I need to install Windows baremetal on one of my laptops to run some software I can’t get to run well in a VM (at least on my hardware).
So I’ve done a bit of research and found the Windows 11 IoT Enterprise LTSC version which seems to be a debloated version of Windows 11 without telemetry AND it supports digital enterprise licenses provided you can get hold of one.
I’ve found local online retailers that sell Enterprise license keys for like 20$ and some of them seem like legit shops with good reputation.
So what do you guys/gals think about Windows 11 IoT Enterprise LTSC as a debloated and privacy respecting version of windows?
Thanks in advance!
EDIT: I just want to clarify that I’m not referring to the evaluation version but the full version that is meant for OEMs (but can be downloaded directly from Microsoft - Google is you friend ). I assume one would probably violate Microsoft’s TOS one way or another by installing and activating it as a private individual. ¯_(ツ)_/¯
I think it’s unlikely to make much of a difference and the IoT version is different but not necessarily what you want. LTSC is just a long term support version nothing debloated about that.
Yes the Enterprise editions aren’t any more Private than the consume GAC and LTSC is not gonna help it either.
For sure it will be debloated, but it won’t be private you would still need to restrict it manually. (This time with Group Policy or can still use tools like O&O ShutUp10)
LTSC is pretty debloated, which is why it has lower minimum requirements than normal Windows (e.g. no Microsoft Store), but while this means useless features are less likely to make it there, or they will at least take a longer time, security features are also either delayed or not present in this edition. I don’t know if I’d personally recommend it considering that you can also disable telemetry in the non-LTSC version of Windows IoT.
Guys, can you check if I understand this correctly:
If you buy Windows Enterprise Edition, the Enterprise License owner (not just you with a Enterprise key, thats the “client” version) can set the Group Policy setting and functionally mess around with your setting because other people are the “Supervisor” and you just have a version that obeys the “Supervisor”. Technically they can do this because you are within their Enterprise?
Not necessarily correct, let me explain. For a group policy to apply based on the supervisor (or admin level) a Computer must be on a Active Directory (a Windows Active Directory, usually hosted on a windows server) that has the group policy, it’s far more effective than setting and deploying group policies manually on every computer and works on almost every edition (I think only except Windows Home) and it does give access to things like controlled user authorization, printers, etc.
So if I understand this directly, for as long as I am not logged into some LDAP/Active Directory, the IT department of the Enterprise cannot really modify my setting remotely.
Yes. Though the majority of enterprises and all educations only apply them to work computers. Not personal computers.
And also for a change or changes to apply, ITs have to manually reapply them (usually done through the cmd or rebooting them iirc does it too.)
The reason for suggesting the IoT version is mainly that afaik it’s the only version that can be activated by a digital license in contrast to the volume license on all the other Enterprise versions.
Additionally I see it as a big plus that there are so little bloat on the IoT version so that I don’t have to start uninstalling a ton of Microsoft bloatware but can start by adding the software that I actually want.
I’m more unsure about the pros and cons of the LTSC version. Maybe that might not be what I want.
Are you sure about this? If that’s true it’s a clear disadvantage of the LTSC version, but I thought it would receive security updates on par with the GAC versions.
To my understanding it isn’t delayed, Last I updated it was for the month (which I installed Windows 11 IoT LTSC on February and have gotten the 2025-02 Cumulative update] Security update, So it does keep up with GAC).
Though I’ve yet to boot my my VM to check for March
Windows 111 IOT support digital licence HWid.
This hardware ID allow you to have it for free, if you want to go in the gray area.
You may also, create you own windows 11 version by modifiying the ISO with a tool like Ntlite. Many privacy features can be configure before installation this way.
I’ve thought about trying Win11 IoT, but its taken a back seat for now. Seems like it might be a good debloat solution, if the licensing & update question marks can be overcome.
When setting up regular Windows 11 Pro, choose english WORLD version, rather than U.S. version. That will not load app store or all of the contracted, 3rd party cruft. Easier to bypass setting up an MS acct too.
Or, there are ISO modification tools like Ntlite, as suggested by Julie above.
Or, there are after install tools. A good one, built & maintained by Chris Titus. Visit YT, search for “Chris Titus Tech Windows Utility 2025.” You can selectively remove win apps, 3rd party apps, disable telementry, etc. Quite thorough. Good luck
I’ve heard that server versions of Windows are not very friendly to ordinary users. They are rarely changed (except for security updates, of course), and therefore may have problems using new features, games, or may lack features that are needed for new multimedia devices or online services. These are things to consider.
LTSC are not meant for servers, but what you mentioned are true, to a certain extend. Most game related stuff are handled through GPU drivers. And most programs don’t make use of latest Windows features.
Yes, you’re right. These are not server versions. Most likely, these are versions for infrastructure, where increased stability and reliability are needed. That’s why very rarely anything is updated there, except for security. But really, new improvements and all sorts of “stuff” for games can be a problem too. All in all, for an everyday OS it’s not the best solution.
Server versions of windows are meant to be as barebones as possible to reduce the attack surface they have and you said, for stability and reliability and yeah it’s not generally supported by driver manufacturers so for example I knew someone who ran windows server on their Laptop and tried to use it as a daily driver on an old laptop (like literally running GTX 980 and iirc Intel 3rd gen) and there was a specific driver not available for Windows Server.
I wish I knew sooner about the enterprise editions to tell them but yeah.
I generally advice posting screenshots for Global Stats StatCounter as most people don’t want to click on the link and get tracked by them or something but other than that yeah and I personally recommend people check out: