Monday, 17 September 2012 18:49

Windows To Go: travel with a thumb drive, not a computer


One of the features of Windows 8 that is more useful to enterprise users is Windows To Go, which allows a computer to boot into Microsoft's new operating system from a USB stick.

The growth of mobility means that people need to access corporate systems in a wider range of locations than ever, but most organisations would prefer this was done from a 'known good' copy of Windows rather than one that could be malware-ridden.

Furthermore, there is an increasing desire to travel light, for example with a smartphone or tablet instead of a notebook, and to borrow a computer on arrival if it is really needed.

The idea of a bootable USB stick isn't new, but Microsoft has added some wrinkles to Windows To Go, Microsoft Services architect Tanya Koval told the TechEd Australia conference, especially from a security perspective.

The thumb drive is secured with BitLocker drive encryption, so a password is needed before Windows will even boot. (Windows 8 certified tablets with x86 processors are required to present a soft keyboard at this stage.)

The recovery key for BitLocker is stored in the organisation's Active Directory as part of the provisioning process.

Windows To Go also uses Secure Boot to protect against firmware malware, a feature supported by all Windows 8 certified hardware.

And to minimise the risk of data leakage, the computer's internal hard drive is taken offline by Windows To Go, and can only be brought online by a user with administrative rights, which should not apply to users in managed environments.


The provisioning process can either be carried out centrally (Microsoft has a PowerShell script to assist with Windows To Go provisioning, and a Windows To Go Creator is part of Windows 8 Enterprise), or self-provisioning can be implemented using System Center Configuration Manager 2012 SP1 or equivalent software, in which case the user browses the software catalogue for the program that provisions a Windows To Go drive, runs the program, and then reboots using the thumb drive.

The drive must be used at least once on the corporate network to activate the Windows licence, to join the domain, and to enable BitLocker

Microsoft did not overlook ease of use issues, according to Ms Koval.

Since changing the boot order is normally a vendor-specific operation involving pressing the right key at the right time in the startup process and then adjusting settings, Windows 8 recognises a thumb drive containing Windows To Go and provides the option to start up from it.

This process alters the computer's boot loader, but if no Windows To Go drive is present, the startup process proceeds as normal.

If the thumb drive is removed while in use, Windows To Go pauses for 60 seconds for it to be reinserted and then shuts down.

That time limit "is unconfigureable, so live with it," said Ms Koval. The concern was that a user might need to leave a semi-public computer (eg, one in an Internet cafe) in a hurry, and one minute seemed the right compromise between security and protection against accidental removal.


There is no guarantee that unplugging the drive this way will not result in data loss, nor that the system will successfully resume if it is plugged back in, though the mechanism has proved generally reliable.

The first time the thumb drive is used with a particular computer, the relevant drivers are installed (if they weren't prestaged in the system image they are obtained via the Internet) and the configuration is stored for faster booting on subsequent use.

There is no artificial limit on the number of different computers used with a particular USB stick, only the available storage space - Windows To Go plus Office 2010 and 2013 occupy less than 20GB, she said.

Zvezdan Pavkovic, senior consultant at Microsoft Services, pointed out that it isn't possible to use any old thumb drive for Windows To Go. Windows 8 Hardware Certification requires a USB 3.0 interface, high random read/write speed, and a drive that reports as fixed media. Kingston and SuperTalent already offer certified drives, he said.

Once installed, Windows To Go can be managed like any other copy of Windows, although SCCM 2012 SP1 does identify it as Windows To Go.

And according to Ms Koval, one Windows licence per user covers use on a corporate PC and Windows To Go.

The writer attended TechEd 2012 as the guest of Microsoft.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments