January 30, 2013 at 09:38Windows To Go Technology in Windows 8
Windows To Go (WTG) technology - one of the new features of Windows 8 - allows you to create a properly configured OS image with the necessary software installed, which will be loaded directly from a USB drive, regardless of which OS is installed on the computer to which it is connected USB stick As part of the post, we briefly discuss possible scenarios for using WTG, configuration, and some features of use.
A direct result of the application of WTG technology is a bootable USB-drive (flash drive or external HDD), which is fully ready for use with Windows 8. “Fully ready” means that this OS is properly configured in accordance with the requirements of the organization: included in the domain, if necessary, group policies are applied to it, including security policies, patches, remote access technologies (VPN / DirectAccess) are configured, the required set of software is installed, etc. It is enough to connect such media to any computer compatible with Windows 7 or Windows 8, and boot directly from it. At the same time, you get your personal OS with all the settings and in no way affect the OS installed directly on the hard drive of this computer.
Accordingly, WTG refers to the corporate capabilities of Windows 8, that is, it is focused on use, primarily in the enterprise. The most obvious scenarios for using WTG:
This list, of course, can be expanded. It is also obvious that all of the above scenarios can be implemented in other ways, without WTG. However, the presence of an additional option in the form of WTG can be a good help for the IT department of the organization.
First, consider the hardware requirements that exist for both USB media and the hosts to which the media will connect.
For a supported solution , you must use certified media for WTG. At the time of writing, according to information from the TechNet portal, the list of certified equipment includes:
In practice, I used, for example, a half-terabyte Seagate FreeAgent GoFlex with USB 3.0, not included in this list. There were no technical problems, but we must remember that, firstly, the device must be USB 3.0, and secondly, since the HDD is not certified, then in case of problems, contact Microsoft technical support.
Any computer certified for Windows 7 or Windows 8. But again, from a practical point of view, you can talk about any not very outdated x86 or x64 system with USB 2.0 and higher and with the ability to boot from a USB device.
Three main WTG deployment options can be distinguished:
Whichever deployment option you choose, you will need wim files containing configured OS images and the necessary software. Inside the wim file should be Windows 8 Enterprise. Other editions are not supported. In addition, the Windows To Go Creator Wizard is also available only in Windows 8 Enterprise, so this edition is recommended for the machine on which you plan to create WTG.
Assuming that you already have at least one wim file and the necessary USB drive is connected, we will look at the steps to create a WTG using the wizard. Settings using the command line can be found here . You can find the wizard by pressing Win + W and typing “Windows To Go”.
On the first screen, select the desired media.
Using the “Add search location” button, specify the folder with the wim-file (s).
The wizard analyzes and displays the found images.
On the next screen, you can enable media encryption using BitLocker.
Everything is ready to create WTG, it remains to click “Create”.
Creating an image takes some time. In my case, the wim file was approximately 3 GB in size, located on an SSD drive, and the creation time for the WTG media was 12 minutes.
On the last screen, the wizard suggests changing the boot order of your computer so that the next time the machine boots from USB.
That's all, actually. It remains to boot from the prepared media and get started.
There are a number of WTG features that should be kept in mind when operating a technology.
At the first boot from the WTG-carrier on some computer, the hardware is detected and the corresponding drivers are installed. This process, of course, takes some time. However, the system remembers the configuration for this computer and subsequent downloads to it occur without delay.
For security reasons, by default, the local hard drive of the computer on which we booted using WTG is offline and access to partitions of this drive is denied. This setting can be changed . In addition, if the user has administrative rights to the computer, he can manually transfer the disk to online and gain access to the partitions.
For the same reasons, in the opposite situation, when you are working on a computer and you are connecting a WTG media, Windows mounts this media without assigning letters to the media partitions. Thus, in Windows Explorer, the WTG device is not visible.
When starting on a new hardware, Windows should be activated. Let me remind you that WTG is positioned as a corporate opportunity, therefore it is assumed that the organization has KMS or Active Directory activation activated (a new feature of Windows Server 2012 ), and then the activation process will go unnoticed for the user.
When using WTG, all Windows features are available except the Windows Store. This is done because purchases in the Windows Store are tied to a specific computer, and the corresponding applications are disabled when launched on another machine. However, if you want the Windows Store to be available, you can enable it for WTG images through group or local policies: \\ Computer Configuration \ Administrative Templates \ Windows Components \ Store \.
The last note is related to setting up the computer to boot from a USB drive. If you want the user to be able to independently change the boot order of the computer without getting into the BIOS or pressing some kind of magic key combination, you can use the special utility present in any edition of Windows 8. You can find it in a known way by pressing Win + W and typing “ Windows To Go. ”
Select the desired item, and at the next restart, the system will start booting from USB.
In this way, WTG is an easy and safe way to create a managed Windows 8 mobile image for your employees.
For more information about Windows To Go technology, see the “Overview of Windows To Go Technology: New Features, Application Scenarios, and Deployment Methods in a Corporate Environment » TechEd Russia 2012 Conference .
Active Directory features in Windows Server 2012, including activation through AD, are discussed in the first module of the course " New Features in Windows Server 2012. Part 2. Security, management, remote access, web platform " on the MVA portal .
Hope the material was helpful.
Thanks!
Why is this needed?
A direct result of the application of WTG technology is a bootable USB-drive (flash drive or external HDD), which is fully ready for use with Windows 8. “Fully ready” means that this OS is properly configured in accordance with the requirements of the organization: included in the domain, if necessary, group policies are applied to it, including security policies, patches, remote access technologies (VPN / DirectAccess) are configured, the required set of software is installed, etc. It is enough to connect such media to any computer compatible with Windows 7 or Windows 8, and boot directly from it. At the same time, you get your personal OS with all the settings and in no way affect the OS installed directly on the hard drive of this computer.
Accordingly, WTG refers to the corporate capabilities of Windows 8, that is, it is focused on use, primarily in the enterprise. The most obvious scenarios for using WTG:
- Mobile employees . Employees who, for example, often move between branches of the company and at the same time need each of them to access the corporate network using their settings, documents, etc. Have a small external hard drive or even a flash drive instead of a laptop weighing a couple of kilograms , for many, it may be a very attractive option. Arriving at the next site, just stick the media into a suitable computer.
- Temporary employees working, for example, as part of a project. Such an employee may have his own laptop, which does not meet the security requirements of your network. Equip it with a prepared medium with a WTG image, and this employee will be able to use your image on his laptop to work on the project.
- Employees without fixed workplaces (or working in shifts), who, nevertheless, need to access the corporate network in the office or outside.
- Work from home . If necessary, the employee can download the home computer using the prepared WTG image and gain access to the corporate network and business applications.
This list, of course, can be expanded. It is also obvious that all of the above scenarios can be implemented in other ways, without WTG. However, the presence of an additional option in the form of WTG can be a good help for the IT department of the organization.
How to configure WTG?
First, consider the hardware requirements that exist for both USB media and the hosts to which the media will connect.
Media requirements
For a supported solution , you must use certified media for WTG. At the time of writing, according to information from the TechNet portal, the list of certified equipment includes:
- Kingston DataTraveler Workspace for Windows To Go ( http://www.kingston.com/wtg/ )
- Spyrus Portable Workplace ( http://www.spyruswtg.com/ )
- Spyrus Secure Portable Workplace ( http://www.spyruswtg.com/ )
- Super Talent Express RC8 for Windows To Go ( http://www.supertalent.com/wtg/ )
- Western Digital My Passport Enterprise ( http://www.wd.com/wtg )
In practice, I used, for example, a half-terabyte Seagate FreeAgent GoFlex with USB 3.0, not included in this list. There were no technical problems, but we must remember that, firstly, the device must be USB 3.0, and secondly, since the HDD is not certified, then in case of problems, contact Microsoft technical support.
Host requirements
Any computer certified for Windows 7 or Windows 8. But again, from a practical point of view, you can talk about any not very outdated x86 or x64 system with USB 2.0 and higher and with the ability to boot from a USB device.
WTG Deployment Options
Three main WTG deployment options can be distinguished:
- Using the Windows To Go Creator Wizard
- using a script (PowerShell + utilities for working with DISM or ImageX images);
- using the User Self-Provisioning tool in System Center 2012 Configuration Manager SP1.
Supported editions of Windows 8
Whichever deployment option you choose, you will need wim files containing configured OS images and the necessary software. Inside the wim file should be Windows 8 Enterprise. Other editions are not supported. In addition, the Windows To Go Creator Wizard is also available only in Windows 8 Enterprise, so this edition is recommended for the machine on which you plan to create WTG.
Creating an Image Using the Windows To Go Creator Wizard
Assuming that you already have at least one wim file and the necessary USB drive is connected, we will look at the steps to create a WTG using the wizard. Settings using the command line can be found here . You can find the wizard by pressing Win + W and typing “Windows To Go”.
On the first screen, select the desired media.
Using the “Add search location” button, specify the folder with the wim-file (s).
The wizard analyzes and displays the found images.
On the next screen, you can enable media encryption using BitLocker.
Everything is ready to create WTG, it remains to click “Create”.
Creating an image takes some time. In my case, the wim file was approximately 3 GB in size, located on an SSD drive, and the creation time for the WTG media was 12 minutes.
On the last screen, the wizard suggests changing the boot order of your computer so that the next time the machine boots from USB.
That's all, actually. It remains to boot from the prepared media and get started.
Features of using WTG
There are a number of WTG features that should be kept in mind when operating a technology.
At the first boot from the WTG-carrier on some computer, the hardware is detected and the corresponding drivers are installed. This process, of course, takes some time. However, the system remembers the configuration for this computer and subsequent downloads to it occur without delay.
For security reasons, by default, the local hard drive of the computer on which we booted using WTG is offline and access to partitions of this drive is denied. This setting can be changed . In addition, if the user has administrative rights to the computer, he can manually transfer the disk to online and gain access to the partitions.
For the same reasons, in the opposite situation, when you are working on a computer and you are connecting a WTG media, Windows mounts this media without assigning letters to the media partitions. Thus, in Windows Explorer, the WTG device is not visible.
When starting on a new hardware, Windows should be activated. Let me remind you that WTG is positioned as a corporate opportunity, therefore it is assumed that the organization has KMS or Active Directory activation activated (a new feature of Windows Server 2012 ), and then the activation process will go unnoticed for the user.
When using WTG, all Windows features are available except the Windows Store. This is done because purchases in the Windows Store are tied to a specific computer, and the corresponding applications are disabled when launched on another machine. However, if you want the Windows Store to be available, you can enable it for WTG images through group or local policies: \\ Computer Configuration \ Administrative Templates \ Windows Components \ Store \.
The last note is related to setting up the computer to boot from a USB drive. If you want the user to be able to independently change the boot order of the computer without getting into the BIOS or pressing some kind of magic key combination, you can use the special utility present in any edition of Windows 8. You can find it in a known way by pressing Win + W and typing “ Windows To Go. ”
Select the desired item, and at the next restart, the system will start booting from USB.
In this way, WTG is an easy and safe way to create a managed Windows 8 mobile image for your employees.
For more information about Windows To Go technology, see the “Overview of Windows To Go Technology: New Features, Application Scenarios, and Deployment Methods in a Corporate Environment » TechEd Russia 2012 Conference .
Active Directory features in Windows Server 2012, including activation through AD, are discussed in the first module of the course " New Features in Windows Server 2012. Part 2. Security, management, remote access, web platform " on the MVA portal .
Hope the material was helpful.
Thanks!