How to Create a Windows To Go USB Drive
In my previous articles for the Petri IT Knowledgebase I wrote about an overview of Windows 8 features, and how to deploy Windows 8 with MDT 2012. In this next article, I will talk about one of the coolest features of Windows 8 Enterprise edition: Windows To Go.
What Is Windows To Go?
Windows To Go is a feature within the Windows 8 Enterprise edition that allows you to boot from a USB device into a fully operational Windows 8 Enterprise environment, no matter the operating system currently running on that device. Technically, the device should be at least Windows 7 certified, although I have it successfully running on a four-year-old Sony Vaio that has a “Vista certified” logo on it. (However, I’m not necessarily recommending it!)
Companies can use the same image for this Windows To Go device as the one they are already using for their regular desktop and laptop deployment. And by “fully operational,” I mean a complete running environment with your familiar applications like Office, LOB apps, and network connections.
Windows To Go: Usage Scenarios
When talking to my customers about Windows To Go, I position it from multiple angles:
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
- External visitors: Imagine you have an external consultant coming over to your enterprise, who needs to work on your internal systems. Instead of letting the consultant use his or her own device, which might not be secured and may not have the required applications installed, you hand him or her a Windows To Go USB drive with your company’s secured and trusted domain-member Windows 8 based-image on it. Easy!
- Remote Workers: At present, teleworking is a huge benefit for employees. From a back-end perspective, however, this puts additional workload on internal IT staff. One needs to invest in expensive and complex VPN solutions, Remote Desktop/Citrix/VDI-and-alike solutions that provide support for home PCs. It would be so much easier giving your employees a company-prepped Windows 8 image connecting them to your enterprise IT environment in a secure way (for instance, by using DirectAccess, another great feature within Windows Server/Windows client).
- BYOD (Bring Your Own Device): BYOD means one can use his or her own personal device in the enterprise environment. This could be again your own employees’ devices or those of external contractors. By using Windows To Go, it doesn’t matter what device one is bringing — as long as it is capable of running Windows 8, the Windows To Go image on the USB drive will give them a complete work environment.
In any of the mentioned examples, all physical hardware in the host device, such as a USB port, network card, or VGA adapter, will be recognized and can be used in the Windows To Go environment. However, by default the volumes on the local hard disk in the device are offline, avoiding situations where local data on the device could be compromised.
Windows To Go also support device recognition. Let’s say you boot from a Windows To Go drive on your PC at home. During the first attempt, all hardware will be recognized and required drivers will be installed. When you boot with that same Windows To Go drive from the same PC, it will recognize that device automatically, speeding up the boot process.
Windows To Go Licensing
As I already mentioned, Windows To Go requires a Windows 8 Enterprise license. On top of this, the license should be a Volume License with Software Assurance, granting the following user rights:
- Any device covered by either Software Assurance for Windows or Windows VDA subscription is licensed to run Windows To Go.
- The primary user of any device licensed at work with Software Assurance for Windows or Windows VDA may run Windows To Go while at home or on the road covered by non-corporate PC under roaming user rights.
- Any device covered under the Windows Companion Subscription License (CSL) is licensed to run Windows To Go. (The CSL is required for any non-corporate PC from which you are accessing company IT resources, such as your home PC.)
For detailed information on Windows 8 Enterprise licensing, Software Assurance, Companion Subscription License, VDA, and more, please visit http://www.microsoft.com/licensing.
Windows To Go Hardware
Before diving into the step-by-step guide on how to create a Windows To Go USB device, I have to inform you about some requirements and restrictions from a hardware perspective.
What USB device can be used with Windows to Go: At present, only a handful of devices is supported by Microsoft, coming from vendors like Kingston, Spyrus, Super Talent, Western Digital, and others. For the most up-to-date list, consult this Microsoft Technet page.
What host system supports booting from Windows To Go: As already mentioned during the introduction, any PC today which is capable of running Windows 7 or Windows 8, should be able to support a Windows To Go bootable environment. It might even work on older hardware, but it is not always supported, or it might not have the necessary driver installation files.
How to Build a Windows To Go USB Drive
A Windows To Go USB drive can be created in three ways:
- Windows To Go Creator Wizard in Windows 8 Enterprise
- System Center Configuration Manager 2012
For the remainder of this article, I will use the first option, the Windows To Go Creator Wizard. If you are reading this article and should require additional help for Powershell or SCCM creation steps, please email me.
First, from your Windows 8 Enterprise machine, go to the Windows To Go Creator Wizard. (Find it by going to the Charm Bar, select Search, enter “windows to go,” then look under Settings.)
Insert your USB drive (in my demo, I’m using a Kingston DT Ultimate 32gb). It should be recognized as a compatible drive for Windows To Go.
Next, you are asked to select the Windows 8 image you want to store on this USB drive. This image file (WIM) could be a plain Windows 8 image from the installation media, or any customized, sysprepped, MDT-ed image you are already using in your organization for your overall desktop deployment. In this specific example, I’m reusing the Windows 8 image I created for writing my MDT 2012 articles, where the Windows 8 image file is stored on my MDT2012 machine, in the following path:
\\<MDTServer>\DeploymentShare\Operating Systems\Windows 8 Base Instal Image
Next, you have the option to configure a Bitlocker password. By using Bitlocker, the USB drive and all data on it will be encrypted.
After this step, the USB drive will be created, copying the Windows Image on it, marking it as bootable, and finalizing the process. The whole process should take about 15 to 25 minutes, depending on the hardware from which you are running this.
Once the Windows 8 image is copied to the USB drive, we are asked if we want to boot from the USB drive immediately. You can close this wizard by selecting No, then choosing Save and Close.
At this stage, your USB drive is ready for use, so let’s give it a try. I’m testing this on a temp Windows XP machine. Next, I insert the Windows To Go USB drive into the machine, and selected my USB device as boot option. This will start the Windows 8 Enterprise environment from the USB drive, as shown below.
As we’ve created the Windows To Go from a base Windows 8 image on the original install media, when booting the device the first time, it will be interpreted as a “fresh install,” so we have to go through the initial Windows 8 configuration steps. In a real live enterprise environment, the drive will normally be based on an already fully configured image like domain membership, having your applications already installed in the image.
Once the pre-staging steps are finished, we land at the Windows 8 Start Screen, yeah !
Lastly, just to show you we can’t see the local hard drive, let’s fire up Windows Explorer. As you can see, I only have my USB drive shown — where, in my example, I also have a network connection to a NAS-device, proving to you I have full network connection available as well.
Oh yes, one last note: If the USB drive should be removed from the PC while working in the Windows To Go Windows 8 environment, your session will freeze. Reconnect the USB drive within 60 seconds, and the session will continue. Any longer than 60 seconds, however, means the session will crash with a blue screen dump.