Recently I wrote a review of the Apricorn Aegis Secure Key 3z Flash Drive, a spectacular USB key with some great security features, including a unique keypad that requires you to unlock your device before connecting it to your computer. The same day I received a comment. Anthony asks:
Would you be able to provide a link with the exact steps to create the Image of WTG on the USB key?
Anthony, it will be my pleasure.
Firstly, I reviewed my archives. It seems that I have written a couple of articles on the subject. The first one, when Windows 8 was in beta testing, showed how to do it from the command prompt… before there were GUI tools. That article is here.
A couple of months later I wrote about doing it in Windows 8 RTM, with the GUI tools. That article is here.
With that said, both of these articles are now over five years old, and both pertain to Windows 8. I figure it is time to update them. So we are going to do a couple of things here:
- We are going to create a new Windows to Go key ;
- We are going to modify the key so that we have a 15GB data partition.
I will be honest, I was going to go through the process of creating the Windows to Go key using PowerShell, but the preferred method (from Microsoft) is to use the Windows to Go creation tool. I would rather use that. If you want to use PowerShell, there are some articles I can point you to… but they are all a lot more complicated than they need to be.
Create Windows To Go
I have mounted the Windows ISO file (Windows 10 Build 1709) to my E:. My USB key is clean and virginal and ready to go.
1. Launch the Windows to Go Control Panel from the Start menu (or Cortana… just type in Windows to Go and it will come up).
2. Select the drive you want to use (only drives that are compatible will be displayed), and click Next.
In the next screen, you should have the option of Windows 10 Enterprise.
If your screen is blank, perform the following steps:
- Ensure your Windows 10 Enterprise image is mounted;
- Click on Add search location;
- Navigate to the location where your .wim file is located (in my case, it is e:\sources\)
- Click Select Folder.
You should now see your image… and others, if the .WIM file contains different images. Please remember, while you can select any of these, only Windows 10 Enterprise Edition will work for Windows to Go.
3. Now you can enable BitLocker and set a password for it. I am not going to enable BitLocker for now, because I plan to resize my partition later. If I did not plan on resizing, I would do it here, then click Next.
The next screen is the ‘Ready to create your Windows To Go workspace’ screen. It will reassure you that this is not a two second process, and should take some time. It also warns you that the process will wipe out any information on the drive. That is why I generally like to use new keys for Windows To Go… or, you know… back my stuff up first!
When the process is complete, you will have the option to have Windows change your boot order, so that your system tries to boot from USB first. I do not generally choose this option if creating from my desktop, simply because it is not uncommon for me to have three or more USB drives connected to some of my computers… and most of them are not bootable. However if I am creating a key from my laptop, I do prefer it.
Okay, my Windows To Go key has been created, and I am ready to go… but not quite.
Create Data Volume
Okay… according to Windows Explorer, I have a 59.2 GB drive with 44.4 GB free space.
As I mentioned, I want to use this device as a hybrid… part Windows To Go, part portable storage. So I am going to shrink the size of my Windows drive by 15 GB, leaving me a respectable 29.4 GB free on my WTG drive, and a 15 GB data partition.
This is one of the steps that is easier in the GUI. I played around a little bit in PowerShell, and the following cmdlet worked:
Resize-Partition -DriveLetter “F” -Size 44.28GB
The reason I say it is easier in the GUI is simply because you can reduce by a certain amount (15GB, for example), whereas in PowerShell you have to reduce to a certain amount (44.28GB in this case). Either way, it works… and I have 15GB of unallocated space.
We can simply create the volume in Disk Manager, but I would rather do it in PowerShell.
This shows us the number of the disk we are using. I determined it was Disk 2. So:
New-Partition -DiskNumber 2 -UseMaximumSize –AssignDriveLetter
My new partition needs to be formatted, and I trust I don’t need to show you how to do that.
Now that I have my hybrid key created, I want to remember to enable BitLocker on both partitions. I want to set a strong password on both drives. Remember, by definition, this is a portable device, and even though I may be using an Apricorn key with a numeric key code, I remember that Defense-In-Depth is how I sleep sound at night.
So… that’s it! I know this article is a hybrid of GUI and PowerShell and such, but then… the word hybrid is right there in the title! I hope it has helped, and that you will be able to go forward and create your own Windows To Go hybrid devices!