With the arrival of Windows 8 a whole world of possibilities are becoming realities. Especially with enterprises that are juggling with roaming usage, consumerization of IT, Consultant access to corporate network….
Those are 3 of the scenarios where Windows 8 will bring a tremendous value. That’s right, VALUE!!! I was just discussing this with a buddy of mine who manages the desktops for a federal department and it gave me the idea for this post.
He’s struggling with several issues. Such as:
- Do I what to allow a consultant to brings it’s own “unmanaged” laptop in our secured environment?
- Do I really need to provide a second computer to staff that only have an occasional need to access our line of Business (LOB) application remotely?
- What happens to my licensing if I need to give a copy of Office to some employees so they can work from home on their own machines?
- Do I want to allow unmanaged remote machines (read unsecured machines that may or may not be “clean”) to access our network, our applications. Our data?
|I used to manage environments like that… I used to answer all those questions with one word… NO! But now we have options…..
Options that can help mitigate the risks. Like Domain Isolation, VDI, but the low hanging fruit we can reach easily is Windows To Go or WTG for short.
“Windows To Go is an enterprise feature of Windows® 8 that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs that meet the Windows 7 or Windows 8 certification requirements, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios.” (http://technet.microsoft.com/en-us/library/hh831833.aspx)
I could not have said it better. It provides efficient (and really cool) use of resources for alternative workplace scenarios. WTG is available with Windows 8 Enterprise edition. But what are the differences WTG and a typical installation of Windows 8? Actually, it works just like any other installation of Windows with some exceptions.
- Internal disks are offline. To avoid “cross-contamination” and to ensure that sensitive data is not accidently copied to the local hard drives, internal hard disks on the host computer are offline by default when booted into WTG. By the same token if a WTG drive is inserted into a running system the WTG drive will not be listed in Windows Explorer.
- Trusted Platform Module (TPM). When using BitLocker a system boot password will be used instead of the TPM since the TPM is tied to a specific computer and WTG is designed to move between computers.
- Hibernate. To ensure that the WTG is able to move between computers, hibernation is disabled by default. It can however be re-enabled by GPO setting should you need to.
- Windows Recovery Environment. In the rare case that you need to recover your WTG drive, you should re-image it with a fresh image of Windows.
To create a WTG disk, a wizard is included in Windows 8 Enterprise edition. The wizard will first search for Windows 8 images; It will prompt the user to set a BitLocker password, and then format the USB drive and Install the image and necessary files to boot and run the USB drive.
Here is a short video (5 minutes, 29 seconds) showing a basic creation and usage of WTG.
Windows 8 Enterprise Evaluation
Windows To Go: Feature Overview
Description of licensing the Windows 8 Enterprise edition Windows To Go feature
Windows To Go scenarios
Creating a Windows To Go USB drive
Hardware considerations, including certified USB drives for WTG
All I have left to say is , Get up and go. Windows To Go that is….
Pierre Roman, MCITP, ITIL | IT Pro Advisor
Twitter | Facebook | LinkedIn
As Always… if there are scenarios you’d like us to investigate, leave a comment. we’ll see what we can do to accommodate.
This post is also published on the Canadian IT Pro Connection blog.