A Clean Windows Installation…

It happens twice every year… Microsoft releases a new version of Windows 10.  For most people, the new version will be installed for them automatically by whatever method they use for patch management… either Windows Update, or any of myriad enterprise deployment tools their organization uses to manage desktop operating systems.

Unfortunately, due to a Windows update limitation that I have never quite understood, for me it means that I will be redeploying my operating system from scratch twice per year.

While Windows works fine when installed on a USB key, you cannot do a major OS upgrade to it.  So, if you have Windows 10 Enterprise version 1903 (Spring 2019) on a USB key, despite newer versions being released (Autumn 2019 and Spring 2020), the USB installation would remain on v1903.

spyrus-wspFor the last couple of years, because I use a number of different hardware platforms, I have been maintaining a USB key installation of Windows (formerly known as Windows to Go) as my primary personal system.  I run it off a Spyrus Worksafe Pro 128GB, and I have never had an issue with it.  I love the portability of it, in addition to the speed, security, and reliability.  What I do not love is that if I want to stay current, I have to reinstall Windows every six months… from scratch.

I have to admit, the process of reinstalling Windows every six month (along with all of my applications) is a pain in the rear.  It is time consuming, and if I am not careful, it is easy to forget something.  Yes, all of my data is in the cloud… but there is always the possibility that things can get missed; you know, files on the desktop, whatever.

The process is a pain, but it is also cathartic.  It gives me the opportunity to start with a clean slate.  Older application versions will be removed, and the newer ones deployed in its place.  Applications I might have needed for a contract do not have to be reinstalled.  What was old is new again.  It truly feels like a spring cleaning of my desktop environment.

With modern technologies such as Windows Autopilot there are some great tools to make the process easier.  I don’t mind spending a bit of time refreshing the environment.  A couple of hours later, and things are as good as new.  Windows to Go may be gone, but mobile Windows is still the way I am going.  So if we cannot do major updates on Windows USB installations, I’ll go through it.  I’m just glad it’s not more often than every six months!

Windows to Go Lives!

Sometimes the universe is talking to me.

This weekend, for reasons I cannot recall, I was thinking about the fact that Microsoft announced that it will be deprecating Windows to Go, and that sometime this fall I would be faced with the choice of either:

  • Keeping my supported Windows 10 v1903 Windows to Go key; or
  • Using a non-supported method of building a new Windows to Go key on Windows 10 v1909.

I was sitting on the patio enjoying a cigar when something occurred to me: when twice-yearly I rebuild my Windows to Go key (on my Spyrus Worksafe Pro 128) I do not use Microsoft’s Windows to Go Creator Tool, but rather a proprietary tool provided by Spyrus that handles their security encryption and all.  So, I wondered to myself, is my Spyrus tool really running Windows to Go, or is it simply Windows 10 installed on a USB device?  If so, might it continue to work with future versions of Windows 10?

It is not often that I am excited by a press release in my morning e-mail.  This morning I read about a scandal in Canada that won’t go away (and with good reason, but enough already!), another in Israel involving Sara Netanyahu, the Ukraine, and a piece of bread… and then there was one from Spyrus.

2019-08-20_9-25-30Last month I published an article called Windows to Go… Going Away.  Microsoft has announced that it is deprecating the Windows to Go functionality in future releases of Windows 10, which in theory meant that those of us who work with the tool would be stuck on Windows 10 v1903, the last version of the operating system to include the Windows to Go workspace creator tool (pwcreator.exe).

In my article last month I wrote that “There were ways of [installing Windows on a USB key] before Windows 8, and so there will be ways of doing it after Windows to Go is completely deprecated.”  I am happy that I am not going to have to rely on that.

On August 20, 2019 Spyrus announced that they are committed to securely supporting Windows to Go for the next decade, and that their solutions are to be the only secure USB device manufacturer certified by Microsoft.

Spyrus devices are certified FIPS 140-2 Level 3, offering the best security in the industry.  Because of their proprietary technology, they have always used their own creator tool.  As it does not rely on Microsoft’s continued development of WTG, Spyrus is able to continue to develop and support Windows to Go on all six Windows to Go devices, and thus continue to provide this functionality to their customers.

Spyrus

For those of us who use Windows to Go on a regular basis, this announcement was a welcome one.  I have confirmed with a company spokesperson that their Spyrus Widows to Go Creator Tool will continue to support bi-yearly releases as well as the Long Term Service Builds (LTSB) in the LTSC.  This is great news, and in honour of that I am planning on building a new tool with the LTSC release for a future article.

SpyrusHaving gone through several WTG devices over the last seven years, ranging from the cheapest to the most expensive, I decided last year that Spyrus was the device I was going to use – primarily if not exclusively – for my Windows to Go tools.  I have either met with or spoken to representatives (or agents) of a number of competing companies; I have not been able to reach any of them for comment.  I am glad to see that the device that I deemed over a year ago to be my favourite is not only still in the game, going forward they are going to be the only company still in it.

While Spyrus does offer solutions up to 1TB it is a little pricey, and with easily accessible wireless Internet and cloud storage solutions, it is likely that the smaller devices will fit the bill perfectly for most users.  I recently upgraded my primary device from the 64gb Worksafe Pro that I had since 2015 to the 128gb model that is identical in every way except capacity.  I understand the 512gb and 1TB versions are larger and while it would be great to have that terabyte at my disposal, by paying attention (e.g.: I do not synchronize my OneDrive, and I only maintain a week of e-mail) I find myself with 66GB of free space on the device.  I am so comfortable, in fact, that when I re-create the key with the Autumn release of Windows 10, I will likely expand my storage partition to accommodate larger files.

image

I don’t know why Microsoft decided that Windows to Go was not worth its continuing development; I suspect it has something to do with Azure VMs that will eventually run Windows 10, but that is not something I am privy to.  I am just glad at least that one company recognizes the value and importance of the technology, and will continue to provide WTG in a secure manner that is affordable and reliable.

…now if only they would deliver a tool to install Windows Server onto their keys! Smile

You can learn more about Spyrus and their solutions at www.spyrus.com.

Windows to Go… Going Away.

WTG.pngIn April of 2012 I was extremely excited as I walked to the stage at an event in Redmond, Washington and did my first ever presentation on Windows to Go.  I loved the idea of being able to take my installation of Windows – operating system version, applications, documents, the works – with me anywhere I went.  I have written myriad articles about it because I have had a real passion for it – not to mention the evolution of USB keys I have gone through that support it.

Windows to Go came with me to Japan twice, and allowed me to use my own hardware in lieu of selecting a corporate laptop.  It has come with me to many different sites, allowing me not only to use my own environment, but also to troubleshoot the hardware that friends and family have asked my help with.  It has traveled extensively with me, occasionally eliminating my need to bring a bulky laptop with me, where loaner hardware would be available.

The feature originally released with Windows 8 has not changed much through how many iterations (Windows 8, Windows 8.1, and 8 versions of Windows 10).  It is not a feature that Microsoft seems to have expended a lot of energy on following its release (the most current documentation lists a number of discontinued devices as available and certified (https://docs.microsoft.com/en-us/windows/deployment/planning/windows-to-go-overview).  Nonetheless it works, and has always worked very well – provided you use the appropriate hardware.  By this, I do not only mean a robust and hopefully certified USB key (I swear by my Spyrus Worksafe Pro, but have had several other keys as well).  I mean it is important that your USB port is not just a little loose, so that when your dog walks past his wagging tail jars your computer and forces a reboot (yes, that really happened to me).

Last month Microsoft announced that Windows to Go is no longer being developed, and that it will be removed from future versions of Windows.  I do not know if that means it will be gone in the Autumn 2019 release, but it is safe to say that it is heading out to pasture (See article).

I never understood people who continued to use older legacy operating systems and software, especially when the newer versions were better (or at least just as good) and available at no cost.  I remember a couple of years ago someone asked me for support on their Windows 8 device, and they really were running Windows 8; I had assumed that Windows 8.1 had replaced 100% of Windows 8 installations, but I was wrong… and when I asked why, he said to me ‘If it ain’t broke, don’t fix it! I like Windows 8, and I’m sticking with Windows 8.’  That was his choice and his right, even if I didn’t agree with him.

Now I sit wondering if I will be that guy in five years… “Hey, Mr. Garvis… why are you running Windows 10 v1903? Don’t you know how much better v2409 is?”  Maybe… but as long as my Spyrus Worksafe Pro is still spinning, this is my operating system and likely always will be.

.

.

.

.

.

Okay, who are we kidding here? There are several ways to put Windows 10 on a USB device without having to rely on Microsoft’s sanctioned and precious red-headed stepchild.  There were ways of doing it before Windows 8, and so there will be ways of doing it after Windows to Go is completely deprecated.  Stay tuned later this autumn… because if the next version of Windows 10 truly does not include the Windows to Go Creator Tool, I will be exploring my options, and I will be discussing them in this very space.  Until then? Stay safe and patch regularly!

Upping My On-the-Go Game

WTGIt has been seven years since my buddies Raymond and Erdal and I got on stage at a conference in Redmond and demonstrated – for the first time ever to a non-NDA crowd – the functionality of Windows to Go (WTG)… and nearly four years since I picked up my Spyrus Worksafe Pro 64GB key that I have been using as one of my WTG keys ever since. 

Two weeks ago Microsoft announced that they would no longer be developing Windows to Go… to be brutally honest, I thought they had stopped developing it years ago, and it was just another stagnant component that is extremely functional, but does not get a lot of love.

While I understand they will no longer be developing it I truly hope that they do not remove WTG from Windows, which would be a real shame.  I use Windows to Go almost every day, and working how I work, I cannot imagine being as productive without it.

SpyrusFar from calling it quits, I have doubled down on Windows to Go… somewhat literally.  This weekend I formatted and configured the environment on my new WTG device – my new Spyrus Worksafe Pro 128GB.  I am not quite sure how it is that I ran out of space on my 64GB drive (for someone who has been in computers since 180kb floppy drives were a really neat idea, it is hard to imagine we have come this far), but I did… and so I made the decision and picked up the new device… all of the functionality with twice the capacity.

The 128GB device looks exactly like the Worksafe Pro 64GB that I have had in my pocket since 2015; I still do not know if the sleeker feel of the actual metal is how my original key felt when it was new, or if they have changed it somewhat.  I suppose only time will tell. 

The Spyrus WTG Creator Tools software (stored on the unencrypted boot partition) has changed since I bought my original key, but not since I last downloaded the update from Spyrus in December.  I like the new graphical challenge screen the new software includes, but as I said, that is a function of the new software and not the new key.

Over the next few weeks I will run the device through its paces – I will run side-by-side speed comparisons between the old and the new, and I will test its reliability.  What I will not do (which I am told it would survive) is to run over it with my car.  I am all for putting new devices through their paces, but aside from reviewing it for my blog I also plan to use it for a long time – whether or not the next few versions of Windows 10 support it.

Thanks Spyrus… even if Microsoft doesn’t appreciate Windows to Go, I do… and I appreciate your dedication to the product!

Running Out of Room: A WTG Tip

windowstogo_thumb.jpgI have written and posted myriad articles over the years about Windows To Go (WTG); I have been running Windows off a USB device on-and-off since Windows 8 was in beta, but very consistently for the past three years.

While larger devices are available (at greater cost) I have been satisfied with my 64GB Spyrus Worksafe Pro for a few years, and I cannot imagine spending the money to upgrade.  Th 64GB device that I currently use costs $218.50; even upgrading to the next largest device (128GB for $427.50) would be a large expenditure for what I use the device for.  (In comparison, the 256GB version of the same device would cost $593.75, the 512GB version would cost $736.25, and the largest 1TB version would run you $1,187.50)

Spyrus-WSP.jpgThe bottom line is this: I do not want to spend the money to upgrade; with that said, I keep getting notifications that I am running out of drive space.  So what can I do to avoid these?

I should mention that I am not actually using the whole 64GB for my C: Drive… I have also allocated (along with the other system partitions that Windows creates) a 16GB data partition.  All of that leaves my C: Drive with a seemingly respectable 38.81GB of storage…

image

Unfortunately, from that space, the following is taken off the top:

c:\Windows: 22GB
c:\Program Files: 2.1GB
c:\Program Files (x86): 3.7GB
c:\ProgramData: 3.8GB
Pagefile.sys: ~4GB

While you may question if I actually need all of the applications I have installed on the device, let’s assume that I do… and if I am using the defaults for both Windows and Office, I am going to run out of free space very quickly.

So… what do I do to mitigate this issue?  I ran into the issue this weekend, and I was literally at 114MB free on the drive.  Here’s what I did:

1) There was a legacy profile on my device; I had the device running for a couple of months before I joined it to my Azure Active Directory, and switched from my Microsoft Account to my AzureAD account.  By deleting the legacy profile (which had several months of e-mail in it) the free space on the C: Drive climbed up to nearly 2GB… and then dropped in a big hurry.  Why?  I expected that, and was not concerned; that issue would be resolved in Step 2…

To delete unneeded user profiles, see this article.

2) Set your system’s paging file to a static size.  I use my WTG key on a few different computers, with RAM ranging from 3GB to 32GB.  There was a time that I recommended all computers have static paging files of 1.5x the system RAM… but those days are long gone, and if you do the quick math, that would be impossible on my 38GB system partition anyways.  For what I use the system for (chiefly as an Information Worker, but also for VPN and RDP), I have found that Windows works just fine with a 2GB paging file, and so that is what I use.

To resize your Paging File size, see this article.

3) I do not like to disable Cached Exchange Mode in Outlook… I like to have my e-mail available to me, even when I am not connected to the Internet.  By default, Outlook caches three months worth of e-mails (and calendar items, etc…) for each configured account.  On my WTG installation, I maintain two accounts, so that amounts to roughly 180 days of items (which not only includes important texts, but also PowerPoint presentations, videos, and family photos).  All in all, this weekend I discovered 625MB of Outlook items stored on my local device.  I went into my Account Settings in Outlook (for each account), and changed the cache to one week on one account and two weeks on the other.  This lowered the used space from 625MB to just over 200MB (which includes all of my contacts, which I want to maintain).

By performing these three simple steps I went from having 114MB free on my C: Drive to a very comfortable 6.7GB free.  While that would not be very much on one of my servers, for a device that I carry around in my pocket I am quite satisfied with it.

Windows To Go: State of Mitch’s Union

I have been writing about Windows to Go (WTG) since Windows 8 was in beta, and I have not stopped because frankly, I think it truly is an amazing tool.  I have never really gone without a WTG key, but there have been times when it has been much more important… namely, when I was working for another company.

When I was running SWMI Consulting Group I always had my personal laptop joined to my corporate domain, and it was easy to simply segregate business and pleasure by maintaining separate profiles.  Log off – Log on – all good.

When I was with Microsoft and Rakuten I always on contract; I maintained completely separate laptops for both, but I also provisioned WTG keys for both domains because frankly I got tired of carrying both laptops with me… or even having to make sure I had the right laptop with me when I left the house.

Now that I am with Cistel, I have a corporate laptop which I think I once took to a client’s site, mainly because I prefer my personal device… but I would never think of connecting my personal device to the domain at a client’s site, especially since there are Secret Clearance issues involved.  Once again, Windows to Go provided me with the perfect solution.  I always have a WTG key provisioned that is joined to the Cistel corporate domain, which I boot into whenever I am at my client’s site… or anywhere else other than my desk at Cistel, where my corporate laptop acts as a very expensive desktop computer.

KingstonThe list of USB keys that I have used for Windows to Go over the years is long and comprehensive.  I started out with the Kingston DT Ultimate and then the Super Talent RC8 (32GB), which were essentially the inexpensive ways to go.  Before I joined Rakuten someone gave me a Kingston Data Traveler (also 32GB), which I believe I used for a few weeks before giving to my assistant in Tokyo.  You get what you pay for of course… the Kingston now holds music for my car stereo, and the Super Talent went into the garbage at some point because it would not stay connected.

IronkeyThe first device that was truly a professional grade Windows to Go key that I got was the Imation IronKey Workspace.  Actually I had (and still have) two of these… the W300 is a spectacular key that is not hardware encrypted, and it still works brilliantly.  The W500 is hardware encrypted, which I thought was spectacular, and for a couple of years was why I used this one as my always provisioned Windows to Go device.   Unfortunately when Kingston bought Imation they stopped supporting it, and while they say it should still work, I have not been able to provision it with any version of Windows later than Windows 10 v1703.

Spyrus WSPThat leaves Spyrus.  I have been wracking my brain for when and where I picked up the Spyrus Worksafe Pro device, and while I think I figured it out, it doesn’t really matter… This is the device that is my current go-to Windows to Go device… and has been since earlier this year when I gave up on the IronKey W500.  The Spyrus Worksafe Pro is a spectacular device that is military-grade security, hardware encrypted, and yes… still supported.  I have had my Worksafe Pro (64GB) configured on the Cistel domain since April… so about six months.  It is solid, reliable, and it goes everywhere I need to go.  I love the fact that unlike all of the other keys mentioned, its cap is attached, so impossible to lose.  Unless something drastic changes, this is what I will be using for the foreseeable future.

Honourable Mention

ApricornThere is one more device that I have used for WTG, and I still carry it wherever I go.  The Apricorn Aegis Secure Key 3z Flash Drive is unique to this group in that it has a physical keypad, and cannot connect to anything unless that key has been entered.  Enter the key incorrectly too many times, and your key self-destructs… that is, the security certificate that decrypts your information on the key does, and the data is useless.  I got the Apricorn earlier this year, and I really do like it… it is not actually Windows to Go Certified, but it works nonetheless.  However, I decided to use it for other purposes – i.e.: as a portable storage device.  As great as it works for WTG is how great it is as portable storage.

I spoke with a representative from Apricorn earlier this year, and they told me that they did not go through the Windows to Go Certification program because it doesn’t seem there is anyone at Microsoft focusing on this anymore.  I did not reach out to Microsoft to confirm, but I do like the key, and I use it on an (almost) daily basis… just not for WTG.

Never Tried

Of the brands that were actually certified for Windows to Go by Microsoft, the only one that I never tried was the WD My Passport Enterprise.  I actually have a couple of these drives, and have never had an issue with them.  I also never thought that they would make an ideal WTG drive, simply because, for me, WTG is something I can carry in my pocket.  If I am carrying a laptop bag, I might as well carry a laptop.  Yes, I know, there are reasons… the bottom line is I never tried it.

Actuality

As I finish this piece, I am working on my Spyrus Worksafe Pro WTG key, chiefly because I am sitting at my client site waiting for them to get back to me on something.  Over the last few weeks this drive has seen a lot of action.  I found a bug in either Windows 10, the Surface Pro 4 firmware, or the key itself that has been driving me batty, and I have been working with the Spyrus engineers to see if we can fix it.  After the first ten minutes of my first call with them we figured a work-around, so I am able to continue to work.  I was worried because they were not able to reproduce the problem, and it wasn’t until Day 6 that they discovered that another member of their team is having the same problem.  Believe me, it is not an issue that I will worry about, because the workaround is a single key stroke… and frankly, it might be that last deterrent before a hacker (who has already stolen the physical key and hacked the twenty-two character complex password to get this far) would get into the environment… or, at least, to the point where he could guess my complex password to get into that environment.

Partly because of the bug, and partly because it was that time, last week I re-deployed the key with Windows 10 version 1809… and then just like that, mostly because I was working with the Spyrus engineers but also partly because Microsoft recalled version 1809, I re-deployed the key with Windows 10 version 1803.  It (the key) has been joined and un-joined and then rejoined to the Cistel corporate network more times in the last week than I care to count.  I have deployed and then redeployed all of the software that I consider necessary for the environment, including:

  • Microsoft Intune client (anti-malware, etc…)
  • Microsoft Office 365
  • Techsmith SnagIt
  • VPN software and connections
  • Google Chrome
  • My password vault management tools
  • Skype for Business
  • ZoomIt
  • BGInfo

and, of course, so that I can write these blog articles for you,

  • Open Live Writer.

One day I might look into creating a deployment environment that builds the keys for me, so that whenever a new version of Windows 10 does come out, I just have to press a few buttons… but the truth is that I don’t mind installing these applications by hand… it’s not that tough, and it is something I can usually do while doing something else.  Besides, there is no better example of the truism “The shoemaker’s children go barefoot!”

That pesky single-USB port device…

The system that I use most often for my WTG environment is my Microsoft Surface Pro 4 hybrid.  Yes, some people love it, others hate it.  I’ve been using a Surface Pro since the day it was released in 2012, and I am happy to sacrifice a few minor things for the lightweight portability and flexibility.  Unfortunately, one of those ‘minor things’ you have to give up (out of the box) is multiple USB ports… and when your only USB port is taken over by your primary hard drive (as is the case with WTG), you may find yourself in a bit of a pickle… file-1enter my friends at Juiced Systems, who make a device called a Universal USB 3.0 Media Adapter (pictured), which takes that single USB port and makes it two, plus adds both an SD Card and Micro-SD Card adapters.  Strictly speaking, I seem to recall that when Microsoft announced WTG, they said specifically that it will only be supported when connected directly to the computer, and not through a USB-hub or docking station.  Supported or not, it works, and I am happy with the performance.

What you may notice in the picture is that the Spyrus Worksafe Pro is not only connected to the media adapter, but even at that it is connected by a USB cable.  That is because the device itself is wider than most USB devices, and would otherwise prevent connecting the second USB device.  Fortunately, the 3” cable is solid and an easy workaround.

So where are we?

Windows to Go is one of the features that I thought was going to be a huge game changer for Windows when Windows 8 was released (see article).  Unfortunately, I have not seen as much adoption as I expected; in the six years since it was released, I have encountered a few, but not many, organizations that have adopted it.  The excitement and buzz that was felt in the room at MVP Nation, the event where I demonstrated it for the first time at a public event, did not convert into the masses running out to buy compatible devices and evangelizing it to their customers.

So be it.  I have, over the course of my career, backed a lot of technologies.  Some of them were home runs (Hyper-V, System Center), others… not so much (Windows Phone, Essential Business Server).  I know of a lot of features in Windows that are lesser-used, but they leave them in because… well, why not?  I hope that Windows To Go does stick around; I do not know what the worldwide adoption is, but I use it, I love it, and frankly, I rely on it.  If you use it, I would love to hear from you… how do you use it?  What do you use it for?  What device (or devices) do you use?

Have a great weekend!

Windows 10 1809: What’s New

windows-10-logo-fontLast night I was pleased to hear that, as predicted, Windows 10 version 1809 dropped at the Microsoft Surface event in New York City.  While it may or may not be available for you via Windows Update this morning, I downloaded the ISO yesterday and went right to work.  Well, to be more specific, I skipped my lunch break and went right to it.

As I wrote earlier in the week, my first use case for the new version of Windows 10 (1809, the October 2018 Update, or Redstone 5) will be for my Windows to Go key, which stopped working with my primary device when I updated the firmware recently.  I was concerned because, in the past, you were not always able to create a Windows to Go key from an operating system running an earlier build.  Fortunately that does not seem to be the case from 1803, and I was able to get it going.

The feature that most people seem to be talking about is the dark theme for File Explorer, which is enabled using the Colors page under the Personalization section of Settings.  Okay, it is nice that we have the choice… but this is something I experimented with many years ago using third-party tools, and I decided that the default scheme is just fine by me.  I will not be making this jump.

Something that will be big for developers, especially cross-platform types, is the new option to Open Linux shell here, in the File Explorer expanded context (Shift + Right-Click).

Something I hope I remember to use, because I have often thought how useful it would be, is the Clipboard History feature.  Press Windows Key + V, and you will see what you have copied to the clipboard before.  For the security conscious among us, there is an option to Clear All in that menu, which will be useful when sharing machines.  Additionally, there is a Clipboard page in Windows Settings, where you can modify the settings for the Clipboard, including synchronizing across devices.  Cool.

There is a new Game Bar and Game Mode feature that I have heard discussed.  As someone who never plays games on his PC, I cannot address this… but I have heard that in this new mode you will not be interrupted for system maintenance such as Windows Updates.  Feel free to try it on your own 😉

I like that the Bluetooth and other devices page under Settings now displays the battery level of connected devices.  I hate when I am watching a movie on a flight (using my Bluetooth beadset) and the batteries die… this will give me warning to charge them when needed.

Also under Settings, the different networks will show Data Usage, allowing you to monitor in case you are tethered to a network such as a cellular phone.  You can also see usage per app, in case some of your background applications are using more data than you expected.

HD Color has been introduced to the Windows Settings page. For those who are video fans, this should be a nice addition.

There are a lot of new features being added to Narrator, for people who use it.  As well, SpeechInking, and Typing is being split into two pages under Settings, with Speech getting its own context page.

I will not pretend to be a big fan of the extended emojis available with Unicode 11 (there are apparently 157 new emojis, including superheroes and redheads).  As a forty-six year old man I occasionally use the 🙂 and 😦 emoticons… and I don’t concern myself with the Unicode graphics of them.

For those of us who use tablets and hybrid devices, the on-screen keyboard now includes SwiftKey intelligence, so you can swipe from letter to letter, rather than lifting your finger and tapping every key.  It learns your writing style, and will give you more accurate auto-corrections and predictions over time.

There is more to Windows 10 1809, and over the next few weeks I am sure I will address more of them in this space.  In the meantime, I invite you all to try it for yourself, whether in a virtual machine (download the ISO and create a VM), or on your production machine (either from Windows Update, or downloading the ISO and reinstalling your OS.  It will be interesting to see

Ironkey Fail: Time to change.

WTG keysThere is probably no good reason why I have four (4) military grade USB keys on my key ring with Windows To Go (WTG) configured on each one… but since 2015 I have written about four different devices, and I keep all of them.  Of course, they are not all always up to date… but when a new version of Windows 10 is released, I try to upgrade either some or all of them.  I skipped 1709, so I decided to take an afternoon and recreate all four keys on Windows 10 1803.

My Apricorn key worked just fine.

My Spyrus key worked just fine.

My Ironkey W300 (the one without hardware encryption) worked just fine.

My Ironkey W500 (the one with hardware encryption)… did not.

I spent a few hours trying to make it right, but to no avail.  I finally gave up (for now) deciding to come back to it later on.  And then I got an e-mail press release from Spyrus, claiming that ‘…SPYRUS Windows To Go Device Trial Pack with SEMSaaS Device Management to Replace Competitive Devices that Do Not Support Recent Windows 10 Updates’

Interesting… I decided to go through my archives and see if I would be able to create a Windows To Go installation with an earlier version of Windows.  Fortunately on one of my external hard drives I found an ISO for Windows 10 1703 Enterprise (remember that we need the Enterprise SKU for WTG!) and I spent a few minutes working on it last night.  Presto, it worked!

So the good news is: If you have an Ironkey W500 (or W700 I would think), it will still work with Windows 10 (1703 and earlier). 

The bad news is: your USB key which you spent hundreds of dollars on will only work with an operating system that will go out of support in a few months, and unless Kingston changes its policy (which seems to have been to ignore the Ironkey acquisitions and let the products die) then this is unlikely to change.

I do not know if that policy will change, or if there is something going on behind the scenes that we do not know about.  What I do know is that there is a control panel that the Ironkey toolkit installs to the install.wim file before you deploy it from the Windows To Go Control Panel, and that control panel does not seem to be compatible with Windows 10 versions later than 1703.

And so, I hate to do this, but I have to revise my previous statements.  I will give the Spyrus Workspace Pro a big thumbs up, and I will give the Apricorn Aegis Secure Key 3z a big thumbs up.  The Ironkey W500, I’m afraid, is now a do not buy

Let’s Go: Creating a Windows to Go Hybrid Device

WindowsToGoRecently I wrote a review of the Apricorn Aegis Secure Key 3z Flash Drive, a spectacular USB key with some great security features, including a unique keypad that requires you to unlock your device before connecting it to your computer.  The same day I received a comment.  Anthony asks:

Would you be able to provide a link with the exact steps to create the Image of WTG on the USB key?

Anthony, it will be my pleasure.

Firstly, I reviewed my archives.  It seems that I have written a couple of articles on the subject.  The first one, when Windows 8 was in beta testing, showed how to do it from the command prompt… before there were GUI tools.  That article is here.

A couple of months later I wrote about doing it in Windows 8 RTM, with the GUI tools.  That article is here.

With that said, both of these articles are now over five years old, and both pertain to Windows 8.  I figure it is time to update them.  So we are going to do a couple of things here:

  1. We are going to create a new Windows to Go key ;
  2. We are going to modify the key so that we have a 15GB data partition.

I will be honest, I was going to go through the process of creating the Windows to Go key using PowerShell, but the preferred method (from Microsoft) is to use the Windows to Go creation tool.  I would rather use that.  If you want to use PowerShell, there are some articles I can point you to… but they are all a lot more complicated than they need to be.

Create Windows To Go

I have mounted the Windows ISO file (Windows 10 Build 1709)  to my E:.  My USB key is clean and virginal and ready to go.

1. Launch the Windows to Go Control Panel from the Start menu (or Cortana… just type in Windows to Go and it will come up).

image

2. Select the drive you want to use (only drives that are compatible will be displayed), and click Next.

In the next screen, you should have the option of Windows 10 Enterprise. 

image

If your screen is blank, perform the following steps:

  1. Ensure your Windows 10 Enterprise image is mounted;
  2. Click on Add search location;
  3. Navigate to the location where your .wim file is located (in my case, it is e:\sources\)
  4. Click Select Folder.

You should now see your image… and others, if the .WIM file contains different images.  Please remember, while you can select any of these, only Windows 10 Enterprise Edition will work for Windows to Go.

image

Click Next.

3. Now you can enable BitLocker and set a password for it.  I am not going to enable BitLocker for now, because I plan to resize my partition later.  If I did not plan on resizing, I would do it here, then click Next.

image

The next screen is the ‘Ready to create your Windows To Go workspace’ screen.  It will reassure you that this is not a two second process, and should take some time.  It also warns you that the process will wipe out any information on the drive.  That is why I generally like to use new keys for Windows To Go… or, you know… back my stuff up first!

image

When the process is complete, you will have the option to have Windows change your boot order, so that your system tries to boot from USB first.  I do not generally choose this option if creating from my desktop, simply because it is not uncommon for me to have three or more USB drives connected to some of my computers… and most of them are not bootable.  However if I am creating a key from my laptop, I do prefer it.

image

Okay, my Windows To Go key has been created, and I am ready to go… but not quite.

Create Data Volume

Okay… according to Windows Explorer, I have a 59.2 GB drive with 44.4 GB free space.

image

As I mentioned, I want to use this device as a hybrid… part Windows To Go, part portable storage.  So I am going to shrink the size of my Windows drive by 15 GB, leaving me a respectable 29.4 GB free on my WTG drive, and a 15 GB data partition.

This is one of the steps that is easier in the GUI.  I played around a little bit in PowerShell, and the following cmdlet worked:

Resize-Partition -DriveLetter “F” -Size 44.28GB

The reason I say it is easier in the GUI is simply because you can reduce by a certain amount (15GB, for example), whereas in PowerShell you have to reduce to a certain amount (44.28GB in this case).  Either way, it works… and I have 15GB of unallocated space.

image

We can simply create the volume in Disk Manager, but I would rather do it in PowerShell.

Get-Disk

This shows us the number of the disk we are using. I determined it was Disk 2.  So:

New-Partition -DiskNumber 2 -UseMaximumSize –AssignDriveLetter

My new partition needs to be formatted, and I trust I don’t need to show you how to do that.

What’s Left?

Now that I have my hybrid key created, I want to remember to enable BitLocker on both partitions.  I want to set a strong password on both drives.  Remember, by definition, this is a portable device, and even though I may be using an Apricorn key with a numeric key code, I remember that Defense-In-Depth is how I sleep sound at night.

Conclusion

So… that’s it!  I know this article is a hybrid of GUI and PowerShell and such, but then… the word hybrid is right there in the title!  I hope it has helped, and that you will be able to go forward and create your own Windows To Go hybrid devices!

Corrections!

Earlier today I published my article called USB & Windows to Go: Key In! on this site.  Because of my eagerness to get the article out (recently I posted that I would be trying to post a lot more frequently), I have been informed that I made a number of minor errors.  Here are the corrections:

  1. The ASK3Z keys are available in sizes from 8GB to 128GB, and not 256GB as I had mentioned.  This has been corrected in the text.
  2. Apricorn offers larger capacity devices in their ASK3 line, including a 240GB and a 480GB model.  These devices run the identical firmware, and have all the same features as the ASK3Z.
  3. If the brute force is tripped, the drive will crypto erase the encryption key, so that the data cannot be accessed.  The drive itself is not actually wiped, but cannot be accessed.
  4. Because the key code is entered before the key is inserted into the computer, there is no possibility for a key-logger to steal the PIN.  (This is not a correction, but another point I should have mentioned because it is cool!)
  5. With regard to the rebooting, I am told that the Lock Override Mode is the best way to use the device as an OS host, so the Secure Key will disregard the Re-enumeration signal from the USB port while the system reboots.

Sorry for the misunderstandings, and thank you Craig for helping me out here!

M

USB and Windows to Go: Key in!

I have written in the past about several different Windows to Go (WTG) key options, and have leaned heavily toward the ones with Military Grade Security (MilSec).  They are all good, they all do just about the same thing.  Of course, there are differences with deployment methodology, as well as the tools that support them, but in the end, you plug a key in, you boot from it, you have Windows.

Recently I was introduced to a key that sets itself apart, and it is obvious from the first glance.  Just open the box of the Aegis Secure Key 3z Flash Drive from Apricorn Inc., and the first thing you will notice is that its top is covered with a numeric keypad, along with three lights.  The polymer-coated wear-resistant onboard keypad allows you to unlock your device with a numeric passcode before using it.  Wow.  This really does change things!

ApricornI had the opportunity to speak with Craig Christensen of Apricorn Inc. recently, and we discussed several of the features, as well as use cases, for the Aegis Secure Key 3z .  Some of the scenarios were obvious, but others really made a lot of sense.

It should be know that this key, available in sizes from 8GB to 128GB, was not designed special for Windows to Go.  In fact, according to Mr. Christensen, the vast majority of their users do not use WTG, and in fact the majority of customers who run a bootable operating system off the key are in fact using Linux.  Indeed, most of their customers are using the keys to store… well, data.

What sort of data?  Well, that would depend on the customer.  But with penetration into governments, military and defense contractors, aviation, banking, and many more, it is clear that the keys are in use by many serious people and companies for whom security breaches could mean more than a simple loss of competitive advantage.  Intellectual Property is certainly important to manufacturers, but when it comes to other sectors, the stakes get much higher indeed.

So let’s enumerate some of the unique benefits that these keys have over their competitors:

  • Separate administrator and user mode passcodes. as well as possible read-only passwords
  • Programmable individual key codes that can be unique to an individual, granting user-level access
  • Data recovery PINs in the event a PIN is forgotten… or in the event a user leaves the company on bad terms
  • Brute-force defense, wiping the device clean after a set number of wrong attempts
  • Unattended auto-lock automatically locks the device if not accessed for a pre-determined length of time
  • Self-destruct PINs allow a user under duress to enter a code that immediately and irretrievably wipes the device clean
  • Meets FIPS 140-2 Level 3 standards for IT and computer security
  • IP57 Certification means the device is tough, resilient, and hard to kill.  With its rugged, extruded aluminum crush-resistant casing, the Aegis Secure Key is tamper evident and well-protected against physical damage.

In short, this is a tough little device.

I decided to have a little bit of fun with the key this weekend.  The first thing I did was to create a WTG key.  Like my other WTG keys, I got the 64GB model, although they are available in much higher capacities.  So once Windows was installed, I was left with about 50GB of free space on the drive.  I have realized over time that unless I plan to use the key as my primary PC (I do not), that is more than plenty,  Yes, I will install Office 365 and Live Writer and SnagIt, as well as a dozen other applications I can’t live without, but I will still never need more than 35GB of that.  Possibilities…

Okay, Let’s shrink my Apricorn’s volume by 15GB.  It is now about a 45GB volume (formatted).  I then created another volume for my Data.  of course, I have both partitions Bitlocker encrypted, because Defense In Depth is important to me.  So now, the partition table on my key looks like this:

image

In short, I have my 350MB System volume, a 44GB Boot volume, and a 15GB data volume.  Why would I want that?  Remember when I said that the majority of customers use the Apricorn keys for data and not for Windows to Go?  Well, doing things this way, I can have the best of both worlds.  I can use the key to boot into my environment, but I can also use the 15GB MDG-Data  volume as a regular, highly encrypted and protected USB drive.

Of course, I had to test that theory.  I made sure I was able to take the key to another pre-booted installation of Windows, key in my code, plug the key in to that computer, enter my Bitlocker password, and use the key.  Yessir, it worked.  Woohoo!

So let’s see… My Apricorn key, which is rugged and not going to break, can boot into a secure Windows 10 environment; it can be used as a secure data thumb drive; it can be used as a combination of both.  Nice!

At USD$159, the 64-GB key is competitively priced.  Unlike many competitive devices, the prices are cited right on the web page, and you can even buy direct without having to set up an account and speaking with a salesperson.  If you are a company looking for volume discounts, you can also buy them from distributors such as Softchoice, TechData, Canada Computers, and many more.  For a clearer picture of where to buy from in your region, visit their Where to Buy page.

I have been working with the Apricorn drive as my primary workspace today, and there are only two very minor drawbacks that I have found:

  1. The drive does get hot.  This is no different from the other WTG keys I have discussed in the past.
  2. If your USB port loses power for a split second on reboot (most of them do), then you have to shut your computer down and unlock the key again.  However, if your USB port is persistently powered, this will not be an issue.

Whether you want it for Windows to Go, for data storage, or for a combination of both, the 256-bit AES XTS hardware-encrypted Aegis Secure Key 3z Flash Drive from Apricorn Inc. is certainly a must-have.  I know that going forward, this is a key that will always be in my pocket!

A quick teaser…

As many of you know, I have always had a soft spot for Windows to Go (WTG), a technology that Microsoft introduced in Windows 8.  I have written reviews and how-to articles on the topic dating back to June, 2012.  While I do currently have a favourite device, I have three (3) of them on a key ring that I use for different reasons.

I am excited.  Yesterday I had a conversation with a representative of a company that makes a secure key that supports (but is not certified for) Windows to Go.  While it may not be certified by Microsoft, it does have some very interesting features that are unique among its competition.  I am looking forward to receiving a unit to evaluate, so I can tell you how it goes.  I will not give you any spoilers, but I also promise that I will not be giving any marketing spiel whatsoever… my review will be technical, and accurate.

Stay tuned!

WTG

Windows To Go Gotcha in Windows 10

So here’s an interesting fact about Windows To Go.  When Windows 10 first came out I was still running Windows 8.1 on my corporate desktop, and when I went to create my WTG image I couldn’t because the Windows 8.1 WTG engine did not support building Windows 10 WTG keys.  Ok, that is understandable.

Windows 10: The last operating system Microsoft will release, right?  Well my corporate laptop is on Build 1607, and when I downloaded the latest build (1703) it would not recognize it.  So my two options are:

  1. Download the earlier build and make my key based on that build; or
  2. Take the time to upgrade my laptop.

With all due respect Microsoft, if you are going to tell us that Windows 10 is the last desktop OS, don’t pull these games.  As a tech guru I understood right away what the problem was… How much time do you think the regular Joe trying to use your products would have spent on this?

Panic at the Windows to Go Corral…

I really like my Ironkey Windows to Go (WTG) drives.  In fact, I like them so much I carry two of them – a W300 (software encrypted with BitLocker) that is domain-joined to one of my clients’ domains, which I use full-time since my corporate laptop went for a swim, and a W500 (hardware encrypted) that I use for everything else – it is joined to my Azure Active Directory domain (garvis.ca) and has all of my critical software installed, including such tools as my file recovery tools (Windows 10: Where are my files?), but also everything I might want to use day to day.

Like any responsible computer user I change my passwords on a semi-regular basis (Passwords: Beware).  Now that Windows allows you to tie your local account to your Microsoft account it is easier for me to do, because once I change that password, it automatically changes on all of my devices… or does it?

Last week I remembered (painfully) that it does not.  A disconnected device will not change the password until it logs on to the Internet (at which point, similar to domain joined computers, it will inform you that your credentials are out of date, and it will ask you to lock your computer and then enter your new credentials).

While I use my personal Windows to Go key on a fairly regular basis, sometimes I go longer periods without doing so.  This incident tells of a ‘perfect storm’ of things going wrong to lock me out… for days.

While I use my corporate key nearly every day to work at my office, my personal key is a ‘just in case’ tool… most of the time I have my personal device with me.  Most of the time my Ironkey W500 sits in my pocket waiting for me to be somewhere that I really need my stuff… an Internet cafe, for example. In fact, as I sit here thinking about it, I might not have logged on to it since I was in Japan (and I left Japan December 1st, 2015).

The other day I needed to use it… Probably on or about January 29th, or about two months after I left Japan.  I was trying to use it to recover files I had accidentally deleted from an older computer.  I brought the computer to my office and booted up.  I got past the hardware encryption without a problem – that password I knew.  However when it came to logging on to Windows, I was stopped.  ‘Incorrect Password.’  No, that is the right password… maybe I mistyped it.  I typed it again.  Same result.  I typed it two-fingered and very slowly…. nothing doing.

Wait… I have two different accounts with the same username… I know they have different passwords.  Let’s try the other one.  ‘Incorrect Password.’ Crap… Houston, we have a problem.

By this time, I know there is something wrong.  Of course, I changed my password shortly after returning from Japan, so I wonder if that might be the issue?  Of course, there’s a problem… I don’t remember what my old password was.

By now, I have tried my password too many times, and I am locked out… and to add insult to injury, the computer I was using did not have access to the Internet.  The problem would have to be resolved elsewhere.. on a computer with access to the Internet, on which I had already used the WTG key (so that the network drivers would have been applied).

The next day I went to my other office, and plugged the W500 into my old Lenovo ThinkPad.  I was a little scared when it booted twice into the Encryption screen, but then I remembered that only one of the device’s USB ports retained power during a reboot.  I changed port, entered my password, and… It worked.  PHEW!

So what is the lesson learned?  When you change your password, remember to log on to all of your devices at least once before forgetting the old password!

Windows to Go: Ironkey gets it right

Back in 2012 I spent a lot of time talking (and writing) about Windows to Go (WTG).  This was Microsoft’s newest feature that allowed you to install Windows 8 on a USB key.  In theory I loved it, in practice… well, most of the USB keys that I tried it on (the certified ones, and not just the ones that I got for free at trade shows) worked… they just didn’t work very well.  They were… flimsy is probably the right word.  I had finally built my key just right, and one day I was demonstrating it to a group in Tokyo and… it just stopped.  It turned out, after hours of troubleshooting, that the connectors were not connecting properly.  After speaking with the company (who made me follow a less-abridged version of the troubleshooting steps I had already taken) offered to replace the key for me under warranty.  A few months later we had the same conversation on the replacement device.

So when I walked into the Ironkey booth at MS Ignite in Chicago this past May, I was intrigued by two promises they made: They told me that they are  MilSpec (Military Specifications, which means they should be nearly indestructible), and they promised it was full lengths faster than the competition.  I told them that I wanted to see that for myself, and they obliged by sending me two devices: An Ironkey W300, which is a heavy-duty 64GB key, and an Ironkey W500, which is just as heavy-duty, but includes hardware encryption.

I want to start by saying that I have nothing bad to say about either device.  However there are only so many hours in a day, and if I am going to get any work done (you do realize that I have an actual day job, one where they expect me to accomplish things) I could spend a little while testing both devices, but I was only going to focus on one of them.  Since the W500 is hardware encrypted, I made that my own, and only ran some cursory tests on the W300 before handing it off to an associate.

I should mention that there was another reason that I handed the W300 off… My colleague James is a Mac user, and the hardware encryption of the W500 is not compatible with the Mac.  For that reason the W300 was perfect for him.  However let me be clear: if I hadn’t been extremely satisfied by the performance of the hardware-encrypted W500 I would have kept the W300 for myself.  Yes, there is a difference between the two; it is less of a difference than you would notice if you switched out your solid-state drive (SSD) with a 15k rpm hard drive though.  That is to say that although the actual speed tests that I ran do show a marked difference between the performance of the two, to the naked eye for what I do on a daily basis there is very little difference.

At First Glance

There are some hoops to jump through in order to create the W500 as a Windows To Go (WTG) device.  Because it is natively encrypted you have to download the Administration Toolkit from their website, so that your Windows OS can recognize and build the key.  Okay, I am willing to live with that… after all, it is still easier than taking off my shoes and emptying my pocket at the airport.  You also have to download the Customization Toolkit, which modifies the install.wim file that you are going to use to build the key.  No problem, it took a few minutes and it was done.

If you are a normal user and are willing to RTFM then the process is fairly simple.  If you are like me and figure it will just work the way you think it will work, then it might cause a bit of frustration.  However once you realize that you don’t know everything and read the instructions, things go very smoothly.

W500So here’s what I did: I unlocked the device, I modified my ISO, I put the device into Configuration Mode, I created my Windows to Go (that was the same Windows wizard I already knew), and then I put the key back into Deployment Mode.  All in all it might have taken half an hour or so.  No big deal. 

When you put the device back into Deployment Mode it asks if you want to modify your hardware so that it will boot from USB before any other device.  If you are using the same computer for both (or even just for testing) then this is a good idea.  However my primary use case for WTG is work from anywhere on any device.  Make sure you know what key allows you to select the boot device before you boot it up… on HP it’s F9.

So we were off to the races… I built the key on a Lenovo T420s that I have at the office, and it seemed so simple to just reboot that device into my WTG environment.  Ok fine.  As it was booting I got the Windows 8 logo… and then an unfamiliar screen.  I arrived at the Ironkey Pre-boot environment, prompting me for my password.  Password entered, it rebooted into Windows for me.

**Note: At this point I should mention that I started these tests on the key with Windows 8.1.  On July 29 I downloaded the ISO for Windows 10 Enterprise and rebuilt the key.  So please note that while I may say one or the other edition at any point, the experience was quite similar, so interchangeable.

My Windows 10 environment loaded up on the Lenovo very quickly, despite booting from a USB key.  While I had the option to join it to my corporate domain, I opted to configure it with my Azure Active Directory (garvis.ca) because I would be using it for both business and personal.  I did add the VPN client for my corporate domain though, because I wanted to make sure I could use the key the way I originally intended it, and the way I hope my users will use it when we deploy across the company.

So I knew what Windows to Go could do because I worked with it before; the proof of the pudding is in the tasting though, and I wanted to see how this device would really feel from the user’s perspective.

In a word… seamless.  Once you are in Windows I notice no difference between using WTG and not… and that was always my concern with the other USB environments I had previously sampled.  This key showed the potential to be more than the ‘when all else fails’ alternative… it wants to be (and can be) a first class device that its competition never could be.  It is fast, it is solid, and it is reliable (a major area of contention with previous devices, as mentioned earlier).  While I didn’t perform the drop-test while inserted in a USB port (more out of fear of damaging the computer than the USB key), I did do a drop test.  I was listening to a podcast earlier and they talked about the standard four-foot drop test.  That’s nice of course, but if you have a USB key that can’t survive 4’ then you didn’t get your money’s worth.  No, I dropped this USB key from the second floor balcony of the cigar lounge where I am currently sitting, then walked down, picked it up off the concrete floor, then came back up and booted back into it.  No problem!

Two of the other devices I had tested either came apart or just stopped working reliably after a couple of weeks in my pocket (with my keys and coins).  Ironkey’s W500 laughed at that test… not even a scratch. 

Until recently I had the key connected to my keychain.  It made for a heavier and more unwieldy keychain to be sure, but I was fine with it… and it was only when my girlfriend borrowed my car for a day that the lanyard wire connecting the key to the keychain came open and got lost.  I suppose a woman’s purse may be no match for the pairing… but the Ironkey worked fine.

So my T420s worked great, but how about switching to another device?  I plugged it into my Surface Pro 3 and booted up.  I had to install device drivers, but it worked great.  But these are two pretty modern, corporate devices that are lovingly maintained by myself and the IT department at Kobo.  What about something less… modern and well-maintained?

In my girlfriend’s living room there is a computer that I would not want to spend a lot of time working on.  She readily admits it is ready to go to the corner – although she is wrong… it just needs a new hard drive.  Until recently she used it to watch Netflix and… that’s it.  It wasn’t good for anything else, seeing as it took 20 minutes to boot.  It’s old (the Windows sticker on the bottom says Windows Vista), but it is still an HP Pavillion… it shouldn’t be too bad.  It doesn’t have USB 3.0, so I wouldn’t expect much from it.  Once I installed the device drivers onto the Ironkey W500 Windows this 10 year old laptop purred like a kitten… I mean it really worked flawlessly!  It still popped up warnings that hard drive 0:0 was dying, but that did not affect how well the device worked.  It just.. worked!

That use made me think once again of all of the possible use cases for Windows To Go… I could now go into any Internet cafe, any hotel business centre, any mother-in-law’s place in the country, any airport lounge; No matter how poorly they maintain their computers, I can boot into my own hard drive on their ragged virus-ridden hardware and still be productive.  That rocks, because I do get to those places on a surprisingly regular basis!

W300So knowing how happy I was with the W500, I went back and borrowed the W300 from my colleague. Yes, I promise you will get it back… just let me see how well it works next to the W500.

Honestly I was surprised… while it is definitely faster, I didn’t feel like I was getting out of a Ferrari and into a Trabant… more like I was getting out of a Toyota Camry and into a Corolla.  Yes, the Camry is faster… but the Corolla is very close.  I spent a day working on it before giving it back, and when I went back to the W500 I was not at all disappointed by the very minor speed difference… I am happy to make the allowance for the security…

…and that is not to say that the W300 is not secure… it fully supports BitLocker drive encryption, which is absolutely solid and more than most people would need in an encryption layer. 

Both devices are the same size by the way… 81mm x 21mm – that is to say, about 3.2” x .9”.  They have not blocked the adjacent ports on any computer that I have tried them on.  They also (surprisingly, since Microsoft told me this would not work) both booted just fine when connected via a USB 2.0 hub.  That means that even on my Surface Pro 3 I don’t have to sacrifice my only USB port in order to use it.

In this day and age of terabyte hard drives it is hard to imagine that I could be satisfied living off a 64gb USB key… but remembering that most of my files are on-line anyways, this worked just fine for me.  What it did do was make me think do I really need this… every time I went to install another application.  I also considered disabling my Outlook Cached Mode, but then I wouldn’t have access to my e-mail off-line, so I decided to set the cache to a week instead of a month.

But what if it gets stolen?

I have said many times before that if someone steals my computer then I don’t care if they have a new device for themselves… as long as they cannot access my data.  I can always buy a new computer, but my data is not only irreplaceable, but in someone else’s hands it can be disastrous.  So the W500 has two different modes, that I call Self-Destruct and Soft-Destruct.  The default behaviour is simple… if you type the password in wrong ten times, the key self-destructs.  The circuits inside the key fry.  By the way, that is also what happens if someone tries to pry the device open (and Ironkey has made that extremely unlikely).  Soft-destruct is less… terminal.  After 10 wrong password attempts it wipes your device back to clean… I tried this before, and that is exactly what happened.  I was able to rebuild it as a new key, but there was no data left on it… not even traces.

Conclusion

If you need a solid and reliable device for Windows to Go, then there is nothing to think about… this is the only device for you.  Oh and if you are running an IT department and concerned that deploying dozens or more of these keys will be cumbersome, rest assured that Ironkey will provide you with the tools to deploy as many at a time as you have USB ports.  They also have a great tool for managing the hardware… if you want more information I’ll introduce you to them.

If you are worried (dare I say… paranoid?) about security, then this is also the device for you.  Whether you want to use it as an individual, or centrally manage hundreds or thousands for your organization, you will not be disappointed.

I definitely give the device two big thumbs up.  By the way, the majority of this article was written on a patio in Burlington, Ontario… with a cigar lit, and my Surface Pro 3 running my Windows To Go environment.

Thanks Ironkey!