Creating a Non-Certified Windows To Go USB Drive
Windows To Go (W2G) is one of those topics that leaves everyone a little puzzled at first mention. The first question that comes to mind is, “Why would I want or need such a thing as W2G?” The second is, “How do I create a W2G USB drive?” Once you have the USB drive in hand – or in pocket – many other questions arise about licensing, portability, and security. In this article, I’ll answer all of your questions about Windows To Go on Windows 8.
Certified USB Drives
The list of Microsoft-certified USB drives for Windows 8 W2G is very short:
- Kingston DataTraveler Ultimate – US$ 50+
- Super Talent Express RCB – US$ 70
- Western Digital My Passport Enterprise – US$ 110
Compared with the SanDisk Cruzer 32GB I used for this article – US$ 20 at a local discount store – they’re all very expensive.
Not using a Microsoft-certified USB disk comes with a few, potentially deal-breaking shortcomings: It’s not an official Windows To Go image, and you don’t get your personal (purchased) apps or other personalizations on installation. Although you can install applications on the disk, you have to sync your purchased apps manually. What you do have is a fully functional Windows 8 system that’s bootable from the USB drive. If you’re using it as a portable desktop system, you have achieved your goal. If, however, you need a full, official W2G image with all of the features promised by a certified drive, then use the built-in Windows To Go Control Panel applet to create your masterpiece. Here, I describe how to create Windows To Go on a budget.
Setting Up the USB Drive
Whether you already own a 32GB USB (or larger) drive or you purchase one new for this project matters little because you have to wipe it clean before use, so be sure Windows To Go is what you want on this drive before you start.
To begin, insert the USB drive into a USB slot on your computer and open a Windows command prompt in Admin mode. To set up the USB drive, follow the Diskpart commands below.
C:> DISKPART DISKPART> LIST DISK Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 29 GB 0 B DISKPART> SELECT DISK 1 Disk 1 is now the selected disk. DISKPART> CLEAN DiskPart succeeded in cleaning the disk. DISKPART> CREATE PARTITION PRIMARY DiskPart succeeded in creating the specified partition. DISKPART> FORMAT FS=NTFS QUICK 100 percent completed DiskPart successfully formatted the volume. DISKPART> ACTIVE DiskPart marked the current partition as active. DISKPART> EXIT Leaving DiskPart... C:>
The preparative work on the USB drive is complete.
Gathering the Utilities
Now you need to download the Windows Automated Installation Kit (AIK) for Windows 7, named KB3AIK_EN.ISO . At 1.7GB, it’s a significant download, and you’ll have to use your Microsoft Account to download the file. You’ll also need this account to log in to your Windows To Go system, so if you don’t have a Microsoft Account, sign up now.
After mounting the ISO, use 7Zip or a similar tool to open the NEUTRAL.CAB file and extract the F1_image file. Once extracted, rename F1_image to IMAGEX.EXE . This is the ImageX Tool for Windows. (For more information on the ImageX Tool for Windows, use IMAGEX.EXE /? at a command prompt.)
From your Windows 8 ISO or DVD, copy the \SOURCES\INSTALL.WIM file to the same location you copied IMAGEX.EXE . I suggest creating a folder such as C:\WIN2GO and placing those files and these instructions into it for future reference. If you find W2G useful, you’ll want to repeat the process.
Creating the W2G Bootable Image
Before you continue, know your USB drive letter. For this demonstration, the USB drive is E: , so I would transfer the install image to the USB drive with the command:
C:\WIN2GO> IMAGEX.EXE /APPLY INSTALL.WIM 1 E:\
This process can take a very long time. Mine took more than an hour to complete, so be patient and don’t assume anything is wrong. ImageX provides a progress indicator like this
[ 30% ] Applying progress: 43:22 mins remaining.
during the transfer process. When the image is fully transferred to the USB drive, you need to enter one final command to copy Windows boot files to the root of the bootable USB drive:
C:> BCDBOOT.EXE E:\WINDOWS /S E: /F ALL Boot files successfully created.
This command transfers the boot or system files to the USB Drive for any firmware (BIOS or UEFI) type (ALL ).
Initial Boot and W2G Setup
Now you’re ready to remove the USB drive and insert it into any other Windows 8-capable and USB-bootable computer to boot into Windows To Go. The initial setup process is lengthy, so be very patient. W2G requires two boots. The first is to detect hardware, which takes you through a series of colorful screens that display messages such as Getting devices ready X% and Getting ready . The system will reboot itself, so be ready to boot from the USB drive on that second boot.
The second boot steps you through the following Windows 8 setup screens:
- Accepting the License Agreement
- Personalize Color Scheme and Name the Computer
- Select a Wireless Network
- Enter the Wireless Network Password
- Set Express or Custom Settings
- Sign In to Your PC (Enter a Microsoft Account Name )
- Enter Your Microsoft Account Password
- Mouse Setup
After you enter your information and personalize your computer, you have to wait through another series of fascinating screens, such as We’re getting your PC ready , Installing apps , Taking care of a few things , Almost ready ; finally, you’re sent to the Start (Metro) screen, where you can now interact with the operating system.
Using Windows To Go
You’ll notice that W2G behaves almost exactly like Windows 8 in every respect, and it should, because it is a full Windows 8 installation. The two major exceptions that prevent me from saying it behaves exactly like Windows 8 are: Windows Store is disabled and you’ll soon get a “nag” notification about Windows activation.
You might see a notification when you first log in telling you to: Keep the USB drive plugged in. Only remove it after your PC has shut down completely. Otherwise, your Windows To Go workspace might crash and you could lose data. The W2G workspace is not loaded into memory and used from there; it remains on disk and is accessed as you use it. Windows 8 also creates a pagefile, if needed, on the USB drive.
Installing traditional applications, such as Microsoft Office, on W2G works just as you’d expect, but you need to open an Administrative command prompt and use The Group Policy Editor (gpedit ) to enable Windows Store.
C:> gpedit
To enable the Windows Store, under Computer Configuration , open Administrative Templates | Windows Components | Store .
In the right pane, right-click the entry Allow Store to install apps on Windows To Go workspaces and click Edit to select the Enabled option and click OK (Figure 1). Now you can close the Group Policy Editor.
You should now be able to open the Windows Store and install apps. If you still have trouble, try connecting into your Active Directory (AD) domain with your W2G system and allow it to activate Windows. Activation and subsequent activiation checkups are required every 180 days. Remember that W2G is Enterprise-only; therefore, to use it, you’ll need a KMS Server or AD to help you manage it.
Surveying Security
It might come as no surprise to you that a Windows To Go implementation will force businesses that use the technology to change the way users work with Windows. The problem lies in the fact that when you boot up with a USB drive, you have access to local disk and device resources from the USB-based operating system.
The solution to the problem is to enable BitLocker on all systems and BitLocker To Go on all Windows To Go-enabled devices. If you boot onto a Windows system that has BitLocker enabled, you will not be able to view anything on the protected disk unless you have the password. Alternatively, if you happen to lose your W2G device, your information is safe if you have Bitlocker To Go set up on it; otherwise, your information is available to anyone who can plug in a USB drive.
For security professionals, W2G is an excellent way to gain easy access to any system’s files. The sly security pro will encrypt the USB drive with BitLocker To Go, just in case the device is left behind or lost. The recipient will have a nice $20 gift, but at least the identity and purpose of the drive will remain hidden.
Managing Portability
If you use the x86 version of W2G, you’ll have greater portability than if you use the 64-bit version. Attempting to boot the 64-bit version on a system that doesn’t support it stops the boot, and the system notifies you that the process can’t continue. You can create a W2G-bootable USB drive successfully in a virtual machine. I used VMware Workstation 9 to produce the one I used for the demonstration described in this article.
Once the USB is booted and the Windows Store settings are changed, you can open the Windows Store, right-click any app, and click Your Apps to display your purchased apps. After selecting and purchasing an app from the Windows Store that you want to install on the W2G USB disk, you are licensed to use it on five computers. You can also sync your settings via your Microsoft account by opening the Charms Bar and clicking Settings | Change PC settings | Sync your settings . All settings are set to sync by default.
Assessing System Speed
For most operations, you’ll never know that you’re working from a USB disk and not a traditional hard disk. A few disk-intensive applications are a bit sluggish on startup, but all of the Office applications open within one to two seconds. Overall, performance varies from acceptable to outstanding. Microsoft Access 2010, for example, opened immediately and without hesitation. Microsoft Word 2010 lagged by comparison at two seconds.
Summary
Windows To Go isn’t for everyone. In fact, I think it serves a relatively small demographic right now. At times it could be useful to the traveller, but most of us won’t need it. The security risks of using it are too great to the host computer, so its use will be limited in all but the most secure companies. W2G is interesting, however, from a purely technical point of view: Now Windows-oriented folks can use a complete, familiar operating system, just as Linux renegades have been doing for years.