install it because the servicing stack is absent.

For enterprises, the compliance picture is grim. Standards like PCI-DSS, HIPAA, and ISO 27001 explicitly mandate timely security updates and active anti-malware protection. Running an unpatched, defenderless Windows 11 build in a regulated environment would be a clear violation.

Nano11 is not a license bypass. It takes an official Windows 11 image as input and strips components, but it does not alter activation mechanisms. Users must still possess a valid Windows license for the edition they build. The resulting image is unofficial and unsupported by Microsoft. Redistribution of modified Windows binaries may violate Microsoft’s End User License Agreement, depending on jurisdiction and intent.

The developer describes Nano11 as “intended only for testing, development, or embedded use in VMs,” which aligns with typical experimental behavior, but organizations should consult legal counsel before deploying any custom Windows build in production.

How to Experiment Safely

If you want to explore Nano11 or similar projects, containment is essential:

  • Run the build inside a virtual machine with network connectivity disabled initially. Use snapshots to revert changes.
  • Keep the VM on an isolated network or behind a separate firewall that performs intrusion detection and blocks inbound threats if internet access becomes necessary.
  • Do not store personal data, sign into Microsoft accounts, or enter credentials on these experimental systems.
  • Plan to rebuild the image rather than attempt to patch or modify it. Maintain a clean build script and original ISO sources.
  • Keep a standard, supported Windows installation on hand for recovery—never rely on a pruned image as your only OS.

Following these precautions reduces the operational risk and keeps the experiment firmly in the sandbox.

Broader Implications: A Window into What Windows Could Be

The existence and popularity of Tiny11, Nano11, and similar projects send a clear message: a significant subset of users wants a lean, modular Windows that respects hardware constraints and user choice. Technically, Microsoft’s platform already supports deep componentization. The component store, DISM, and CompactOS infrastructure enable removal and compression at a granular level. Nano11 simply leverages these capabilities to an extreme.

Yet Microsoft’s default configuration packs in everything from social media integrations to advertising IDs. These additions serve a business model built on telemetry, app store revenue, and ecosystem lock-in. The engineering community has demonstrated that the fat is optional—Windows can boot and function without Edge, without Cortana, without Xbox services, and without Defender. That revelation puts pressure on Microsoft to offer more flexible installation options, perhaps reviving the long-defunct Windows 10 S mode or offering a truly minimal “Core” SKU for power users and IT departments.

Strengths and Notable Achievements

  • Impressive Storage Reduction: Shrinking a 30 GB OS to under 3 GB is a genuine feat of system analysis and compression engineering.
  • Tooling Leverage: The process uses only official Microsoft utilities (DISM, compact.exe, oscdimg), making it reproducible and technically compliant with the platform.
  • Modularity Awareness: The project makes visible which components are optional and how their removal affects system behavior—valuable intel for admins, OEMs, and Microsoft itself.
  • Practical for Constrained Environments: In VMs, embedded devices, and development scenarios, a static tiny image is an efficient, purpose-built tool.

Risks and Limitations

  • Unserviceable by Design: Once built, the image is frozen. Drivers, languages, and features cannot be added.
  • No Security Updates: Without Windows Update, every known vulnerability remains open indefinitely.
  • No Native Anti-Malware: Removing Defender leaves the system defenseless unless an alternative is integrated, but even third-party AV may not function correctly in the reduced environment.
  • Compatibility Pitfalls: Many applications assume the presence of certain services or DLLs; removing them can cause cryptic failures that only emerge later.
  • Upgrade Fragility: A future base image change could break the script, and there is no guarantee that Microsoft will not actively block such extreme modifications.
  • Verification Gap: While the Nano11 numbers are from the developer’s own public releases, some community claims of even smaller sizes lack independent confirmation. Users should treat unsupported benchmarks with caution.

Final Assessment

Nano11 is both a technical tour de force and a cautionary tale. It proves that Windows 11 can be scaled down to barely a tenth of its standard size, and it demonstrates the architectural debt of modern operating systems. For tightly controlled, isolated environments—VM testbeds, immutable appliances, research sandboxes—the build is a legitimate, if niche, tool. For everything else, the trade-offs are unacceptable.

The sensible path forward for most Windows users is to reserve Nano11 and its kin for experimentation only, stick with supported lightweight configurations (like Windows 11 IoT Enterprise LTSC, which strips some bloat by default), and advocate for a more modular, configurable Windows that doesn’t require a community script to shed unwanted components. Microsoft has the technical means to offer a “core” Windows; Nano11 just showed us what it could look like.