Windows To Go is a Windows 10 and Windows 8 Enterprise feature providing users with a separate Windows build that can be booted from a USB device. It has the advantage of utilizing all the physical device (PC) hardware (except for the Operating System disk). Essentially Windows To Go is a portable Windows OS that can be taken with you and used on multiple devices.
There is a choice as to use a Microsoft Certified Windows To Go drive or to go with a non-certified USB. The choice to go for a certified or non-certified depends on the requirement for production devices with standard users Microsoft support may be required, necessitating a Windows To Go certified drive. In a testing environment and with more advanced users non-certified drives could be sufficient.
Certified USB drive
- A certified drive is officially supported by Microsoft.
- High performance with high sequential and random read/write speeds. e.g. IronKey W700 boasts Max Read: 400 MB/s, Max Write: 300 MB/s
- Hardware encryption with Password protection XTS-AES 256-bit
- Automatic data protection upon device removal
- Ultra-secure FIPS 140-2 Level 3 validation
- more expensive than standard USB sticks
Non-certified drive
- Using a USB drive that has not been certified is not officially supported by Microsoft.
- Performance can be slower on non-certified drives however you can get standard USB sticks that have performance close to SSD speeds.
- Devices do not have hardware encryption but can utilize BitLocker
- Can utilize existing USB devices or devices at a fraction of the cost of certified devices
Test Results
For my tests I used a SanDisk Ultra, a basic and cheap USB. While it was usable for standard tasks the performance was not idea. Most activities had adequate performance with light application work functioning fine, however any activity that necessitated greater disk writes performed significantly more slowly. An example of this was during Windows Updates where the Operating System was unusable while updates being applied.
- A disk benchmark returned Read: 140 MB/s, Max Write: 21 MB/s.
- On this USB an application installation for example could be an order of magnitude slower than with a standard disk.
Based on the test results what are the recommended Specs for a non-certified drive?
- USB 3.0 drive and port is a minimal recommended.
- 32GB size drive to allow sufficient space for updates and application Installations
- Read 300 MB/s, Write 200 MB/s Speed approx – this will give the user a high level UI and application response and reasonable performance on Disk activities.
Compatibility & Support
The following features are supported.
- Multiple PC devices. a single Windows To Go USB stick can be used on multiple devices and on various HW models.
- BitLocker Encryption via password
- Windows 10 AutoPilot
- Windows 10 OOBE (Out of the Box Experience)
- Both Azure AD Join and AD Domain
- Roaming Profiles including UE-V and redirected folders
- The use of a vanilla, custom image or the light image build
- Both BIOS and UEFI firmware are supported, along with GPT and MBR disk partitioning
- While in Windows to Go mode the local hard drive is offline by default and is inaccessible if the drive is encrypted with BitLocker
- Must not insert or remove the Windows To Go USB stick while the OS is running
- If the user does remove the USB stick the Windows To Go Operating System is active the OS will freeze for 60 seconds, to give the user time to reinsert the USB
- Booting from USB must be enabled on device firmware
- Both Windows Recovery e.g. Push Button Reset (PBR) and Hibernation mode are not supported
There are a number of scenarios in an enterprise environment where Windows To Go could be useful.
Disaster Recovery
The increasingly more common and more complex ransomware attacks lock users out of their devices. The Windows To Go stick can be used to bypass the ransomware encrypted drive until a resolution process has been put in place. Users can be back up and running very quickly.
Pilot and Test Devices
Provides a test or pilot devices to facilitate a wide range of testing or piloting requirements, making use of existing production hardware and environment.
- Application package testing
- Windows 10 Channel, update and build testing
- Windows Insider Preview testing
- Modern Management Migration Pilot
- Device Driver Testing
Bring Your Own Device (BYOD)
Users can use the Windows To Go Stick on their personal computers, providing a corporate environment on personal hardware. The Personal Operating System on the hard disk and the corporate OS on the Windows To Go stick are completely separate.