It seems to me, Techies have always had that “Box of Tricks” that set them apart from other users. Be it unique tools (I still have the wrench I had special made for working on the modems of Trailblazer) to some utility they may have downloaded, they are always looking to improve their toolkits.
Back in the early 90’s, I remember running around with a CD Holder full of disks with various OSs and Drivers. Later, when USBs became popular – a subculture of USB resident applications was born (PortableApps.Com and Hegle’s Switchblade are two good ones). But, what is the newest tool on the market? How about a free one that comes with Windows 8 Enterprise?
Enter – Windows To Go.
Windows To Go is a feature in Windows 8 Enterprise that allows Windows 8 Enterprise to boot and run from mass storage devices such as USB flash drives and external hard disk drives. It is a fully manageable corporate Windows 8 environment that is intended to allow enterprise administrators to provide users with an imaged version of Windows 8 that reflects the corporate desktop and as such is initially aimed at enterprises. But what if it could be added to your Tech Toolbox as well?
Creation is fairly straight forward once you start (instructions can be found HERE on TechNet), but one current limitation is USB Drive to be used. Currently, Microsoft has only certified 10 types of devices.
- IronKey Workspace W500
- IronKey Workspace W300
- Kingston DataTraveler Workspace for Windows To Go
- Spyrus Portable Workplace
- Spyrus Secure Portable Workplace
- Spyrus Worksafe
- Super Talent Express RC4 for Windows To Go
- Super Talent Express RC8 for Windows To Go
- Western Digital My Passport Enterprise
Using an unsupported version CAN brick the drive, so this is a definite proceed with caution.
Once you have completed the installation of the drive, you are almost ready to go, as there are some setup options the first time you boot to the drive. This installs the drivers for that particular hardware and multiple reboots may be required. Subsequent booting operations go straight into Windows 8
Its hard to put a “Features List” together here, because (as I said before), this is a fully operational installation of Windows – an installation that you can install other applications to. I think this is what allows Windows To Go to set itself apart from other “USB Tools” – because the options are limitless. Tools that you would normally have installed on your Desk or Laptop, have now become portable and readily available. From your Bookmarks to chat client – its all there. You even have access to your SkyDrive if needed. Features really are left to your own limitations.
The above being said – I do like that BitLocker is an option from installation. While no encryption is perfect, having Bitlocker installed is a must when dealing with a highly portable device like a USB Key.
Another Security Feature built in is the fact that Windows pauses the entire system if the USB drive is removed, and resumes operation immediately when the drive is inserted within 60 seconds of removal. If the drive is not inserted in that time-frame, the computer shuts down after those 60 seconds to prevent possible confidential or sensitive information being displayed on the screen or stored in RAM.
Differences and Limitations
Unlike Features, Differences between an normal installation and Windows to Go are easier to document.
- Internal disks are offline. To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer. There will be a blog post later on how to enable hard disk viewing.
- Trusted Platform Module (TPM) isn’t used. When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.
- Hibernate is disabled by default. To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings.
- Windows Recovery Environment isn’t available. In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows.
- Refreshing or resetting a Windows To Go workspace is not supported. Resetting to the manufacturer’s standard for the computer doesn’t apply when running a Windows To Go workspace, so the feature was disabled.
- Getting apps from Windows Store. For Windows To Go images that are running Windows 8.1, there is no difference in Store behavior between a standard Windows installation and a Windows To Go installation. Store apps can roam between multiple PC’s on a Windows To Go drive.
For a Windows To Go image running Windows 8, the Windows Store is disabled by default. In Windows 8, apps licensed through the store are linked to hardware for licensing. Since Windows To Go is designed to roam to different host PCs access to the store is disabled when running Windows 8. You can enable the store if your Windows 8-based Windows To Go workspaces won’t be roaming to multiple PC hosts.
Of course, no Microsoft limitation would be complete without a discussion on licensing, to which Microsoft has added these Windows To Go Use Rights: Windows To Go will allow companies to support Bring Your Own PC scenarios and will give employees who need to work from home more secure access to their full corporate environment. With Windows To Go use rights under Software Assurance, an employee will be able to use Windows To Go on any company PC licensed with Windows SA as well as from their home PC. Additionally, through a new companion device license for SA, employees will be able to use WTG on their personal devices at work.
If you are an IT Professional, and have access to Windows 8 Enterprise Edition, it is definitely worth your while to look into Windows To Go. The cost of the hardware is negligible, and the few limitations have either limited impact or workarounds available. This is finally one of those things done right – so expand your horizons, and take Windows with you.