How to Create a Windows To Go USB Drive Without the Enterprise Edition
Microsoft’s Windows To Go feature installs Windows as a live system on a bootable USB drive. It’s officially only for Enterprise editions of Windows, but we’ve found a way to do it with any edition of Windows 8 or 8.1. This process allows you to create a live Windows USB drive that functions like a live Linux USB drive. You can boot it on any computer. The operating system’s files and programs stay on the external drive and follow you around. What You’ll Need Here’s what you’ll need: A USB Flash Drive or External Hard Drive With 16 GB of More of Space: For maximum speed, you’ll probably want a speedy USB 3.0 flash drive. However, you could also use an older external hard disk drive you have lying around. It won’t be as fast, but it will work all the same. Microsoft offers ―Windows To Go Certified Drives,‖ and they all start at 32 GB of storage space, so there’s enough space for the OS and extra for your files. These certified devices are tested so they have high speeds and good manufacturer warranties — a cheap USB drive might be slower and die sooner due to the higher volume of writes. RELATED ARTICLE How to Download Windows 7, 8, and 8.1 Installation Media — Legally You can reinstall Windows from scratch using the product key that came with your PC, but you’ll have to find... [Read Article] A Windows 8 or 8.1 ISO File or Disc: You’ll need Windows 8 or 8.1 installation media for this. if you don’t have any lying around, there are ways to legally download Windows installation media from Microsoft — either with a CD key or by downloading a 90-day free trial of Windows 8.1 Enterprise. (You don’t need Windows Enterprise for this — the ―core‖ or Professional editions of Windows 8 or 8.1 will also work.) The Free GImageX Tool: Download the free GImageX tool and install it on your system. This is a graphical front-end to the ImageX tool from Microsoft’s Windows Assessment and Deployment Kit. It will allow you to work with the WIM files from the Windows installation media and create a Windows To Go drive without Microsoft’s official Windows-To-Go- creator tool. (You don’t also need to download the full Windows ADK from Microsoft — just download the tiny GImageX utility.)
Locate the Install.wim File
1 | P a g e
First, locate the Install.wim file, which is stored on the Windows installation media. If you have a physical disc, insert it into your computer. If you have an ISO file, you can ―mount it‖ on Windows 8 by double-clicking it in File Explorer. Open the disc drive in Windows Explorer and enter the ―sources‖ directory. Locate the ―install.wim‖ file — that’s at X:\sources\install.wim , where X is the drive letter of the disc.
Image the Install.wim FIle onto a USB Drive Next, open the GImageX tool. Extract the downloaded archive and run the correct version of the program for your computer — the x64 one on a 64-bit version of Windows or the x86 one on a 32-bit version of Windows. Click the Apply tab in GImageX. In the Source box, browse for the install.wim file you found earlier. In the Destination box, choose the external drive you’ll be installing Windows To Go on. Click the Apply button and GImageX will image the Install.wim file onto the USB drive. Wait for the imaging process to complete before you continue. This is the longest part, although it shouldn’t take too long. The imaging process only took 12 minutes for us, even though we were putting our Windows To Go system onto an external mechanical drive over a slower USB 2.0 connection.
Make the Partition Active RELATED ARTICLE Understanding Hard Drive Partitioning with Disk Management In today’s edition of Geek School, we’re going to talk about how to use Disk Management… but we’re going to... [Read Article] You’ll now need to make the Windows To Go partition active so your computer will boot off that partition when you choose to boot from the external device. First, open the Disk Management tool — right-click the Start button in the bottom-left corner of your Screen or press Windows Key + X and click Disk Management.
2 | P a g e
Locate the external drive in the list, right-click the partition you imaged the Windows To Go system onto, and select Mark Partition as Active. This will mark that partition as the ―active,‖ bootable partition on that external drive.
Create Boot Entries on the USB Drive Next, you’ll need to create the appropriate boot entries on the Windows To Go drive’s boot loader. First, open a Command Prompt window as Administrator — on Windows 8.1, right-click the Start button in the bottom-left corner of the screen or press Windows key + X and select Command Prompt (Admin). Next, run the following two commands to switch to the Windows To Go external drive, using its drive letter in place of X. Open a File Explorer window to see the drive’s letter if you don’t know it: X: cd Windows\system32
Next, run the following command, replacing X with the drive letter of the external drive with Windows To Go on it. bcdboot.exe X:\Windows /s X: /f ALL (As Microsoft’s bcdboot documentation page explains, this command ―creates boot entries on a USB flash drive… including boot files to support either a UEFI-based or a BIOS-based computer.‖)
3 | P a g e
Boot Windows To Go You now have a Windows To Go drive! Restart your computer and boot from it — you may need to configure the boot order in the BIOS or use use Windows 8’s boot options menu on UEFI- based systems to boot from an external drive. The first time you boot the Windows installation on the drie, you’ll have to go through the same first-time setup process you’d see after installing Windows on a computer normally. This will only happen the first time you boot your Windows To Go drive. Windows To Go operates almost like a normal system, although Microsoft notes a few differences — for example, a Windows To Go system boots with internal disks offline by default. This is designed to prevent sensitive data from accidentally being saved onto an internal disk when using Windows To Go. Windows To Go is a feature in Windows 8 Enterprise that allows Windows 8 Enterprise to boot and run from mass storage devicessuch as USB flash drives and external hard disk drives.[1] It is a fully manageable corporate Windows 8 environment. It is intended to allow enterprise administrators to provide users with an imaged version of Windows 8 that reflects the corporate desktop. Creation of Windows To Go drives is not officially supported by other Windows 8 editions.[2] 1 History 2 Differences from standard installation 3 Hardware considerations 4 Licensing 5 Reception 6 See also 7 References 8 External links History Before Windows 8, only embedded versions of Windows, such as Windows Embedded Standard 7, supported booting from USB storage devices.[3][4] In April 2011, after the leak of Windows 8 build 7850,[5] some users noticed that those builds included a program called "Portable Workspace Creator", indicating it was intended to create bootable USB drives of Windows 8.[6][7] In September 2011, Microsoft officially announced Windows To Go at the Build Conference, and distributed bootable 32GB USB flash drives with Windows To Go pre-installed.[8] Differences from standard installation Windows To Go has several significant differences compared to a standard installation of Windows 8 on a hard disk drive or solid-state drive. Drive removal detection: 4 | P a g e
As a safety measure designed to prevent data loss, Windows pauses the entire system if the USB drive is removed, and resumes operation immediately when the drive is inserted within 60 seconds of removal. If the drive is not inserted in that time-frame, the computer shuts down after those 60 seconds to prevent possible confidential or sensitive information being displayed on the screen or stored in RAM.[9] It is also possible to encrypt a Windows To Go drive using BitLocker.[10] Driver configuration: The first time Windows To Go boots on a particular computer, it installs the drivers for that particular hardware and multiple reboots may be required. Subsequent booting operations go straight into Windows 8.[9] Windows Store: For Windows 8.1, the Windows Store is enabled and working by default in Windows To Go.[11] In Windows 8 the Windows Store cannot be accessed on a Windows To Go installation: those attempting to visit the Store will receive an error message. A Group Policy Object exists to manage this.[12] Using Group Policy, Windows Store can be enabled for a Windows To Go workspace (limited to one PC) and Store apps can be used on that workspace. Local hardware inaccessible: In default configurations, Windows To Go installations do not see the local mass storage installed in a host computer. This can be changed by policy (OfflineInternal).[13] Hardware considerations Windows To Go works both on USB 2.0 and USB 3.0 connections, and both on legacy BIOS and UEFI firmware.[14] Not all USB drives can be used in this environment; Microsoft has set up specific testing requirements that the USB drive manufacturer must meet in order to be a supported device. Currently there are ten USB devices listed as supported by Microsoft for Windows To Go:[15][16][17][18] IronKey Workspace W700 IronKey Workspace W500[19] IronKey Workspace W300 Kingston DataTraveler Workspace[20] (first drive to support Windows To Go)[21] SPYRUS Portable Workplace[22][23] SPYRUS Secure Portable Workplace (with Hardware Encryption)[24][25] Spyrus Worksafe Spyrus Worksafe Pro SuperTalent Express RC4 SuperTalent Express RC8[26] Western Digital My Passport Enterprise When using a PC as a host, only hardware certified for use with either Windows 7 or Windows 8 operating systems will work well with Windows To Go. Although Microsoft does not provide support for this feature on Windows RT or Macintosh computers,[15] it is possible to boot Windows To Go on a Mac.[27] Licensing Microsoft announced Windows To Go is licensed by Software Assurance as with Windows To Go rights under Software Assurance, employees can use Windows To Go on any Windows Software Assurance licensed computer as well as their home PC. With a new companion device license from Software Assurance, employees will be able to use Windows To Go on their personal devices from work.[28]
5 | P a g e
Reception[edit] Simon Bisson, writing for ZDNet called Windows To Go "One of the more interesting features of Windows 8", noting "Even though we were using a USB 2.0 port performance was good, with no noticeable lag" and calling it "a very useful way of running of Windows 8".[2] Michael S. Lasky, writing for laptopmag.com, wrote "For IT departments that want to ensure that employees can safely access a corporate network, Windows To Go USB drives are incredibly convenient. Having the ability to instantly remake any Windows PC into your own secure, personal computer is a worthwhile and productive time-saver."[29]
While Windows To Go is not intended to be a replacement option for all enterprise devices, it offers employees a new way to stay fully productive and connected to resources across a variety of work scenarios. Work from home Employees travel light with their corporate image, apps, and policies provisioned on a Windows To Go drive for use on their home PC. Bring your own device to work (BYOD) Contractors or employees access the enterprise network at work from a personal device, allowing them to stay productive whatever their choice of PC. Up and running on Windows 8.1 Help employees test, evaluate, or take advantage of Windows 8.1 on their existing hardware before it's deployed on their PC. Maintain business productivity Provide Windows To Go to maintain business productivity during unexpected events that compromise primary PCs or work locations.
Microsoft Windows to Go: 8 reasons to use it
REVIEWS14 Nov, 2012Khidr Suleman Share on printShare on emailShare on stumbleuponShare on twitterMore Sharing Services The security and flexibility offered by Windows to Go makes it an ideal tool for professionals who will be using multiple devices.
4 Verdict: Windows to Go is an excellent tool for those who use multiple PCs as it means that confidential data is not compromised. There were no problems with performance and we had access to all our legacy and Windows Store apps. If you do start using Windows to Go, it is imperative that you backup any data to another secure source. The only downside to using Windows to Go is that if you loose the USB stick the data will be be lost too unless it is backed up.
6 | P a g e
For many businesses still pondering whether to invest in the Windows 8operating system or to stick/upgrade to Windows 7, it can be a difficult choice. If security is paramount, part of a hotdesking environment or you just want to beef up your protection, we’d definitely recommend giving Windows 8 or, more specifically, Windows to Go a try. This provides IT admins with the ability to configure an image of Windows 8 onto a USB stick. Best of all the feature is not restricted to enterprises and can be set up by individuals. Here are eight reasons why we recommend it: 8. Allows you to try Windows 8 without installing it If you're skeptical about Windows 8, the best way to try it out is to use Windows to Go. This allows you to give the full version of Windows 8 a whirl on a Windows 7 machine without having to upgrade the system. All your files and settings will remain untouched so in the event that you don't want to continue using it, Windows 7 will be waiting for you. Microsoft recommends that you use a USB stick with a minimum of 20GB of space. In our experience that's a little on the low side. You're going to want to use a USB stick with at least 64GB so you've got enough space to store documents and multimedia content. To see how to provision a Windows to Go USB when using Windows 7, check out this step-by-step guide. 7. IT admins can deploy and manage it For larger enterprises, admins can configure USB sticks with applications and set policies – so, for example, they can choose whether to let users download apps from the Windows Store. Windows to Go can be managed using standard Windows enterprise tools such as System Center Configuration Manager, which means no new infrastructure is required. Computer and user settings for Windows To Go workspaces can be managed using Group Policy settings. Workspaces can also be configured to connect to an enterprise backend using either Direct Access or a VPN connection. 6. No performance issues If your device is Windows 7 certified, Windows to Go will work, so you won't have to run out and buy the latest hardware. All you need to get going is to plug in the pre-configured USB stick into a Windows 7 PC, laptop or tablet and switch it on. Windows to Go will provision the device by installing specific drivers without needing to be connected to the internet.
Considering that you'll be running Windows to Go on a Windows 7 machine - don't expect the 8 second boot times touted by Microsoft. Using an Intel Core i3 2.4GHz machine with 4GB of RAM, we found the machine to boot up in just over 60 seconds. Considering this required two passwords to be entered, that's not bad. Of course the better your hardware, the faster the device will boot up. Windows to Go is also best used with a USB 3 port, but it is compatible with USB 2 connections. We didn't notice any considerable slowdown when using the latter though, and - unless you're reading and writing large files to the USB stick - it won't impact on performance. Windows to Go isn't compatible with tablets that use chipsets based on the ARM architecture. Microsoft has launch a separate edition of the operating system for this platform, dubbed Windows RT, and this can be found on devices such as the Surface RT. 5. All your apps are available Windows to Go doesn't allow you to access the Windows Store by default. However, this can be remedied pretty quickly if you're the administrator or your IT admin wants to enable this. You will need to search for the "Group policy", open the program and then drill down through the following folders: Computer/Configuration/Administrative/Templates/ Windows/Components/Store. 7 | P a g e
Click on the "Turn off Store application" option and set it to "disable". This will allow you to download applications and access them, regardless of the machine you are using.
Given the way Microsoft has sandboxed applications within Windows 8, we expect most IT admins to enable this feature and grant employees access to the Windows Store.
Read more:http://www.itpro.co.uk/644125/microsoft-windows-to-go-8-reasons-to-use-it#ixzz3PRznvv00 4.Flexible licensing options Under Microsoft's Software Assurance agreement, an employee will be able to use Windows To Go on any licensed company PC as well as their home PC. Microsoft has also introduced a companion device license as part of its Software Assurance scheme. This enables employees to use Windows To Go on their personal computers at work, helping to facilitate BYOD policies. 3. 60-second lockdown If you’re using a machine with Windows to Go and accidentally pull out the USB stick, don't panic. The screen will freeze, but you’ll have 60 seconds to plug it back in and continue where you left off, pretty much instantly. A small warning message will be displayed informing you that you shouldn't disconnect the device.
If you do not plug your device back in to the USB port, the machine will shut itself down after a minute has elapsed. 2. Bitlocker encryption is built-in Because Windows to Go is designed to be used on a variety of machines – it has encryption built-in. This bypasses the need to use a device with security features such as a Trusted Platform Module (TPM) chip. You need to enable the BitLocker protection manually and this should be one of the first things you do after booting up Windows to Go. This encrypts data on the USB stick using AES 128-bit encryption.
8 | P a g e
Whenever you boot up Windows to Go, you will be asked to enter a password before proceeding to the Windows 8 Welcome screen. Once users arrive here they can then enter their login details to access their desktop. It’s not quite two- factor authentication, but does provide an extra layer of security. In the event that the stick is stolen, your data will remain encrypted. It’s just important to make sure that you’ve backed up the data to a secure place, corporate network or cloud storage, because there will be no way of accessing it again. 1. Windows to Go leaves no footprint Windows to Go is all about providing peace of mind. You can borrow a friend or work colleague's PC without worrying about leaving accounts logged in or accidentally saving confidential data to the local machine.
One of the main reasons that Windows to Go can be safely used on multiple PCs is because the internal hard drive on the host computer is kept offline by default when you boot up into Windows To Go. We recommend you don't tinker with this setting in the Group Policy. If you do need to save any files, they can be saved directly to the USB stick you're booting from. It's a good idea to back these files up using secure cloud services - and the system works well in conjunction with Microsoft's other products such as Office 365 and SkyDrive. Once you shutdown – the PC you were using goes back to using the default operating system (Windows 7). There will be no footprint, and it will be as if the Windows to Go session never happened. This is pretty much as secure as you can get when it comes to using a PC on the move.
Read more: http://www.itpro.co.uk/644125/microsoft-windows-to-go-8-reasons-to-use-it#ixzz3PRzzZtrC
Windows To Go is a new Windows feature that allows you to save your personalized Windows 8 OS and use it on any compatible device. This way, you can use your customized Windows 8 start screen from any computer on which you want to use Windows 8. You can also work from your personalized start screen on any mobile or tablet device where you have Windows 8 installed. Windows To Go is one of the newest features available with the Windows 8 UI-style start screen, and when you add Windows 8 UI-style apps using this new operating system, you can use apps that you purchase or download in the Windows 8 store on any device where you’d like to operate your start screen. Using Windows To Go you can save your entire Windows 8 operating system to a USB flash drive. Please note, you must have a USB drive with a 32 GB capacity or larger, and must have a USB 3.0 drive for the Windows To Go feature to work. How can Windows To Go help business users and home users of Windows 8? With Windows To Go, you can keep your work and home use of your PC separate if you use the same PC for each. Instead of using the same operating system for both your home and work PC usage, you can customize your Windows 8 operating system for a specific function. Each day you can save your operating system to a USB flash drive, then remove the drive and use a different operating system on the same PC at home. This works even if you use Windows 8 at home and Windows 8 at the office. It just means that you won’t have to use the same interface for both your home and work use if you’re working on the same PC.
9 | P a g e
Windows To Go makes “bring your own device”, a recent trend in the work place, much easier and safer for both the employer and employee. From the employer perspective, it ensures fewer viruses and malware can infiltrate the business network because, using Windows To Go, employees will use a version of Windows 8 specifically for their work use. Employees can have the freedom and privacy of using your own personal operating system, a version of Windows 8, Windows 7, or any other compatible operating system that you choose to put on your PC, without having to worry about the overlap of business and personal use or the feeling of bringing work home with you. How can Windows To Go help me back up my files? Each time you back up your Windows 8 OS using Windows To Go, all of your important files and documents are saved to the USB stick which you use to back up. This way you can ensure that there’s an external, backed-up copy of all your files, in case a crash occurs on your PC. This is another added benefit of the Windows To Go Feature. Learning to use Windows To Go on your own To Learn how to use Windows To Go on your own, we recommend advanced Windows users, or experienced PC users, trying it out. Follow these steps to create a Windows To Go USB drive for Windows 8. How can I get Windows To Go? In order to get Windows To Go you must first download Windows 8 and install it on your PC. Learn from Soluto how to install and download Windows 8 on your computer. Windows To Go is a new Windows feature that allows you to save your personalized Windows 8 OS and use it on any compatible device. This way, you can use your customized Windows 8 start screen from any computer on which you want to use Windows 8. You can also work from your personalized start screen on any mobile or tablet device where you have Windows 8 installed. Windows To Go is one of the newest features available with the Windows 8 UI-style start screen, and when you add Windows 8 UI-style apps using this new operating system, you can use apps that you purchase or download in the Windows 8 store on any device where you’d like to operate your start screen. Using Windows To Go you can save your entire Windows 8 operating system to a USB flash drive. Please note, you must have a USB drive with a 32 GB capacity or larger, and must have a USB 3.0 drive for the Windows To Go feature to work. How can Windows To Go help business users and home users of Windows 8? With Windows To Go, you can keep your work and home use of your PC separate if you use the same PC for each. Instead of using the same operating system for both your home and work PC usage, you can customize your Windows 8 operating system for a specific function. Each day you can save your operating system to a USB flash drive, then remove the drive and use a different operating system on the same PC at home. This works even if you use Windows 8 at home and Windows 8 at the office. It just means that you won’t have to use the same interface for both your home and work use if you’re working on the same PC. Windows To Go makes “bring your own device”, a recent trend in the work place, much easier and safer for both the employer and employee. From the employer perspective, it ensures fewer viruses and malware can infiltrate the business network because, using Windows To Go, employees will use a version of Windows 8 specifically for
10 | P a g e their work use. Employees can have the freedom and privacy of using your own personal operating system, a version of Windows 8, Windows 7, or any other compatible operating system that you choose to put on your PC, without having to worry about the overlap of business and personal use or the feeling of bringing work home with you. How can Windows To Go help me back up my files? Each time you back up your Windows 8 OS using Windows To Go, all of your important files and documents are saved to the USB stick which you use to back up. This way you can ensure that there’s an external, backed-up copy of all your files, in case a crash occurs on your PC. This is another added benefit of the Windows To Go Feature. Learning to use Windows To Go on your own To Learn how to use Windows To Go on your own, we recommend advanced Windows users, or experienced PC users, trying it out. Follow these steps to create a Windows To Go USB drive for Windows 8. How can I get Windows To Go? In order to get Windows To Go you must first download Windows 8 and install it on your PC. Learn from Soluto how to install and download Windows 8 on your computer.
The Bring Your Own Device movement is reshaping the way employers equip their workforce. With Windows To Go, you can confidently embrace BYOD by giving employees access to the enterprise network while allowing them to stay productive from a personal PC of their choice. Whether users always work on the same PC or roam between different systems in the office or at home, they can safely boot a full version of Windows 8.1 and all of their applications from any PC certified to run Windows 7.0 or higher. A consistent, fully mobile desktop experience keeps employees productive, and IT no longer has to support costly home computers. BENEFITS Realize thousands of dollars in costs savings in equipment and ongoing maintenance of your BYOD computers. Keep security policies intact with a Windows To Go environment that boots directly off the workspace drive – and not the potentially unsecured employee-owned device. Eliminate concern of employee use of their personal PC, Mac or tablet for corporate use with a separation of personal data from all corporate data and IT security policies. Contractors are ideal candidates for alternative computing options – like a USB drive-based Windows To Go environment. Enterprise IT managers can quickly and easily distribute secure Windows To Go drives to workers on assignment. Contractors can boot their desktops exclusively from the Windows To Go drive and run all applications in that environment until their assignments end – then they simply return the devices and IT re-provisions them for the next contractor. Worried about rogue users? Don't be. IT can send a remote self-destruct signal to the drive. BENEFITS Securely enable temporary employees at a lower cost than traditional approaches. Comply with government contractor standards including FIPS 140-2 Level 3 certification and support for Common Access Card/Personal Identity Verification (CAC/PIV). Provide controlled access to the OS and applications without allowing all of the permissions granted to full-time employees.
11 | P a g e
If your organization is currently using or considering Virtual Desktop Infrastructure (VDI), it is imperative that the VDI endpoint be trusted and not susceptible to malware or viruses. IT can install the VDI client on a Windows To Go drive thereby transforming any PC into a FIPS-hardened and trusted VDI endpoint. BENEFITS Ensure users boot their desktop environment solely from the secure device, thus protecting enterprise data, software and networks from threats. Access to the VPN to tunnel into the VDI environment comes only after authenticating the workspace device using AES 256-bit encryption.
It's no secret that employees are happier when they are mobile and can work remotely. With Windows To Go, your staff can take their workspace device home and pop it into a PC to launch a company deployment of the Windows 8.1 operating system. And as it boots off the USB drive, it's completely isolated from the employee's host machine. Now employees can take their Windows desktop and all applications with them without dragging their laptop along. And as carrying laptops have a higher probability of theft and damage, secure workspace drives greatly minimize that risk. BENEFITS Employees travel light with their corporate desktop image, applications and policies provisioned on a secure Windows To Go drive. Allow employees to work with the device that suits their work habits and allows them to maximize productivity. Enable flexible work practices for telecommuters and employees who work on the road.
Providing employees with laptops is expensive, with some costing well over $1,000 apiece. As enterprises and agencies continue to watch their bottom line, it's often more economical to have employees share the same PC, particularly if they work different shifts. Windows To Go enables those employees to use the same system but have their own Windows 8.1 environment, complete with all their applications they then can take with them to use on any PC compatible with Windows 7 or higher. And since the desktop boots off the workspace device and not the PC, you can rest assured knowing their data stays protected and secure. BENEFITS Enable open seating, or activity-based working, when real estate footprint is limited as users roam across workstations equipped with PCs. Allow field workers to move from one vehicle to another with agility and complete access to their data when vehicle fleets are outfitted with laptops. Minimize IT capital spend using shared PC's that don't even require hard drives, operating systems or security software. Windows To Go is an effective disaster recovery solution to continue your business operations or provide help to those in need. In the event of power outages, a PC crash, malware compromise or natural disasters like severe storms or fire, users may be unable to use their primary computer. Windows To Go allows them to continue working without any interruption of services from any compatible PC. BENEFITS Quickly and easily deploy corporate imaged Windows 8.1 desktop environments so personnel can work from anywhere. Ensure critical functions remain operable even if headquarters facilities are closed or inaccessible. Nearly every IT department has old laptops that are just taking up space.Now you can dust off those underutilized assets and use Windows To Go to dramatically extend the refresh cycle. Not only will IT 12 | P a g e realize significant cost savings, but the flash technology is typically faster than running the OS off the internal hard drive of these older systems. BENEFITS Save money while still getting all the benefits of the new Windows 8.1 operating system. Extend the lifetime of your costly hardware equipment. Enhance security by turning these old laptops into FIPS-certified systems: no need to update the older operating systems and installed security applications.
Whether you're using Windows XP or Windows 7, Windows To Go is a cost-effective way to test and deploy the latest Microsoft Windows 8.1 operating system – at a fraction of the cost of a traditional OS upgrade. Using these secure devices on any PC certified to run Windows 7 or higher, you can selectively deploy the latest Microsoft operating system to employees without wasting time and budget on updating their laptops. BENEFITS Quickly and easily test the Windows 8.1 environment before you mass deploy to all employees. Leverage existing Windows systems while users safely try Windows 8.1
Readily distribute desktop environments to new employees acquired through a merger or acquisition – while remaining in control of data and application access policies and permissions. BENEFITS Ease IT strain as you manage and authorize users providing access only to the information needed to do their job. Employees can retain access to their original work laptop and readily access the new corporate system through the Windows To Go device. Disable or even destroy Windows To Go devices if they are lost, stolen or misused. Because Windows To Go provides a convenient enterprise-managed environment to work from any PC, it can be used as a proof of concept for a deployment environment or a test bed for new user applications – all while ensuring corporate compliance. BENEFITS Help employees test, evaluate and take advantage of new applications. Deploy pilot programs with test applications to specific groups before rolling out to the enterprise. Demonstrate the potential ROI from enabling secure mobility.
How to use Windows To Go
Applies to: Windows 8, Windows 8.1 Windows To Go is not a late-night drive-through offering at the local Microsoft Store. Rather, it’s a feature in the Windows 8 Enterprise operating system that allows you to start a Windows 8 image (a Windows To Go workspace) from an external USB drive. You can start a Windows To Go workspace on most computers that meet the Windows 7 or Windows 8 certification requirements, regardless of the operating system currently running on them.
In this article, we will take a look at how Windows To Go can help you by looking at the life of a typical IT pro named Mark who works for Contoso, Ltd. As with most IT pros, Mark has a challenge (well, maybe more than one). Many of the Contoso employees and contractors have their own devices and want to use them to perform their day-to-day tasks at Contoso.
13 | P a g e
Contoso management has heard about Bring Your Own Device (BYOD) initiatives and wants to take advantage of the willingness of employees and users to use their own devices. Because the users already own the devices, Mark and Contoso management do not want to invest additional funds to provide these users with Contoso-owned devices or deploy a Virtual Desktop Infrastructure (VDI) solution. These users need to work while they are at Contoso, at their own office (for the contractors), at home, or at public hot spots. Therefore, Mark needs to provide them with secure desktop environments that they can take with them and use anywhere-at any time in any place. Building Windows To Go workspaces First on Mark’s to-do list is determining the requirements for Windows To Go. Mark discovers that Windows To Go is a feature of Windows 8 Enterprise. He also finds out that Windows To Go has the same basic system resource requirements as Windows 8 or Windows 7. All of the user-owned devices meet those requirements, and Contoso already owns the necessary Windows 8 Enterprise licenses, so he is ready on that front.
One item of interest that Mark discovers during his research is that there are Windows To Go–certified drives, which he reviewed in the section, ―Hardware considerations for Windows To Go,‖ in the Windows To Go: Feature Overview. Mark finds out that he can help ensure the success of his Windows To Go deployment project by selecting a certified drive instead of a generic one.
After reading that section, he finds that the drives have different capacities (32 GB to 500 GB). Further, some vendors provide hardware encryption, while others provide centralized management tools. Mark selects a 128-GB USB 3.0 flash drive that does not have any hardware encryption or centralized management tools. (He will use BitLocker Drive Encryption for encryption and the existing Contoso management tools to manage the Windows To Go workspaces and user experience.)
Mark finds out that he can build Windows To Go workspaces using: The Windows To Go Creator Wizard, which is only available in Windows 8 Enterprise From a command line by using Windows PowerShell cmdlets and other command-line tools The Windows To Go Creator Wizard is typically used to create only a single Windows To Go drive. Therefore, Mark decides to use the command-line method to create the Windows To Go drives for all users by means of a repeatable process to help ensure consistency and reduce manual effort.
Mark is able to use the scripts on the web pages as samples for creating a complete provisioning solution, and then runs his scripts to create a few Windows To Go drives. He tests the drives in his test environment and determines that his scripts are working correctly, so he uses his scripts to create the remainder of the Windows To Go drives. The first step in Mark’s Windows To Go project is simple and painless. Using Windows To Go workspaces As the next step in Mark’s Windows To Go project, he distributes the Windows To Go drives to the Contoso users. He made certain the Windows To Go workspaces were members of the Contoso Active Directory Domain Services domain, because the users will access Contoso resources and require domain authentication. Mark also wants to make certain that he can use the existing Contoso management tools (which require that the devices be domain members) to manage the Windows To Go workspaces.
Mark uses the offline domain join feature in Windows 8 to join the Windows To Go workspaces to the Contoso domain. He learned about this feature by reading the article Offline Domain Join (Djoin.exe) Step- by-Step Guide. The feature allows Mark to join the workspaces to the domain without the devices being connected to the Contoso intranet. For devices on the Contoso intranet, Mark could have used the 14 | P a g e normal domain join process. But because each user may initially try to use Windows To Go in different environments, he decided that the offline domain join process would provide the best user experience and reduce the number of phone calls he would receive.
To ensure that users have a good experience, Mark decides to help the first batch of users as they start Windows To Go for the first time. Some of these users have Windows 8 devices, while others are still using Windows 7 devices.
The host computers must be configured to start from a USB drive before the device boots from an internal drive. Mark reads the article Tips for configuring your BIOS settings to work with Windows To Go and discovers that on Windows 7 devices, he must change the BIOS to enable starting first from a USB drive. However, for Windows 8 devices, Mark finds he can enable the device to start the Windows To Go workspace automatically without changing the BIOS by using a built-in Windows 8 setting (as shown in the figure below). He can also configure the startup options using the ―Windows To Go Default Startup Options‖ Group Policy setting.
Figure 1. Windows To Go Startup Options
The user inserts the Windows To Go drive into a USB port and starts the host computer, which then starts the Windows To Go workspace from the USB drive. Although Windows To Go performance is good with USB 2.0, users can achieve better performance if they plug the USB drive into an integrated USB 3.0 port (if available) on the device. (Adding on USB 3.0 cards will not work, because they are not automatically enumerated by the device firmware.)
Users already running Windows 8 on their devices notice few differences when they start using Windows To Go. The Windows To Go experience is just like their typical Windows 8 experience. Of course, the Windows 7 users notice the user interface differences with Windows 8 but are able to run their applications and perform their normal job tasks within a short period of time.
One user tells Mark that he is unable to access his files. Mark investigates and determines that the user is trying to access files on an internal drive in his device. Mark does some research and reads the section Differences between Windows To Go and a typical installation of Windows. He finds that by default, the Windows To Go workspace disables access to internal drives in devices—separating personal from work data. He also reads about the other differences, most of which do not affect his users.
The user is able to access his files in a Microsoft SharePoint Online document library synchronized with a local SharePoint workspace on the device’s internal drive. Mark makes a note to instruct users to store
15 | P a g e their data only on network shared folders or SharePoint so that they can be accessed from any location and any device.
While helping the first batch of users, Mark discovers the section Best Practice Recommendations for Windows To Go. He notes these best practice recommendations (such as always shutting down the computer before removing the Windows To Go USB drive or not inserting a Windows To Go USB drive in a running computer) and incorporates them for future batches of users. Oops! A lost Windows To Go workspace Mark gets a phone call from a panicked user: The inevitable has happened! He lost the USB drive containing his Windows To Go workspace. Does Mark also panic? Not at all. He’s not worried for two reasons: First, one reason Mark selected the USB drives is because of their relatively low cost, so the financial impact for a lost USB drive versus a lost computer is minimized. Second—and most important— Mark made the decision to encrypt the Windows To Go workspace using BitLocker. He enabled BitLocker as a part of his provisioning scripts, which you can see in the section To enable BitLocker during provisioning.
Because the Windows To Go workspace can be used on multiple devices, BitLocker for Windows To Go cannot use the Trusted Platform Module. Instead, BitLocker uses a password protector with a minimum default length of eight characters. Users enter a password generated as part of Mark’s provision script and provided to them when they receive the Windows To Go USB drive. Without this password, anyone who finds the Windows To Go USB drive will be unable to start from the drive or access any of its files.
Mark runs his provisioning script and generates a new USB drive for the user who lost his device. The user is able to use the new USB drive just like the original drive. After Mark sees how easy it is to replace a lost drive, he realizes that Windows To Go could be a great backup solution for many of his other users. He is thinking continuance of operations here. Accessing network resources Some of the Contoso users work in remote locations and never connect to the Contoso intranet. Some travel frequently and often need to access resources on the Contoso intranet. Most of these users are not technically savvy, and traditional virtual private network (VPN) connectivity might prove challenging for them and frustrating for Mark.
Fortunately, Mark has already deployed the necessary network infrastructure on the Contoso intranet to support the Microsoft DirectAccess feature in Windows 8 Enterprise and Windows Server 2012. Mark was able to easily enable DirectAccess in the Window To Go workspace as a part of his provisioning scripts (see the section Configure Windows To Go workspace for remote access).
Although Mark could have used a VPN solution, DirectAccess provides transparent access to resources on the Contoso intranet. When users log on to the workspace using their Contoso domain credentials, they can access the Contoso resources as if they were directly connected to the Contoso intranet. By choosing the DirectAccess solution, Mark has made life much easier for his users and himself. Working anywhere Because of his foresight, Mark has provided remote access to his users regardless of where they are or how they connect by using DirectAccess. However, after a few months of using Windows To Go, Mark has found out that users do not have the same user experience as when they are using a Windows 8 computer on the Contoso intranet compared to their Windows To Go workspace.
16 | P a g e
In some scenarios, users’ Windows settings are not the same. In other cases, the device they are using might not have the necessary applications installed. In still other instances, users might not be able to access files that they have saved in their Documents folder on other devices.
The users need consistent access to their applications, documents, and Windows settings, regardless of the device they use. How does Mark solve this problem? Fortunately, he has several methods at his disposal to help ensure that users have a consistent user experience. Table 1 describes the choices Mark made to help solve these problems.
Table 1. Providing Consistent Access to Apps, Documents and Settings Method Description
Microsoft User UE-V helps Mark centrally store application and operating system user experience and roam Experience it across computers running Windows 7 or Windows 8. UE-V works with the physical or Virtualization (UE- virtual devices a user accesses, including desktop computers, portable computers, tablets, V) VDI sessions, and (of course) Windows To Go workspaces.
UE-V synchronizes Windows and Office settings. Mark can customize the experiences that UE-V synchronizes.
After researching UE-V, Mark decides to deploy it at Contoso to help reduce the effort required to maintain a consistent user experience for the application and operating system settings.
Folder Redirection Folder Redirection is a Windows feature that allows users to store files that reside in the local user profile (under the Users folder) in another location, such as a network shared folder. Mark reads about the Folder Redirection feature and determines that it’s a great complement to UE-V.
With Folder Redirection, when a Contoso user modifies a document on one device, the file will be saved to the redirected folder on a server is if it were on a local drive. When the user moves to another device or location, he or she will be able to access the file on the redirected folder on the same server, providing consistent access to it. Through their DirectAccess connection, users will always have access to the servers on the Contoso intranet, so Mark now has a solution for this problem.
Microsoft App-V allows applications to be deployed in real time (streamed) to almost any device from Application an App-V server. App-V eliminates the need for traditional local installation of the Virtualization (App- applications. The App-V client is installed on client computers, and applications are stored V) on the App-V server. The virtualized applications are streamed on demand when they are first used or can be preinstalled in a local cache on the device.
App-V allows Mark to deploy applications to user devices on demand and ensure that users always have the applications they need, regardless of the device they use. After reading about App-V and evaluating it in his test environment, Mark decided to use App-V as a part of his solution. Because Mark also has a Microsoft System Center 2012 Configuration Manager with Service Pack 1 (SP1) infrastructure, he is able to take advantage of the integration between App-V and System Center 2012 Configuration Manager. Managing Windows To Go like always 17 | P a g e
Over the course of the past few weeks, Mark has deployed hundreds of Windows To Go workspaces on USB drives. As you found out before, users are employing Windows To Go from a wide variety of locations and connectivity options. How does Mark manage all the Windows To Go workspaces? The answer: just like he manages all his other devices.
Mark uses Group Policy to control device and user configuration settings. Group Policy works with Windows To Go just as with traditional installations of Windows 8 and Windows 7. As you found out earlier, Contoso has a System Center 2012 Configuration Manager with SP1 infrastructure. Just as with Group Policy, Mark is able to use System Center 2012 Configuration Manager to manage the Windows To Go workspaces just as he does with the other Windows 8 and Windows 7 devices. Mark finds more information about using Windows To Go with System Center 2012 Configuration Manager in the topic, How to Provision Windows To Go in Configuration Manager.
And guess what? Remember when Mark deployed UE-V, Folder Redirection, and App-V to help him manage the user experience in Windows To Go workspaces? He has discovered that in addition to helping him provide a consistent user experience in Windows To Go workspaces, that investment has helped him do the same on other Windows 8 and Windows 7 devices.
Mark has found that he can use existing Contoso management solutions to manage all his users and their devices. He also knows that in the future, he can purchase other management tools that will work for Windows 8 and use them to manage his Windows To Go workspaces. Going further After Windows To Go has been deployed at Contoso for a while, Mark finds that Windows To Go has helped him solve other user scenarios, including the following: Disaster recovery and continuity of operations. Mark has created a disaster recovery plan for Contoso that centers on Windows To Go. In the event of a disaster or loss of their own device, users can use Windows To Go to continue working without any interruption of services. And with DirectAccess, users still have access to all the Contoso resources at their disaster recovery site. Managed free seating. Mark manages the IT training classrooms for Contoso. When users attend training, he gives them a Windows To Go drive so that they sit at any computer in the classroom. Work from home. Mark has several users who periodically want to be able to work from home, but they don’t work from home often enough to justify purchasing a mobile device for them. Instead, Mark gives those users a Windows To Go USB drive that they can use on their home computer. In some cases, the Windows To Go USB drive is permanently assigned to a user, while in other cases a user borrows the drive for a while, and then returns it to Mark. Travel lighter. Some of the Contoso employees travel but really don’t want to lug around a laptop. They use their smart phone to keep up with email and just want the ability to access their files and applications if required. Mark gives these users a Windows To Go USB drive so that they can travel lighter and yet still access their files and applications from any compatible computer. Conclusion You’ve seen how Mark has been able to easily solve some complex scenarios by using Windows To Go and yet have manageable solutions. Mark not only solved his original challenges but was able to solve other user scenarios by using Windows To Go.
Now it’s your turn to create your own success story. You can download the Windows 8 Enterprise Evaluation from the TechNet Evaluation Center and create our own Windows To Go workspace using the Windows To Go Creator Wizard or Windows PowerShell and other command-line tools. Find out more about how Windows To Go can help solve complex solutions in the Windows To Go: Feature Overview. 18 | P a g e
Oh, and while making that late-night run to the local Microsoft Store drive-through window, pick up a Surface device with a blue Touch Cover!
Windows To Go: Frequently Asked Questions
39 out of 59 rated this helpful - Rate this topic Published: August 15, 2012 Updated: September 24, 2013 Applies To: Windows 8, Windows 8.1 The following list identifies some commonly asked questions about Windows To Go. What is Windows To Go? Does Windows To Go rely on virtualization? Who should use Windows To Go? How can Windows To Go be deployed in an organization? Is Windows To Go supported on both USB 2.0 and USB 3.0 drives? Is Windows To Go supported on USB 2.0 and USB 3.0 ports? How do I identify a USB 3.0 port? Does Windows To Go run faster on a USB 3.0 port? Can the user self-provision Windows To Go? How can Windows To Go be managed in an organization? How do I make my computer boot from USB? Why isn’t my computer booting from USB? What happens if I remove my Windows To Go drive while it is running? Can I use BitLocker to protect my Windows To Go drive? Why can’t I enable BitLocker from ―Windows To Go Creator‖? What power states does Windows To Go support? Why is hibernation disabled in Windows To Go? Does Windows To Go support crash dump analysis? Do ―Windows To Go Startup Options‖ work with dual boot computers? I plugged my Windows To Go drive into a running computer and I can’t see the partitions on the drive. Why not? I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not? Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition? Is Windows To Go secure if I use it on an untrusted computer? Does Windows To Go work with ARM processors? Can I synchronize data from Windows To Go with my other computer? What size USB Flash Drive do I need to make a Windows To Go drive? Do I need to activate Windows To Go every time I roam? Can I use all Windows features on Windows To Go? Can I use all my applications on Windows To Go? Does Windows To Go work slower than standard Windows? If I lose my Windows To Go drive, will my data be safe? Can I boot Windows To Go on a Mac? Are there any APIs that allow applications to identify a Windows To Go workspace? 19 | P a g e
How is Windows To Go licensed? Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive? Why won’t Windows To Go work on a computer running Windows XP or Windows Vista? Why does the operating system on the host computer matter? My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go? I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it? Why do I keep on getting the message ―Installing devices…‖ when I boot Windows To Go? How do I upgrade the operating system on my Windows To Go drive? What is Windows To Go? Windows To Go is a new feature for enterprise users of Windows® 8 that enables users to boot a full version of Windows from external USB drives on host PCs. Does Windows To Go rely on virtualization? No. Windows To Go is a native instance of Windows 8 that runs from a USB device. It is just like a laptop hard drive with Windows 8 that has been put into a USB enclosure. Who should use Windows To Go? Windows To Go was designed for enterprise usage and targets scenarios such as continuance of operations, contractors, managed free seating, travelling workers, and work from home. How can Windows To Go be deployed in an organization? Windows To Go can be deployed using standard Windows deployment tools like DISM and ImageX. The prerequisites for deploying Windows To Go are: A Windows To Go recommended USB drive to provision; See the list of currently available USB drives at Hardware considerations for Windows To Go A Windows 8 Enterprise image A Windows 8 Enterprise host PC that can do the provisioning You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the Windows To Go Step by Step article on the TechNet wiki for a walkthrough of the drive creation process. Is Windows To Go supported on both USB 2.0 and USB 3.0 drives? No. Windows To Go is supported on USB 3.0 drives that are certified for Windows To Go. Is Windows To Go supported on USB 2.0 and USB 3.0 ports? Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PC’s certified for Windows 7 or Windows 8. How do I identify a USB 3.0 port? USB 3.0 ports are usually marked blue or carry a SS marking on the side. Does Windows To Go run faster on a USB 3.0 port? Yes. Since USB 3.0 offers significantly faster speeds than USB 2.0, a Windows To Go drive running on a USB 3.0 port will operate considerably faster. This speed increase applies to both drive provisioning and when the drive is being used as a workspace. Can the user self-provision Windows To Go?
20 | P a g e
Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 8 Enterprise edition. Additionally, the Community Technology Preview (CTP) of Service Pack 1 for System Center 2012 Configuration Manager includes support for user self-provisioning of Windows To Go drives. Configuration Manager 2012 SP1 CTP can be downloaded for evaluation from the Microsoft Download Center. How can Windows To Go be managed in an organization? Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like System Center Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network. How do I make my computer boot from USB? For host computers running Windows 8: Press Windows logo key+W and then search for Windows To Go startup options and then press Enter. In the Windows To Go Startup Options dialog box select Yes and then click Save Changes to configure the computer to boot from USB.
Note
Your IT department can use Group Policy to configure Windows To Go Startup Options in your organization.
If the host computer is running an earlier version of the Windows operating system need to configure the computer to boot from USB manually. To do this, early during boot time (usually when you see the manufacturer’s logo), enter your firmware/BIOS setup. (This method to enter firmware/BIOS setup differs with different computer manufacturers, but is usually entered by pressing one of the function keys, such as F12, F2, F1, Esc, and so forth. You should check the manufacturer’s site to be sure if you do not know which key to use to enter firmware setup.) Once you have entered firmware setup check that boot from USB is enabled. Then change the boot order to boot from USB drives first. Alternatively, if your computer supports it, you can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis. For more detailed instructions, see the wiki article, Tips for configuring your BIOS settings to work with Windows To Go.
Warning
Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive.
Why isn’t my computer booting from USB? Computers certified for Windows 7 and Windows 8 are required to have support for USB boot. Check to see if any of the following items apply to your situation: 1. Ensure that your computer has the latest BIOS installed and the BIOS is configured to boot from a USB device.
21 | P a g e
2. Ensure that the Windows To Go drive is connected directly to a USB port on the computer. Many computers don’t support booting from a device connected to a USB 3 PCI add-on card or external USB hubs. 3. If the computer is not booting from a USB 3.0 port, try to boot from a USB 2.0 port. If none of these items enable the computer to boot from USB, contact the hardware manufacturer for additional support. What happens if I remove my Windows To Go drive while it is running? If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive is not reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds.
Warning
You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive.
Can I use BitLocker to protect my Windows To Go drive? Yes. In Windows 8, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you will be prompted to enter this password every time you use the Windows To Go workspace. Why can’t I enable BitLocker from ―Windows To Go Creator‖? Several different Group Policies control the use of BitLocker on your organizations computers. These policies are located in the Computer Configuration\Policies\Administrative Templates\Windows Components\BitLocker Drive Encryption folder of the local Group Policy editor. The folder contains three sub-folders for fixed, operating system and removable data drive types. When you are using Windows To Go Creator, the Windows To Go drive is considered a removable data drive by BitLocker. Review the following setting to see if these settings apply in your situation: 1. Control use of BitLocker on removable drives
If this setting is disabled BitLocker cannot be used with removable drives, so the Windows To Go Creator wizard will fail if it attempts to enable BitLocker on the Windows To Go drive. 2. Configure use of smart cards on removable data drives
If this setting is enabled and the option Require use of smart cards on removable data drives is also selected the creator wizard might fail if you have not already signed on using your smart card credentials before starting the Windows To Go Creator wizard. 3. Configure use of passwords for removable data drives
If this setting is enabled and the Require password complexity option is selected the computer must be able to connect to the domain controller to verify that the password specified meets the password complexity requirements. If the connection is not available, the Windows To Go Creator wizard will fail to enable BitLocker.
22 | P a g e
Additionally, the Windows To Go Creator will disable the BitLocker option if the drive does not have any volumes. In this situation, you should initialize the drive and create a volume using the Disk Management console before provisioning the drive with Windows To Go. What power states does Windows To Go support? Windows To Go supports all power states except the hibernate class of power states, which include hybrid boot, hybrid sleep, and hibernate. This default behavior can be modified by using Group Policy settings to enable hibernation of the Windows To Go workspace. Why is hibernation disabled in Windows To Go? When a Windows To Go workspace is hibernated, it will only successfully resume on the exact same hardware. Therefore, if a Windows To Go workspace is hibernated on one computer and roamed to another, the hibernation state (and therefore user state) will be lost. To prevent this from happening, the default settings for a Windows To Go workspace disable hibernation. If you are confident that you will only attempt to resume on the same computer, you can enable hibernation using the Windows To Go Group Policy setting, Allow hibernate (S4) when started from a Windows To Go workspace that is located at \\Computer Configuration\Administrative Templates\Windows Components\Portable Operating System\ in the Local Group Policy Editor (gpedit.msc). Does Windows To Go support crash dump analysis? Yes. Windows 8 added support in the crash dump stack for both USB 2.0 and 3.0. Do ―Windows To Go Startup Options‖ work with dual boot computers? Yes, if both operating systems are running the Windows 8 operating system. Enabling ―Windows To Go Startup Options‖ should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on. If you have configured a dual boot computer with a Windows operating system and another operating system it might work occasionally and fail occasionally. Using this configuration is unsupported. I plugged my Windows To Go drive into a running computer and I can’t see the partitions on the drive. Why not? Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO_DEFAULT_DRIVE_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That’s why you can’t see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter.
Warning
It is strongly recommended that you do not plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised. I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not? Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That’s why you can’t see the internal hard drives of the host computer when you are booted into Windows To Go. 23 | P a g e
This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive.
Warning
It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition? This is done to allow Windows To Go to boot from UEFI and legacy systems. Is Windows To Go secure if I use it on an untrusted computer? While you are more secure than if you use a completely untrusted operating system, you are still vulnerable to attacks from the firmware or anything that runs before Windows To Go starts. If you plug your Windows To Go drive into a running untrusted computer, your Windows To Go drive can be compromised because any malicious software that might be active on the computer can access the drive. Does Windows To Go work with ARM processors? No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors. Can I synchronize data from Windows To Go with my other computer? To get your data across all your computers, we recommend using folder redirection and client side caching to store copies of your data on a server while giving you offline access to the files you need. What size USB Flash Drive do I need to make a Windows To Go drive? The size constraints are the same as full Windows. To ensure that you have enough space for Windows, your data, and your applications, we recommend USB drives that are a minimum of 20 GB in size. Do I need to activate Windows To Go every time I roam? No, Windows To Go requires volume activation; either using the Key Management Service (KMS) server in your organization or using Active Directory based volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity interval has passed. In a KMS configuration the activation validity interval is 180 days. Can I use all Windows features on Windows To Go?
24 | P a g e
Yes, with some minor exceptions, you can use all Windows features with your Windows To Go workspace. The only currently unsupported features are using the Windows Recovery Environment and PC Reset & Refresh. If your workspace is running Windows 8, use of the Windows Store is disabled by default, but can be used if appropriate for your organization. For more information about using the Windows Store with Windows To Go see, Support for the Windows Store. If your workspace is running Windows 8.1, the Store is active on Windows To Go, and app roaming is supported while using a genuine copy of Windows. Can I use all my applications on Windows To Go? Yes. Since your Windows To Go workspace is a full Windows 8 environment, all applications that work with Windows 8 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time. In Windows 8, the Windows Store apps utilizes hardware binding for managing licensing that is not compatible with Windows To Go. Because of this, the Windows Store is disabled by default in Windows To Go to help prevent inadvertent licensing issues when using applications purchased through the Windows Store. For more information, seeSupport for the Windows Store. In Windows 8.1, the licensing used by the Windows Store has been updated to be compatible with Windows To Go. Windows To Go workspace running Windows 8.1 have full Store support enabled by default. Does Windows To Go work slower than standard Windows? If you are using a USB 3.0 port and a Windows To Go certified device, there should be no perceivable difference between standard Windows and Windows To Go. However, if you are booting from a USB 2.0 port, you may notice some slowdown since USB 2.0 transfer speeds are slower than SATA speeds. If I lose my Windows To Go drive, will my data be safe? Yes! If you enable BitLocker on your Windows To Go drive, all your data will be encrypted and protected and a malicious user will not be able to access your data without your password. If you don’t enable BitLocker, your data will be vulnerable if you lose your Windows To Go drive. Can I boot Windows To Go on a Mac? We are committed to give customers a consistent and quality Windows 8 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or Windows 8. Because Mac computers are not certified for use with Windows 7 or Windows 8, using Windows To Go is not supported on a Mac. Are there any APIs that allow applications to identify a Windows To Go workspace? Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if thePortableOperatingSystem property is true. When that value is true it means that the operating system was booted from an external USB device. Next, check if the OperatingSystemSKU property is equal to 4. That value means that the Windows 8 Enterprise operating system was booted. The combination of those two properties represents a Windows To Go workspace environment. For more information, see the MSDN article on the Win32_OperatingSystem class. How is Windows To Go licensed? Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under Software Assurance, an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC. Additionally, through a new companion device license for Software Assurance, employees will be able to use Windows To Go on their personal computers at work. 25 | P a g e
Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive? No, use of Windows Recovery Environment is not supported on Windows To Go. It is recommended that you implement user state virtualization technologies like Folder Redirection to centralize and back up user data in the data center. If any corruption occurs on a Windows To Go drive, you should re-provision the workspace. Why won’t Windows To Go work on a computer running Windows XP or Windows Vista? Actually it might. If you have purchased a computer certified for Windows 7 or Windows 8 and then installed an older operating system, Windows To Go will boot and run as expected as long as you have configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports. Why does the operating system on the host computer matter? It doesn’t other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 it had to support booting from USB. If a computer cannot boot from USB there is no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 8 environment, so all of the hardware requirements of Windows 8 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected. My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go? The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary. You can reset the BitLocker system measurements to incorporate the new boot order using the following steps: 1. Log on to the host computer using an account with administrator privileges. 2. Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption. 3. Click Suspend Protection for the operating system drive.
A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click Yes to continue and suspend BitLocker on the drive. 4. Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, seeTips for configuring your BIOS settings to work with Windows To Go on the TechNet wiki. 5. Restart the computer again and then log on to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.) 6. Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption. 7. Click Resume Protection to re-enable BitLocker protection. The host computer will now be able to be booted from a USB drive without triggering recovery mode. 26 | P a g e
Note
The default BitLocker protection profile in Windows 8 does not monitor the boot order. I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it? Reformatting the drive erases the data on the drive, but doesn’t reconfigure the volume attributes. When a drive is provisioned for use as a Windows To Go drive the NODEFAULTDRIVELETTER attribute is set on the volume. To remove this attribute, use the following steps: 1. Open a command prompt with full administrator permissions.
Note
If your user account is a member of the Administrators group, but is not the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them.
2. Start the diskpart command interpreter, by typing diskpart at the command prompt. 3. Use the select disk command to identify the drive. If you do not know the drive number, use the list command to display the list of disks available. 4. After selecting the disk, run the clean command to remove all data, formatting, and initialization information from the drive. Why do I keep on getting the message ―Installing devices…‖ when I boot Windows To Go? One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers which are not present on the new configuration. In general this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations. In certain cases, third party drivers for different hardware models or versions can reuse device ID’s, driver file names, registry keys (or any other operating system constructs which do not support side-by-side storage) for similar hardware. For instance, Touchpad drivers on different laptops often reuse the same device ID’s, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver. This process will occur on any boot that a new driver is found and a driver conflict is detected. In some cases that will result in a respecialize progress message ―Installing devices…‖ displaying every time that a Windows to Go drive is roamed between two PCs which require conflicting drivers. How do I upgrade the operating system on my Windows To Go drive? There is no support in Windows for upgrading a Windows To Go drive. Deployed Windows To Go drives with older versions of Windows will need to be reimaged with a new version of Windows in order to transition to the new operating system version. 27 | P a g e
Windows To Go: Feature Overview
596 out of 739 rated this helpful - Rate this topic Published: February 29, 2012 Updated: June 30, 2014 Applies To: Windows 8, Windows 8.1 Windows To Go is an enterprise feature of Windows® 8and Windows 8.1 that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs that meet the Windows 7 or later certification requirements, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go: New for Windows 8.1 Differences between Windows To Go and a typical installation of Windows Roaming with Windows To Go Preparing for Windows To Go Hardware considerations for Windows To Go
Note
Windows To Go is not supported on Windows RT.
New for Windows 8.1 A Windows To Go image running Windows 8.1 is capable of booting from a drive that contains a built-in smart card. These composite drives have both a mass storage drive and smart card together in one device. This smart card can be enumerated when booting from the Windows To Go drive or by connecting the device to another host machine. For more information about smart cards in Windows 8.1, see What's New in Smart Cards: Differences between Windows To Go and a typical installation of Windows Windows To Go workspace operates just like any other installation of Windows with a few exceptions. These exceptions are: Internal disks are offline. To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer. Trusted Platform Module (TPM) isn’t used. When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers. Hibernate is disabled by default. To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings.
28 | P a g e
Windows Recovery Environment isn’t available. In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows. Refreshing or resetting a Windows To Go workspace is not supported. Resetting to the manufacturer’s standard for the computer doesn’t apply when running a Windows To Go workspace, so the feature was disabled. Getting apps from Windows Store. For Windows To Go images that are running Windows 8.1, there is no difference in Store behavior between a standard Windows installation and a Windows To Go installation. Store apps can roam between multiple PC’s on a Windows To Go drive.
For a Windows To Go image running Windows 8, the Windows Store is disabled by default. In Windows 8, apps licensed through the store are linked to hardware for licensing. Since Windows To Go is designed to roam to different host PCs access to the store is disabled when running Windows 8. You can enable the store if your Windows 8-based Windows To Go workspaces won’t be roaming to multiple PC hosts.
Roaming with Windows To Go Windows To Go drives can be booted on multiple computers. When a Windows To Go workspace is first booted on a host computer it will detect all hardware on the computer and install any needed drivers. When the Windows To Go workspace is subsequently booted on that host computer it will be able to identify the host computer and load the correct set of drivers automatically. The applications that you want to use from the Windows To Go workspace should be tested to make sure they also support roaming. Some applications bind to the computer hardware which will cause difficulties if the workspace is being used with multiple host computers.
Preparing for Windows To Go Enterprises install Windows on a large group of computers either by using configuration management software (such as System Center Configuration Manager), or by using standard Windows deployment tools such as DiskPart, ImageX, and the Deployment Image Servicing and Management (DISM) tool. These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the Windows Assessment and Deployment Kit to review deployment tools available.
Important
Make sure you use the versions of the deployment tools provided for the version of Windows you are deploying. There have been many enhancements made to support Windows To Go. Using versions of the deployment tools released for Windows 7 or earlier versions of Windows to provision a Windows To Go drive is not supported.
As you are deciding what to include in your Windows To Go image, be sure to consider the following questions: Are there any drivers that you need to inject into the image? How will data be stored and synchronized to appropriate locations from the USB device? Are there any applications that are incompatible with Windows To Go roaming that should not be included in the image? What should be the architecture of the image - 32bit/64bit? What remote connectivity solution should be supported in the image if Windows To Go is used outside the corporate network?
29 | P a g e
For more information about designing and planning your Windows To Go deployment, see Prepare Your Organization for Windows To Go Hardware considerations for Windows To Go For USB drives The devices listed in this section have been specially optimized and certified for Windows To Go and meet the necessary requirements for booting and running a full version of Windows 8 from a USB drive. The optimizations for Windows To Go include the following: Windows To Go certified USB drives are built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly. Windows To Go certified USB drives have been tuned to ensure they boot and run on hardware certified for use with either Windows 7 or Windows 8. Windows To Go certified USB drives are built to last. Certified USB drives are backed with manufacturer warranties and should continue operating under normal usage. Refer to the manufacturer websites for warranty details. As of the date of publication, the following are the USB drives currently certified for use as Windows To Go drives; as more drives are certified for use with Windows To Go this list will be updated:
Warning
Using a USB drive that has not been certified is not supported
IronKey Workspace W700 (http://www.ironkey.com/windows-to-go-drives/ironkey-workspace- w700.html) IronKey Workspace W500 (http://www.ironkey.com/windows-to-go-drives/ironkey-workspace- w500.html) IronKey Workspace W300 (http://www.ironkey.com/windows-to-go-drives/ironkey-workspace- w300.html) Kingston DataTraveler Workspace for Windows To Go (http://www.kingston.com/wtg/) Spyrus Portable Workplace (http://www.spyruswtg.com/)
We recommend that you run the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Portable Workplace. Spyrus Secure Portable Workplace (http://www.spyruswtg.com/)
Important
You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go please refer to http://www.spyruswtg.com/.
Spyrus Worksafe (http://www.spyruswtg.com/)
Tip
This device contains an embedded smart card and requires Windows 8.1 when booting Windows To Go.
Super Talent Express RC4 for Windows To Go
30 | P a g e
-and-
Super Talent Express RC8 for Windows To Go
(http://www.supertalent.com/wtg/) Western Digital My Passport Enterprise (http://www.wd.com/wtg)
We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go. For more information about the WD Compass utility please refer to http://www.wd.com/wtg
For host computers When assessing the use of a PC as a host for a Windows To Go workspace you should consider the following criteria: Hardware that has been certified for use with either Windows 7 or Windows 8 operating systems will work well with Windows To Go. Running a Windows To Go workspace from a computer that is running Windows RT is not a supported scenario. Running a Windows To Go workspace on a Mac computer is not a supported scenario. The following table details the characteristics that the host computer must have to be used with Windows To Go:
Item Requirement
Boot process Capable of USB boot
Firmware USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB)
Processor Must support the image on the Windows To Go drive architecture
External Not supported; connect the Windows To Go drive directly to the host machine. USB Hubs
Processor 1 Ghz or faster
RAM 2 GB or greater
Graphics DirectX 9 graphics device with WDDM 1.2 or greater driver.
USB port USB 2.0 port or greater
Checking for architectural compatibility between the host PC and the Windows To Go drive In addition to the USB boot support in the BIOS, the Windows 8 image on your Windows To Go drive must be compatible with the processor architecture and the firmware of the host PC as shown in the table below.
31 | P a g e
Compatible Windows To Go Image Host PC Firmware Type Host PC Processor Architecture Architecture
Legacy BIOS 32-bit 32-bit only
Legacy BIOS 64-bit 32-bit and 64-bit
UEFI BIOS 32-bit 32-bit only
UEFI BIOS 64-bit 64-bit only
32 | P a g e