Bring Your Own Device (BYOD) is as much a problem for IT departments, as it is an opportunity for end users. It's not just unknown phones and tablets that are coming into the office, connecting to email systems, applications and file shares, it's also users' laptops and PCs – adding yet more complexity to the management task. How can administrators segregate business applications and data from users' personal information, and how can they prevent data from leaking across the boundary between the two? You could spend the time and money to build a complete virtual desktop infrastructure, but that's expensive, and performs poorly over home internet connections.
Booting Windows 8 on a USB drive
Windows 8 brings a new option, in the shape of Windows To Go. Users can keep their own PCs and their own software. All you need is a fast, large USB drive, and you can give them a managed Windows 8 environment that uses their CPU and memory, without touching their hard disk, or their data. With Windows To Go, users just boot from a USB drive, and get access to their Windows 8 desktop and applications, as well as data stored in remote file shares and on the drive. As it's using local computing resources, the Windows in Windows To Go is fast, so applications that rely on system performance run well.
It's also relatively secure. Boot into a Windows To Go stick, and you're unable to see the data on the host PC – its drives are hidden from Windows To Go, making it difficult to copy data off a Windows To Go flash drive. However you do get access to other removable storage and network resources, so it's worth ensuring that any images are fully configured with endpoint security. Windows To Go is designed not to leave a trace on the host, not to be secure. If you're trying to copy data onto a Windows To Go stick you'll need to use network resources or removable drives, as Windows also hides the Windows To Go file system, so you can't use a drive as a flash drive, either.
The downsides of Windows To Go
There is one down-side to Windows To Go: it's easy to lose a memory stick, even a hefty one like the large USB 3.0 sticks Microsoft recommends. However, it's easy to use Microsoft's whole-disk encryption tool BitLocker to encrypt a Windows To Go stick, and you can make sure it's turned on when you create a drive. We'd recommend this approach, as it means you're sure that any sensitive data is protected - especially important if you're subject to any business regulations.
Available only to organisations with a Software Assurance subscription, Windows To Go is part of Windows 8 Enterprise. While you use the same tools to build Windows To Go images as you use to build and manage installation images, it's quick and easy to use Windows 8 Enterprise to build the USB keys – and it's even possible to let you users run the wizard themselves.
Setting up a drive from Windows 8 Enterprise is simple. Start with a prepared image on a share or a USB stick, and in Windows 8 launch the Windows To Go Wizard. You'll need a fast USB drive with at least 32GB of space (Microsoft has certified certain drives already, and recommends using a USB 3.0 stick as these have a higher quality of flash storage). Once you've chosen your Windows To Go drive, all you need to do is select an image, and start the process. The target drive will be reformatted, and can also be secured with BitLocker. Installation takes ten minutes or so, and you'll be asked if you want to reconfigure the PC used to create the disk to boot from USB in future.
Take Windows 8 with you wherever you go
The first time you boot a Windows To Go drive on a new PC it will scan for devices, and install appropriate drivers. That set up remains cached, so you'll be able to boot much more quickly in future. Drives can hold several system configurations, so you can take it from work to home to an internet café to a client's offices to a friend's home without worrying about losing data or drivers. It's this flexibility that makes Windows To Go an ideal tool for employees who can work from any PC, anywhere. It's also a tool you can slip into a pocket to use anytime you need secure access to your business systems, without having to carry a work laptop with you.
Once setup, a Windows To Go system works like any Windows PC. Just boot from USB, and you're in the familiar Start screen, and able to use the basic Windows store applications that come with Windows 8 or any pre-installed applications in the image (and install others by more traditional means). Users are able to log in with a Microsoft account, though by default there's no access to the Windows store – so you'll need to use Intune or System Centre to sideload Windows Store applications onto managed devices. If you want to enable access to the Store you can use Group Policy to allow access to the store, but applications are only licensed to a specific PC, so won't be portable (unlike the stick).
Unlike Windows RT ARM devices, Windows To Go sticks can be part of an Active Directory, making them easier to control and manage. If you're using any of the Microsoft Desktop Optimisation Package (MDOP) tools to deliver a managed desktop, Windows To Go will provide that same desktop to a user wherever they are – so you can use it to give home workers access to work resources, or to give casual staff access to office resources, without having to worry if your desktop optimisations will overwrite their personal settings. You'll also be able to use System Center to push updates and policies to Windows To Go, as well as using Direct Access to simplify connections to your IT resources.
Microsoft has taken several routes to supporting BYOD in Windows 8, with Windows To Go one of the most attractive. It's low cost, easy to set up, and relatively secure. IT teams don't need to learn anything new, and users have a simple way of using their applications and data, without reconfiguring their PCs. If you've got a Software Assurance agreement, Windows To Go could be your reason for upgrading to Windows 8.
Windows To Go step-by-step guide
1. Start installing Windows To Go by choosing the USB disk you want to use. Microsoft recommends using a USB 3.0 disk, and has a list of certified devices.
2. The Windows To Go wizard will scan local drives for suitable Windows images – or you can manually connect to an installation share, and use Windows deployment tools to deliver pre-configured images with OS and applications.
3. Once you've chosen a flash drive and an image, you're ready to create your Windows To Go disk. Just click to get started.
4. Encrypt Windows To Go drives as part of the setup process, using BitLocker. Just type a password to turn it on.
5. Preparing the drive is more than just formatting it – the disk is partitioned like a full Windows install, complete with recovery partitions.
6. The last part of the process takes the longest – installing Windows 8 on your drive ready to go. The installer gives you a Windows 8 install that's ready to install devices the first time you plug it into a PC.
7. Once a stick has been made you can choose whether to set up the host PC to boot from USB devices, or leave it as it is.