Windows to Go (Windows 8 CS)

All Replies

• Tuesday, March 20, 2012 10:54 PM

  Answerer

   

   
  

  0
  MS removed the official creator tool from the CP. So wait for the RC and test if this includes an official way to create a "Windows to Go" USB thumb drive.

  ---

  "A programmer is just a tool which converts caffeine into code"
  
  

  • Proposed As Answer by Jon.Garbee Friday, March 23, 2012 11:22 PM
  •  
   
• Wednesday, March 21, 2012 5:20 AM

   

   
  

  0

  Security folks may have a concern if the USB device is not encrypted, as "Windows to Go" is equivalent to carrying an OS with personal data on a USB stick.

  I'm not sure if the USB stick is encrypted, will it still works.

  
  
   
• Monday, March 26, 2012 9:25 AM

   

   
  

  0
  I think it would prompt for password before loading the OS.

  • Marked As Answer by Niki HanMicrosoft Contingent Staff, Moderator Wednesday, April 04, 2012 9:03 AM
  •  
   
• Monday, April 09, 2012 7:21 AM

   

   
  

  0
  You mean the Windows to GO USB stick will prompt for a password?
   
• Friday, April 20, 2012 12:32 PM

   

   
  

  1
  When booting a Windows to Go workspace that has a BitLocker password protector, you will be prompted for the BitLocker password before you're allowed access to the device.  It's no different than the boot process for a fixed disk with a different protector, such as a PIN.

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Thursday, May 03, 2012 8:35 AM

   

   
  

  0

  Thanks.  I've done up a windows to go using (windows 8 CP) on a USB drive.

  In order to prevent anyone who pick up my usb drive and access my files inside, should i know encypt it using "bitlocker" to go? Will it work when i boot it up on other pc? 

   
• Thursday, May 03, 2012 11:53 AM

   

   
  

  1
  Windows to Go uses a password protector, its not BitLocker to Go, its just BitLocker with a protector.  The volume will boot normally but you'll need that password to unlock the device.

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Friday, May 04, 2012 1:01 AM

   

   
  

  0

  Hello Joseph, thank you. Is the "password protector" avaliable in the Win 8 CS?

  How can i enable it on my Windows to GO" (Win 8 CS).

   
• Friday, May 04, 2012 12:05 PM

   

   
  

  0

  Yes, you should be able to do this in CP. 

  manage-bde -protectors -add -pw <vol GUID>

  You can also use Windows PowerShell to do this using the Enable-BitLocker verb

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Monday, May 07, 2012 1:15 AM

   

   
  

  0

  Correct me if i'm wrong,

  • A Bit-locker Protector password is tied to the USB hardware (Is the USB device encrypted? Or just protected by a "protected password" that prevent people from booting up the windows to go drive only?)
  • A Bit-locker password is tied to TPM chip of the hardware and the hardisk, this is different from the protector password metion above.

  I'm trying to understand, if the Windows To Go USB disk is secured, as we've corporate images and softwares inside the usb to go drive. 

   
• Monday, May 07, 2012 11:17 AM

   

   
  

  0
  Yes, the drive is secure.  The password protector is similar to what you would use on a data volume.  Because WTG requires the drive to present itself as fixed, we are able to apply normal BitLocker protectors to it rather than the BitLocker to Go method.  The user is prompted for the password prior to the drive being unlocked.  You can test this same protector on an OS volume in CP on a virtual machine by setting the group policy for OS drives to allow alternative authentication if you'd like to see how it works.

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Tuesday, May 15, 2012 3:24 AM

   

   
  

  0

  Hello Joseph, i trid the steps above to enable a password protector. Now, i can't boot the USB Windows to go disk anymore.

  How can i get the prompt from the windows to go disk, whenever i try to boot it up?

  main objective is to protect my OS and software in my USB Windows to go disk, in case it's lost.

   
• Tuesday, May 15, 2012 9:02 AM

   

   
  

  0
  How did you add the password protector?  I assume you're manually creating the stick as the WTG creator is not available in the CP release, how was the stick created and does the USB drive report itself as fixed or removable?

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

  • Marked As Answer by kelchua Tuesday, May 15, 2012 9:18 AM
  • Unmarked As Answer by kelchua Tuesday, May 15, 2012 9:18 AM
  •  
   
• Tuesday, May 15, 2012 9:28 AM

   

   
  

  0

  Hello Joseph,

  The WTG stick was manually created.

  I can boot up the USB WTG disk when i plug it into another physical PC. Everything works.

  Issue occured when i add the password protector. How i enable the password protector below.

  • I boot up a phycial PC with the WTG stick plugged in.
  • Run command promt and run the command ( manage-bde -protectors -add -pw <vol GUID> )
  • Manage to encrypt the USB WTG.

  After which, i try to boot it on another PC and it did not work anymore. It was detected in the bios as a USB disk, but there was no prompt for password etc.

  Does the password protector have a "Pre-boot Authentication" screen or option etc when enable on a WTG USB stick?

   
• Tuesday, May 15, 2012 10:18 AM

   

   
  

  0

  On a WTG workspace that's created using supported hardware, the workspace will show you a prompt for the password protector at boot.  You aren't able to access the contents of the drive without providing it.  It could be a difference between the device you're using and what we're going to officially support for workspaces at launch, I'm not sure.

  I use a Supertalent RC8 device and I am prompted for the protector on each boot, regardless of host computer.  I've done that creating the workspace manually or using the creator wizard.

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Wednesday, May 16, 2012 1:17 AM

   

   
  

  0

  Thanks Joseph, i'll try it out on another usb device and see if it works.

  What's not working now is the pre-boot autentication of the WTG USB disk. Is it convinent to share a password protector at boot screenshot?

   
• Wednesday, May 16, 2012 10:20 AM

   

   
  

  0
  Not really, if the protector isn't being shown, then the device either isn't properly BitLockered or the device might not support the protector in that fashion. Have you tried decryption of the drive and encrypting it again?  When you ran the manage-bde command against the drive, it ran properly?

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Thursday, May 17, 2012 1:35 AM

   

   
  

  0

  Yes, i tried to decrypt the drive and encrpt it again, it did't work. I can't reach the "password protector pre-boot authentication screen".

  When i run, <manage-bde -protectors -add -pw <vol GUID>>, i only entered the volume drive letter, instead of the GUID.  I trid using the GUID number and it did'nt work. I've the screenshot below.

  

  After the steps, i trid to boot up the drive again and it can't be booted anymore as it is now encrypted. There was not pre-boot auth screen for me to enter the password.

  • Edited by kelchua Thursday, May 17, 2012 6:42 AM
  •  
   
• Thursday, May 17, 2012 11:40 AM

   

   
  

  0
  I typically use DISKPART, but there are a couple of ways.  It looks like the protector is working properly based on the command.  Does this drive report itself as fixed?

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Monday, May 21, 2012 7:43 AM

   

   
  

  0

  I did a check, base on the screenshoot above, i've sucessfully add the Key Protectors.  To verify that, i did a "manage-bde -status", it shows that the key protector and password is added.

  BUT, when i plug and unplug the USB back to the notebook, and did a step to check on the status, the key protector and the password is gone.

  Not sure why this is happening.

   
• Monday, May 21, 2012 10:44 AM

   

   
  

  0
  Me neither, if the drive is reporting itself as a fixed disk and the protector is there, the only other thing would be the way the WTG workspace was created.

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Wednesday, May 23, 2012 1:18 AM

   

   
  

  0

  Hello Joseph,

  May i know how can i verify if my WTG workspace is reporting itself as a fixed disk?  If you can share with me how does the pre-boot autentication of the password protector look like?

  I've tried creating multiple WTG workspace on different usb thumbdrive and hardisk, all came back with the same results.

  I'm following the instructions below to create the WTG workspace, is there any difference in the way you created your workspace?

  http://tweaks.com/windows/52279/how-to-create-a-windows-to-go-usb-drive/

  Thanks

   
• Wednesday, May 23, 2012 11:46 AM

   

   
  

  0

  For the drive, when you plug it into a machine does it show under removable devices or do you have to enumerate it in disk management and give it a drive letter?  If its the former, the drive isn't reporting itself as a fixed disk and wouldn't be supported for Windows to Go.  Windows to Go workspace creation is different than the post referenced above, that post merely adds a Windows image to a USB drive and adds the boot files to it.  Windows to Go has several other things that it does which aren't referenced there (respecialization, SAN policy, etc).

  More information on the feature is available here: http://channel9.msdn.com/events/BUILD/BUILD2011/HW-245T

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Friday, May 25, 2012 2:23 AM

   

   
  

  0
  Thanks Joseph. For now, if there's any reference online for us to DIY a Windows To Go usb drive?
   
• Friday, May 25, 2012 2:35 AM

   

   
  

  0
  Unfortunately, no, there isnt one thats publically available.

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Friday, May 25, 2012 2:51 AM

   

   
  

  0

  Hello Joseph, thanks! Guess that's explains why the password protector that i'm trying to get, can't work.

  Thanks a lot.

   
• Friday, May 25, 2012 11:07 AM

   

   
  

  0
  Sure thing, sorry there isnt more I can do for you here. 

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Monday, May 28, 2012 2:16 AM

   

   
  

  0
  Hello Joseph, really appreciate your help. Thanks.
   
• Tuesday, June 05, 2012 2:31 AM

   

   
  

  0

  Hello Joseph,

  With the release of Win 8 Release Preview, do you happend to know if it has the capability to build a Windows to Go disk?

   
• Saturday, June 09, 2012 12:06 PM

   

   
  

  0
  It does not, sorry.

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Monday, June 25, 2012 8:55 AM

  Answerer

   

   
  

  0

  Hello Joseph,

  With the release of Win 8 Release Preview, do you happend to know if it has the capability to build a Windows to Go disk?

  download the Embedded CTP2, it includes the Creator Package. But for me it didn't work, because my USB 3.0 thumbdrive is not suported (doesn't show up as fixed drive).
  

  ---

  "A programmer is just a tool which converts caffeine into code"
  
  

   
• Monday, June 25, 2012 10:27 AM

   

   
  

  0
  RP doesn't support creating WTG media.

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/

   
• Thursday, August 16, 2012 2:55 AM

   

   
  

  0

  Hello Joseph, with the release of Win 8 RTM.  Would you be able to share more information?

   
• Thursday, August 16, 2012 11:46 PM

   

   
  

  0

  We're going to have more content coming out soon, what would you like to know?

  ---

  --Joseph [MSFT] http://blogs.technet.com/b/joscon/