I have been writing about Windows to Go (WTG) since Windows 8 was in beta, and I have not stopped because frankly, I think it truly is an amazing tool. I have never really gone without a WTG key, but there have been times when it has been much more important… namely, when I was working for another company.
When I was running SWMI Consulting Group I always had my personal laptop joined to my corporate domain, and it was easy to simply segregate business and pleasure by maintaining separate profiles. Log off – Log on – all good.
When I was with Microsoft and Rakuten I always on contract; I maintained completely separate laptops for both, but I also provisioned WTG keys for both domains because frankly I got tired of carrying both laptops with me… or even having to make sure I had the right laptop with me when I left the house.
Now that I am with Cistel, I have a corporate laptop which I think I once took to a client’s site, mainly because I prefer my personal device… but I would never think of connecting my personal device to the domain at a client’s site, especially since there are Secret Clearance issues involved. Once again, Windows to Go provided me with the perfect solution. I always have a WTG key provisioned that is joined to the Cistel corporate domain, which I boot into whenever I am at my client’s site… or anywhere else other than my desk at Cistel, where my corporate laptop acts as a very expensive desktop computer.
The list of USB keys that I have used for Windows to Go over the years is long and comprehensive. I started out with the Kingston DT Ultimate and then the Super Talent RC8 (32GB), which were essentially the inexpensive ways to go. Before I joined Rakuten someone gave me a Kingston Data Traveler (also 32GB), which I believe I used for a few weeks before giving to my assistant in Tokyo. You get what you pay for of course… the Kingston now holds music for my car stereo, and the Super Talent went into the garbage at some point because it would not stay connected.
The first device that was truly a professional grade Windows to Go key that I got was the Imation IronKey Workspace. Actually I had (and still have) two of these… the W300 is a spectacular key that is not hardware encrypted, and it still works brilliantly. The W500 is hardware encrypted, which I thought was spectacular, and for a couple of years was why I used this one as my always provisioned Windows to Go device. Unfortunately when Kingston bought Imation they stopped supporting it, and while they say it should still work, I have not been able to provision it with any version of Windows later than Windows 10 v1703.
That leaves Spyrus. I have been wracking my brain for when and where I picked up the Spyrus Worksafe Pro device, and while I think I figured it out, it doesn’t really matter… This is the device that is my current go-to Windows to Go device… and has been since earlier this year when I gave up on the IronKey W500. The Spyrus Worksafe Pro is a spectacular device that is military-grade security, hardware encrypted, and yes… still supported. I have had my Worksafe Pro (64GB) configured on the Cistel domain since April… so about six months. It is solid, reliable, and it goes everywhere I need to go. I love the fact that unlike all of the other keys mentioned, its cap is attached, so impossible to lose. Unless something drastic changes, this is what I will be using for the foreseeable future.
There is one more device that I have used for WTG, and I still carry it wherever I go. The Apricorn Aegis Secure Key 3z Flash Drive is unique to this group in that it has a physical keypad, and cannot connect to anything unless that key has been entered. Enter the key incorrectly too many times, and your key self-destructs… that is, the security certificate that decrypts your information on the key does, and the data is useless. I got the Apricorn earlier this year, and I really do like it… it is not actually Windows to Go Certified, but it works nonetheless. However, I decided to use it for other purposes – i.e.: as a portable storage device. As great as it works for WTG is how great it is as portable storage.
I spoke with a representative from Apricorn earlier this year, and they told me that they did not go through the Windows to Go Certification program because it doesn’t seem there is anyone at Microsoft focusing on this anymore. I did not reach out to Microsoft to confirm, but I do like the key, and I use it on an (almost) daily basis… just not for WTG.
Of the brands that were actually certified for Windows to Go by Microsoft, the only one that I never tried was the WD My Passport Enterprise. I actually have a couple of these drives, and have never had an issue with them. I also never thought that they would make an ideal WTG drive, simply because, for me, WTG is something I can carry in my pocket. If I am carrying a laptop bag, I might as well carry a laptop. Yes, I know, there are reasons… the bottom line is I never tried it.
As I finish this piece, I am working on my Spyrus Worksafe Pro WTG key, chiefly because I am sitting at my client site waiting for them to get back to me on something. Over the last few weeks this drive has seen a lot of action. I found a bug in either Windows 10, the Surface Pro 4 firmware, or the key itself that has been driving me batty, and I have been working with the Spyrus engineers to see if we can fix it. After the first ten minutes of my first call with them we figured a work-around, so I am able to continue to work. I was worried because they were not able to reproduce the problem, and it wasn’t until Day 6 that they discovered that another member of their team is having the same problem. Believe me, it is not an issue that I will worry about, because the workaround is a single key stroke… and frankly, it might be that last deterrent before a hacker (who has already stolen the physical key and hacked the twenty-two character complex password to get this far) would get into the environment… or, at least, to the point where he could guess my complex password to get into that environment.
Partly because of the bug, and partly because it was that time, last week I re-deployed the key with Windows 10 version 1809… and then just like that, mostly because I was working with the Spyrus engineers but also partly because Microsoft recalled version 1809, I re-deployed the key with Windows 10 version 1803. It (the key) has been joined and un-joined and then rejoined to the Cistel corporate network more times in the last week than I care to count. I have deployed and then redeployed all of the software that I consider necessary for the environment, including:
- Microsoft Intune client (anti-malware, etc…)
- Microsoft Office 365
- Techsmith SnagIt
- VPN software and connections
- Google Chrome
- My password vault management tools
- Skype for Business
and, of course, so that I can write these blog articles for you,
One day I might look into creating a deployment environment that builds the keys for me, so that whenever a new version of Windows 10 does come out, I just have to press a few buttons… but the truth is that I don’t mind installing these applications by hand… it’s not that tough, and it is something I can usually do while doing something else. Besides, there is no better example of the truism “The shoemaker’s children go barefoot!”
That pesky single-USB port device…
The system that I use most often for my WTG environment is my Microsoft Surface Pro 4 hybrid. Yes, some people love it, others hate it. I’ve been using a Surface Pro since the day it was released in 2012, and I am happy to sacrifice a few minor things for the lightweight portability and flexibility. Unfortunately, one of those ‘minor things’ you have to give up (out of the box) is multiple USB ports… and when your only USB port is taken over by your primary hard drive (as is the case with WTG), you may find yourself in a bit of a pickle… enter my friends at Juiced Systems, who make a device called a Universal USB 3.0 Media Adapter (pictured), which takes that single USB port and makes it two, plus adds both an SD Card and Micro-SD Card adapters. Strictly speaking, I seem to recall that when Microsoft announced WTG, they said specifically that it will only be supported when connected directly to the computer, and not through a USB-hub or docking station. Supported or not, it works, and I am happy with the performance.
What you may notice in the picture is that the Spyrus Worksafe Pro is not only connected to the media adapter, but even at that it is connected by a USB cable. That is because the device itself is wider than most USB devices, and would otherwise prevent connecting the second USB device. Fortunately, the 3” cable is solid and an easy workaround.
So where are we?
Windows to Go is one of the features that I thought was going to be a huge game changer for Windows when Windows 8 was released (see article). Unfortunately, I have not seen as much adoption as I expected; in the six years since it was released, I have encountered a few, but not many, organizations that have adopted it. The excitement and buzz that was felt in the room at MVP Nation, the event where I demonstrated it for the first time at a public event, did not convert into the masses running out to buy compatible devices and evangelizing it to their customers.
So be it. I have, over the course of my career, backed a lot of technologies. Some of them were home runs (Hyper-V, System Center), others… not so much (Windows Phone, Essential Business Server). I know of a lot of features in Windows that are lesser-used, but they leave them in because… well, why not? I hope that Windows To Go does stick around; I do not know what the worldwide adoption is, but I use it, I love it, and frankly, I rely on it. If you use it, I would love to hear from you… how do you use it? What do you use it for? What device (or devices) do you use?
Have a great weekend!