Windows To Go
A deployment guide
for education
January 2014
Table of
contents
1 Understanding Windows To Go
1 Windows To Go for IT
2 Windows To Go for faculty
2 Windows To Go for students
4 Preparing to use Windows To Go
4 Windows To Go limitations
5 Roaming with Windows To Go
5 Determine user setting storage
6 Determine remote access requirements
6 Determine host computer requirements
7 Select the USB drive for Windows To Go
7 Understand Windows To Go image creation
9 Creating a Windows To Go drive
9 Using the Windows To Go Creator Wizard
10 Using Windows PowerShell cmdlets
12 Starting a Windows To Go drive
13 Enabling the Windows Store
14 Activating Windows To Go workspaces
15 Managing Windows To Go
15 Group Policy settings related to the
Windows To Go workspace
17 Group Policy settings related to the host computer
18 Storing user data and settings
19 UE-V with Folder Redirection
19 Cloud storage

21 Conguring Windows To Go for remote access
22 Securing Windows To Go drives
23 ConguringBitLockerbeforedistribution
23 ConguringBitLockerafterdistribution
25 Building multiple Windows To Go drives
26 Talking about Windows To Go
27 Conclusion
1WINDOWS TO GO
Windows To Go
A deployment guide for education
Windows To Go is a feature of the Windows 8.1 Enterprise operating system that
enables the operating system to run from a USB drive. Using Windows To Go in an
education environment provides numerous benets to faculty and students alike. It
enables faculty and students to use a personalized copy of Windows 8.1 on virtually
any PC, at almost any location. This guide provides an overview of Windows To Go
deployment for schools. It is for IT pros and discusses the benets, limitations, and
processes involved in deploying Windows To Go.
Understanding Windows To Go
WindowsToGocreatesabootableWindows8.1imageonaUSBdrive.Thismeansthatthe
standardizedWindowsimagealreadyusedoninstitution-owneddevicesnowbecomesavailable
withgreatlyincreasedportabilityandconvenience.Usersdonotneedtolugaroundalaptop
orotherdevicetohavetheirWindowsdesktopavailable:Thatdesktopisnowavailableona
USBdrive,andtheycanrunitonanyPCthatiscompatiblewithWindows7,Windows8,or
Windows8.1.
Windows To Go for IT
WindowsToGohelpsITinseveralways:
• Portability WindowsToGoenablesITtooffertheexibilityoffreeseating.Facultyand
studentscanusetheirownWindowsdesktopfromalmostanyPCintheschool.
• Cost savings ITdoesnotneedtodeployindividualcomputersbutrathercandeploythe
WindowsToGoworkspaceonUSBdrivestoprovideaconsistent,personalizedWindows8.1

experience.Itiseasytosetupandcongure,anddistributionissimple.
• Management Today’sITinfrastructureusesGroupPolicyandtechnologieslikeBitLocker
Drive Encryption, Microsoft BranchCache, Application Virtualization, DirectAccess, and other
2WINDOWS TO GO
advancedtechnologiestoensurehighlyreliableandsecureservicestousers.WindowsToGo
supportsallofthosetechnologiesandmore.YoudonotneedtochangeyourITprocesses
andmanagementtoolstoaddWindowsToGotoyourITinfrastructure.
Windows To Go for faculty
WindowsToGogivesfacultyaconsistentWindows8.1experiencefromalmostanywhere.Is
seatingavailableinacomputerlab?Needtomovetoanotherclassroom?Theeducator’spersonal
Windows8.1desktopisavailableatalloftheselocationsbybootingintotheWindowsToGo
workspace.
Facultymembersusenumeroustoolstoprovidethebestlearningexperiencefortheclassroom,
suchasMicrosoftOfceandthespecializedLearningManagementSystem(LMS).Atthesame
time, computers with that specialized software are typically shared among two or more educators,
makingitdifculttondatimetogetclassroom-relatedadministrativeworkdone.
WithaWindowsToGoworkspace,sharingacomputerbecomesathingofthepast.WithWindows
ToGo,anycompatiblecomputer,regardlessoftheoperatingsysteminstalledonit,canbeused.
ThismeansthatfacultymemberscanuseaWindowsToGoworkspaceatwork,fromhome,or
fromanoff-campuslocation,providingthesameexperienceregardlessoflocation.Facultyareno
longertetheredtoaspeciccomputer,room,orbuilding.
Windows To Go for students
Likefaculty,studentscanbenetfromtheWindowsToGoexperience.Studentscanusea
WindowsToGoworkspacetobootintotheirownWindowsworkspacefromhomeorfromafree
seatinschool.TheycanhavethesamepersonalWindows8.1experienceineachclassroom.
Students can also use Windows To Go workspaces to get their homework done and perform
research-relatedtasksbyusingspecializedsoftwarewithoutneedingtoinstallthatsoftwareon
theirowndevice.AlltheyneedisacompatiblecomputerandUSBdrive,andtheworkspaceisup
andrunning.
YoucancustomizeWindowsToGoworkspacesforparticularcurriculums,gradelevels,andso

on,thendistributethemtostudents.Doingsohelpstofacilitatethelearningexperiencewhile
minimizingthetimeinvestedinconguringthetechnology.
WindowsToGoworkspaceshavelowreplacementcost.IfastudentlosestheUSBdrivewiththe
workspaceonitorifthedrivebecomesdamaged,itcanbereplacedatamuchlowercostthana
PC.
3WINDOWS TO GO
Additionalresources:
• “Windows8EnterpriseinYourPocket”at />enterprise/products-and-technologies/devices/windowstogo.aspx
• “WindowsToGo:FrequentlyAskedQuestions”at />jj592680.aspx
4WINDOWS TO GO
Preparing to use Windows To Go
Thissectiondescribestheinfrastructure-relateditemsthatyoumustconsiderforaWindows
ToGodeploymentandalsoprovidesconsiderationsforthatpreparation.Inadditiontothe
considerationsthatthefollowingsectionsdescribe,seeWindows 8.1 deployment planning: A guide
for education at for considerations
affectinganyWindows8.1deploymentinaneducationalinstitution.
Windows To Go limitations
AlthoughWindowsToGoissimilartoatypicalWindows8.1EnterpriseinstallationonaPC,some
differencesexist:
• No access to internal disks Bydefault,thehostcomputer’sdisksarenotaccessibleby
a Windows To Go installation, and a USB drive with a Windows To Go workspace is not
accessiblebytheWindowsoperatingsysteminstalledonthecomputer.Youcaneliminate
bothoftheselimitationsbyusingGroupPolicy.However,theserestrictionsareinplaceto
protect the security and privacy of the Windows To Go workspace, and to help prevent end-
userconfusion.
• Recovery options are limited TheWindowsRecoveryEnvironment(WindowsRE)isnot
availableinWindowsToGo,norarerefreshandresetoptions.Youshouldre-provisionthe
Windows To Go workspace onto the USB drive in the event a Windows To Go workspace
becomesunrecoverable.Becauserecoveryoptionsarelimited,Microsoftdoesnot
recommendstoringuserdataontheWindowsToGoUSBdrive.Instead,useanetwork-or

cloud-basedsolutionlikeFolderRedirectionorSkyDrive.
• Trusted Platform Module (TPM) is not used TheTPMistiedtoaspecicphysical
computer.Therefore,becauseWindowsToGoworkspacesmoveamongcomputers,theTPM
isnotusedinaWindowsToGoworkspace.Initsplace,apasswordisrequiredforBitLocker
onaWindowsToGoworkspace.
• Windows Store is disabled (Windows 8 only) InWindows8,theWindowsStoreisdisabled
bydefault,becauseappsaretiedtothecomputeritself.YoucanuseGroupPolicytoenable
theWindowsStore.InWindows8.1,thislimitationisgone,andtheWindowsStoreisenabled
bydefault.RegardlessoftheWindowsStorestatus,youcanstillsideloadappsforwhich
youhaveinstallationles.FormoreinformationaboutsideloadingWindowsStoreapps,
see Windows Store apps: A deployment guide for education at />download/details.aspx?id=39685.
5WINDOWS TO GO
• Hibernate is disabled Hibernationexpectstondthesamehardwarewhentheoperating
systemresumes.BecauseWindowsToGoworkspaceswilllikelyroamamongcomputers,
hibernationisdisabled.LiketheWindowsStore,youcanre-enablehibernate,butonly
enablehibernationifyouarecertainthatthedevicewillonlybeusedonthesamephysical
computer.
Roaming with Windows To Go
Duringthebootprocess,WindowsToGoexaminesthehostcomputer’shardwareandinstalls
thenecessarydevicedrivers.Thisprocessgenerallyworkswell,especiallyifpeoplewillbe
usingWindowsToGoonhostcomputerswithsimilarhardwarecongurations.However,ifthe
workspacewillbeusedondifferenthardwarewithdifferentdevicecongurations,thenyoumight
needtoinjectadditionaldriversintotheimage.Testingtheimageonthehardwareisakeystepto
ensurecompatibilityforthedevicestobeusedwithWindowsToGo.
Someapplicationscanbindtospecichardware.Forexample,anapplicationmighttieitslicensing
oractivationtothecomputer’shardware.IftheWindowsToGoworkspacewillbeusedon
multiplehostcomputerswithdifferenthardwarecongurations,theapplicationsmightnotroam.
Ensure that each application you are installing in a Windows To Go workspace supports roaming
or provide for an alternate method of using those applications, such as Windows Server 2012 R2
RemoteApp.

Studentsandfacultyarenotusuallyawareofwhichtypeofrmwaretheircomputershave,and
sotheywilllikelyboottheirworkspacesondifferenttypes.TheycanbootWindowsToGoon
computerswithdifferenttypesofrmware.ComputerscertiedforWindows8.1haveUnied
ExtensibleFirmwareInterface(UEFI),whileWindows7computersusethelegacyBIOSrmware.
Ratherthancreatingseparateworkspacesfordifferentrmwaretypes,WindowsToGocanboot
oneitherrmwaretype.
Determine user setting storage
Users need access to their data and settings within the Windows To Go workspace in addition
totheirusualdevice.Determinehowbesttoprovidethisaccess,whetherthroughauserstate
virtualization(USV)technologyorthroughothermeans.Optionsincludelocalstorage,Microsoft
UserExperienceVirtualization(UE-V)withFolderRedirectionandOfineFiles,SkyDrive,Microsoft
Ofce365,andothercloud-basedstoragesolutions.Windows8.1alsoenableslogonwitha
Microsoftaccount,whichincludestheoptionofroamingformanyusersettings.Thisaspectof
Windows To Go is discussed in the section “Storinguserdataandsettings”onpage18 in this
guide.
6WINDOWS TO GO
Determine remote access requirements
IfWindowsToGoworkspaceswillbeusedfromoff-campuslocations,
thenyoumightprovideamethodforremoteaccess.Youcandoso
byusingDirectAccessorbyusinganexistingvirtualprivatenetwork
(VPN)solution.Moredetailonremoteaccessisgivenin“Conguring
WindowsToGoforremoteaccess”onpage21.
Determine host computer requirements
WindowsToGosupportsmanydifferenttypesofhardware.This
supportenablesuserstorunWindowsToGoworkspaceson
hardwarecertiedforWindows8.1,Windows8,andWindows7alike.
Notethefollowinghostcomputerrequirements:
• Booting ThecomputermustbecapableofbootingfromaUSB
drive,andthedrivemustbedirectlyconnected;USBhubsare
notsupported.

• Firmware ThecomputercanuseUEFIorBIOS.
• Graphics The computer should have Microsoft DirectX 9 with
WindowsDisplayDriverModel1.2orlaterdriver.
• Processor Thecomputershouldhavea1GHzorfaster
processor,andthearchitecturecanbe32or64bit,asdiscussed
laterinthisguide.
• RAM The computer should have at least 2 GB of physical
memory.
• USB port ThecomputershouldhaveatleastoneUSB2.0or
3.0port.
Whenconsideringtheprocessorarchitecture,thermwareis
animportantconsideration.Table1onpage7describesthe
processorarchitectureconsiderationsforWindowsToGo.
NOTE
Windows To Go
workspaces are not
supported on Windows RT
orAppleplatforms.
7WINDOWS TO GO
Host firmware Host processor
arcHitecture
windows to Go
arcHitecture
BIOS 32-bit 32-bitonly
BIOS 64-bit 32-bitand64-bit
UEFI 32-bit 32-bitonly
UEFI 64-bit 64-bitonly
Select the USB drive for Windows To Go
TheUSBdriveusedforWindowsToGomustbeWindowsToGo
certied.WindowsToGo–certieddrivesareoptimizedfortherateof

I/OoperationsnecessaryforWindows.Theyarecapableofbooting
onhardwarecertiedforWindows7,Windows8,andWindows8.1.
Thedriveshavemanufacturerwarrantiesandaremeanttobeused
tosupportatypicalWindowsworkload.Severalhardwarevendors
offerthesedrivesinavarietyofsizes.See“WindowsToGoOverview”
at />hardwareforalistofcurrentlysupporteddrives.
NOTE AWindowsToGoimagerunningWindows8.1can
bootfromadrivethatcontainsabuilt-insmartcard.These
compositedrivescombineamassstoragedriveandsmartcard
inonedevice.Windows8.1canenumeratethesmartcardwhen
bootingfromtheWindowsToGodriveorbyconnectingthe
devicetoanotherhostmachine.Formoreinformation,see
“What’sNewinSmartCards”at />library/hh849637.aspx.
Understand Windows To Go image creation
EaseofdeploymentisakeyfeatureofWindowsToGo.AWindows8.1
releasetomanufacturing(RTM)imageisallthatisneededtobegin
theWindowsToGoimage-creationprocess.Alternately,youcanfully
TABLE 1 Processor
Architecture and
Windows To Go
NOTE
YoucanalsouseMicrosoft
System Center 2012 R2
CongurationManager
todistributeworkspaces.
SeetheMicrosoftTechNet
article“HowtoProvision
Windows To Go in
CongurationManager”
at http://technet.

microsoft.com/en-us/
library/jj651035.aspx for
moreinformation.
8WINDOWS TO GO
customizetheimagetoincludeapplicationsandothersettingsspecictothedeployment.Users
withlocaladministratorprivilegesandaWindows8.1Enterpriseimage(anunlikelyscenarioinan
educationsetting)canalsocreatetheirownWindowsToGoworkspace.Therefore,schoolITpros
willbethelikelysolecreatorsofWindowsToGoworkspaces.
If you do not customize the image, then you will need to provide for the resulting Windows To Go
workspacetobejoinedtothedomainandforapplicationstobeinstalledintheworkspace.You
can use Group Policy to manage the workspace, and you may want to customize certain settings
foryourenvironment.Seethesection“ManagingWindowsToGo”onpage15 or the section
“Imagedeploymentanddriveprovisioningconsiderations”intheTechNetarticle“Deployment
ConsiderationsforWindowsToGo”at />aspx#wtg_imagedep for more information on these Group Policy settings and Windows To Go
deployment.
YoucancreateaWindowsToGoworkspacebyusingtheWindowsToGoCreatorWizardor
WindowsPowerShellcmdlets.AfteryouhaveprovisionedtheworkspaceontoaUSBdrive,
youcanduplicatetheworkspaceontootherUSBdrives(assumingthattheworkspacehasnot
yetbeenstartedforthersttime).SeetheTechNetarticle“WindowsDeploymentOptions”at
for more information on Windows
DeploymentOptionsandthetopic“WindowsPowerShellequivalentcommands”in“Deploy
WindowsToGoinYourOrganization”at />aspx#BKMK_manualwtgimageformoreinformationonmanualWindowsToGoimagecreation.
Additionalresources:
• “DeploymentConsiderationforWindowsToGo”at />library/jj592685.aspx
• “WindowsToGo:FeatureOverview”at />• “TipsforconguringyourBIOSsettingstoworkwithWindowsToGo”athnet.
microsoft.com/wiki/contents/articles/12911.tips-for-conguring-your-bios-settings-to-work-
with-windows-to-go.aspx
9WINDOWS TO GO
Creating a Windows To Go drive
YoucanuseeitheroftwoprimarymethodstocreateaWindowsTo

Godrive:
• The Windows To Go Creator Wizard
• Windows PowerShell cmdlets
The method you use depends largely on the goals of the deployment
andtheskillsavailableforthedeployment.Regardlessofwhich
method you employ, the result is a USB drive with a Windows To Go
workspaceonit.
Table2 provides considerations to help you decide which method of
WindowsToGoworkspacecreationisrightforyou.
windows to Go
creator wizard
windows powersHell
Number of
workspaces needed
• Few
• USB duplicator
• Many workspaces with
potentially unique
congurationsforeach
Customizations
needed
• None
• Customized
image
• Custom provisioning
(e.g.,ofinedomainjoin,
partitioning,BitLocker)
required
Skills • IT generalist • IT pro with Windows
PowerShellexperience

Using the Windows To Go Creator Wizard
The Windows To Go Creator Wizard is a simple way to create a
WindowsToGoworkspacequickly.Thewizardcreatesafully
functionalworkspacewithjustafewmouseclicks.UsingtheWindows
To Go Creator Wizard involves selecting the USB drive along with the
Windowsimagetobeusedforthedeployment.Tousethewizard,
youmusthave:
TABLE 2 Choosing a
Windows To Go Creation
Strategy
10WINDOWS TO GO
• AWindowsToGo–certiedUSBdriveconnectedtothe
computer prior to starting the wizard
• AWindows8.1Enterpriseimage,eithertheRTMimageora
customizedimagethathasbeengeneralizedwiththeMicrosoft
SystemPreparationTool(Sysprep)
• Localadministratorprivileges
YoucanenableBitLockerduringtheWindowsToGoCreator
Wizard.Ifyouwillbeusingadriveduplicatortomakecopiesofthe
workspace,however,donotenableBitLockerfromthewizardbut
ratherafterdeployment.Seethetopic“EnableBitLockerprotection
foryourWindowsToGodrive”intheTechNetarticle“Deploy
WindowsToGoinYourOrganization”atrosoft.
com/en-us/library/jj721578.aspx#BKMK_4wtgdeploy for more
informationonenablingBitLocker.
The overall process for workspace creation involves the following
tasks:
1. Select the USB drive on which to create the Windows To Go
workspace.
2.Select the Windows image to use as an installation source for the

workspace.
3.Optionally,enableBitLockerontheworkspaceimmediately.
The process of workspace creation takes 20 to 30 minutes, and the
resultisthatyouhaveaWindowsToGoworkspaceontheUSBdrive.
Fromthatpoint,youcaneitherboottheworkspaceorduplicateitto
otherUSBdrives.
Using Windows PowerShell cmdlets
Use Windows PowerShell cmdlets to create Windows To Go
workspaceswhenyouneedadditionalexibility.WindowsPowerShell
enablesyoutocreateacustom,scriptedsolutionforlarge-scale
WindowsToGoworkspacecreation.
NOTE
Always safely eject the
USB drive when the
provisioning process is
complete.Removing
the drive in an unsafe
manner can result in an
unbootableWindowsTo
Goworkspace.
11WINDOWS TO GO
The tools used to create a Windows To Go workspace are essentially the same tools you use to
manuallyprovisionanddeployWindowsimages.Theyinclude:
• Disk partitioning cmdlets such as Clear-Disk, Initialize-Disk, New-Partition, Format-
Volume, and so on
• DeploymentImageServicingandManagement(DISM)
• Bcdboot
YouusethesetoolstoperformthesamestepsmanuallythattheWindowsToGoCreatorWizard
performs.Theprocessincludesthefollowingtasks:
1. PartitiontheUSBdrive,includingFAT32-andNTFSlesystem–formattedpartitions.

2.UseDISMtoapplytheWindowsimage.
3.Use BcdboottoenablethesystemtostartonUEFIandBIOSsystems.
4.UseDISMtoapplyastorageareanetworkpolicytopreventtheinternaldisksfrombeing
used.
5.CreateananswerletodisableWindowsRE.
LiketheWindowsToGoCreatorWizard,theresultwhenusingWindowsPowerShellisthat
youhaveaWindowsToGoworkspaceontheUSBdrive.See“DeployWindowsToGoinYour
Organization”at for
moreinformationaboutscriptingWindowsToGoprovisioningbyusingWindowsPowerShell.
Additionalresources:
• “DeployWindowsToGoInYourOrganization”at />jj721578.aspx
• “GettingStartedwithWindowsPowerShell”at />hh857337.aspx
• Windows PowerShell User’s Guide at />aspx
12WINDOWS TO GO
Starting a Windows To Go drive
UsersofWindowsToGoneedtocongurethehostcomputerto
bootfromUSB.FordevicesrunninganearlierversionoftheWindows
operatingsystem,theUSBbootoptioncanbeenabledinthedevice’s
rmware,suchastheBIOS.ForcomputersrunningWindows8or
Windows8.1,theWindowsToGoworkspacecanalsobecongured
tostartusingWindowsToGoStartupOptions.OntheStartscreen,
press the Windows logo key + W, and then search for Windows To
Go startup optionstocongurethecomputertobootfromaUSB
drive.Changingthissettingrequiresadministratorprivileges.Youcan
alsosettheoptiontobootfromaUSBdrivebyusingGroupPolicyfor
Windows8andWindows8.1.
Regardless of whether you are using a Windows 7 host computer or
aWindows8.1hostcomputer,usecautionwhenenablingbootfrom
USBdevices.Doingsomayopenanattackvectorifthecomputeris
bootedfromaUSBdrivecontainingmalware.

WhenpreparingacomputertobootintoaWindowsToGo
workspace, make sure the computer is not currently in a sleep
state.TheUSBdrivewiththeWindowsToGoworkspaceshouldbe
connected directly to a USB port on the computer, not through a USB
hub.
Additionalresources:
• “DeploymentConsiderationsforWindowsToGo”athttp://
technet.microsoft.com/en-us/library/jj592685.aspx
NOTE
Additional considerations
existwhenusinga
computer running
Windows 7 as a host
computer.See“Tipsfor
conguringyourBIOS
settings to work with
WindowsToGo”athttp://
social.technet.microsoft.
com/wiki/contents/
articles/12911.tips-for-
conguring-your-bios-
settings-to-work-with-
windows-to-go.aspx for
moreinformation.
13WINDOWS TO GO
Enabling the Windows Store
TheWindowsStoreisenabledbydefaultonWindowsToGodrivesrunningWindows8.1.Userscan
startthedriveonanynumberofhostcomputers,accesstheWindowsStore,andruntheirapps.
InWindows8,theWindowsStoreisdisabledinaWindowsToGoworkspacebydefault,because
appspurchasedthroughtheWindowsStorearetiedtothedevice’shardwareandcanbeinstalled

onasmanyasvedevices.ThismeansthattheappwillnotruniftheWindowsToGoworkspaceis
bootedfrommorethanvedifferentdevices.
YoucanenabletheWindowsStorebyusingtheAllow Store to install apps on Windows To Go
workspaces GroupPolicysettingfoundat\ComputerConguration\AdministrativeTemplates\
WindowsComponents\Store.Usethispolicysettingwhentheworkspacewillbebootedfromthe
sameoralimitednumberofcomputers.
IftheWindowsStorewillremaindisabled,Microsoftrecommendsthatyouremovethedefault
WindowsStore–relatedapps,suchasSportsorNews,fromtheWindowsToGoworkspaceimage.
TheseappsareupdatedthroughtheWindowsStoreandthereforecannotbeupdatedwiththe
WindowsStoredisabled.Educationalappsthatyousideloadareunaffectedbythispolicyandcan
stillbeloaded,run,andmanagedthroughnormalappmanagementprocesses.
Additionalresources:
• Windows Store apps: A deployment guide for education at />download/details.aspx?id=39685
• “ManagementofWindowsToGousingGroupPolicy”at />library/c598d28c-5829-42ce-8d43-a7a5a4382537#BKMK_wtggp
• “HowtoAddandRemoveApps”at />aspx
• “ManagingClientAccesstotheWindowsStore”at />library/hh832040.aspx
• “PrepareYourOrganizationforWindowsToGo”at />library/0fd52a81-c871-4567-aaaf-bd29c2ee65d4
14WINDOWS TO GO
Activating Windows To Go workspaces
WindowsToGocanuseActiveDirectory-BasedActivation(ADBA)andKeyManagementService
(KMS)activation,similartoatypicalinstallationofWindows8.1.However,WindowsToGocannot
useMultipleActivationKey(MAK)activation,asMAKactivationbindstothehostcomputer’s
hardware.WindowsToGousesastandardWindowslicenseandcountsasaninstallationfor
applicablelicensingagreements.
TheWindowsToGoworkspaceneedstorenewitsactivationevery180days.Itdoesthiswhenever
theworkspaceisbootedwithintheschool’snetworkorwhenusingaremoteconnectionlike
DirectAccessoraVPN.Ifworkspacesarenotusedwithinthe180-dayperiod,youwillneedto
reactivatethembyconnectingthemtothenetworkcontainingtheADBAorKMSservices.
Applicationstobeusedwithintheworkspacemightalsoneedtobeactivated.Ofce2013usesthe
sameactivationmethodsasWindowsToGo,butsoftwarefromothervendors,suchasLMSsand

othereducationalapplications,mighthavedifferentlicensing.VerifytheWindowsToGousage
scenariowiththeappropriatevendorstoensurelicensingcompliance.
Additionalresources:
• “PlanforVolumeActivation”at />• “UnderstandingKMS”at />• “ActiveDirectory-BasedActivationOverview”at />hh852637.aspx
• “VolumeactivationofOfce2013”at />aspx
15WINDOWS TO GO
Managing Windows To Go
YoucanusethesameWindowsmanagementtoolswithwhichyouarealreadyfamiliartomanage
WindowsToGodrives.YoudonotneedtolearnanynewtoolstomanageWindowsToGowithin
yourinstitution.Forexample,youcanmanageWindowsToGoworkspacesbyusing:
• Group Policy See“GroupPolicy”at />aspxformoreinformation.
• Windows Intune See“WindowsIntune”at />aspxformoreinformation.
• System Center 2012 Conguration Manager See“SystemCenterCongurationManager”
at />YoucanalsouseGroupPolicytomanageWindowsToGo,andMicrosoftrecommendsthatyou
createaseparateorganizationalunit(OU)fortheWindowsToGoworkspacesandoneforhost
computers.YoucanusetheOUforWindowsToGoworkspaceto:
• Change settings for the Windows Store
• Changestandbysleepstates
• Changehibernatesettings
YoucanusetheOUforhostcomputerstoprovidegranularcontrolovertheWindowsToGo
StartupOptionssothatonlycertaincomputerswillbeconguredtobootfromtheUSBdrive.
Group Policy settings related to the Windows To Go workspace
ThesettingsinthefollowinglistareparticulartoWindowsToGoworkspaces:
• Allow hibernate (S4) when started from a Windows To Go workspace This policy setting
specieswhetherthePCcanusethehibernationsleepstate(S4)whenstartedfroma
WindowsToGoworkspace.Bydefault,hibernationisdisabledwhenusingWindowsToGo
workspaces,soenablingthissettingexplicitlyturnstheabilitybackon.Whenacomputer
entershibernation,thecontentsofmemoryarewrittentodisk.Whenthediskisresumed,itis
importantthatthehardwareattachedtothesystemaswellasthediskitselfareunchanged.
ThisisinherentlyincompatiblewithroamingbetweenPChosts.Hibernationshouldonlybe

usedwhentheWindowsToGoworkspaceisnotbeingusedtoroambetweenhostPCs.
16WINDOWS TO GO
• Disallow standby sleep states (S1–S3) when starting from
a Windows To Go workspace Thispolicysettingspecies
whetherthePCcanusestandbysleepstates(S1–S3)when
startedfromaWindowsToGoworkspace.Thesleepstatealso
presentsauniquechallengetoWindowsToGousers.When
acomputergoestosleep,itappearsasifitwereshutdown.
ItwouldbeeasyforausertothinkthataWindowsToGo
workspace in sleep mode were actually shut down, and the
usercouldremovetheWindowsToGodriveandtakeithome.
Removing the drive in this scenario is equivalent to an unclean
shutdown, which may result in the loss of unsaved user data or
thecorruptionofthedrive.
Moreover,iftheusernowbootsthedriveonanotherPCand
bringsitbacktotherstPC,whichstillhappenstobeinthe
sleepstate,itwillleadtoanarbitrarycrash,andeventually
corruptionofthedriveresultsintheworkspacebeingunusable.
Ifyouenablethispolicysetting,theWindowsToGoworkspace
cannotusethestandbystatestocausethePCtoentersleep
mode.Ifyoudisableordonotcongurethispolicysetting,the
WindowsToGoworkspacecanplacethePCinsleepmode.
• Allow Store to install apps on Windows To Go
workspaces This policy setting allows or denies access
to the Store application from a Windows To Go workspace
runningWindows8.(Thispolicydoesnotapplytodevices
runningWindows8.1.)Ifyouenablethissetting,accessto
the Store application is allowed from the Windows To Go
workspace.EnablethispolicysettingonlywhentheWindows
ToGoworkspacewillbeusedwithasinglePC.Whenroaming

Windows To Go devices to multiple PCs, installing applications
fromtheWindowsStoreisnotasupportedscenario.However,
sideloaded Windows Store apps can run in Windows To Go
workspacesevenwhenroamedamongmultiplePCs.Ifyou
disableordonotcongurethispolicysetting,accesstothe
Windows Store application is denied on the Windows To Go
workspace.
NOTE
For the host PC to resume
correctlywhenhibernation
isenabled,theWindows
To Go workspace must
continue to use the same
USBport.
17WINDOWS TO GO
Group Policy settings related to the host computer
The Windows To Go Default Startup Options policy setting
controlswhetherthehostcomputerbootstoWindowsToGoifa
USB device containing a Windows To Go workspace is connected and
controls whether users can make changes using the Windows To
Go Startup Options settingsdialogbox.Ifyouenablethispolicy
setting,bootingtoWindowsToGowhenaUSBdeviceisconnected
willbeenabled,anduserswillnotbeabletomakechangesusingthe
Windows To Go Startup Options settingsdialogbox.Ifyoudisable
thispolicysetting,bootingtoWindowsToGowhenaUSBdeviceis
connectedwillnotbeenabledunlessausercongurestheoption
manuallyinthermware.Ifyoudonotcongurethispolicysetting,
userswhoaremembersofthelocalAdministratorsgroupcanenable
ordisablebootingfromUSBbyusingtheWindows To Go Startup
Options settingsdialogbox.

Additionalresources:
• “PrepareYourOrganizationforWindowsToGo”athttp://
technet.microsoft.com/en-us/library/jj592678.aspx
• “DeploymentConsiderationsforWindowsToGo”athttp://
technet.microsoft.com/en-us/library/jj592685.aspx
NOTE
Enablingthispolicy
setting causes PCs running
Windows8.1toattemptto
bootfromanyUSBdevice
that is inserted into the PC
beforeitisstarted.
18WINDOWS TO GO
Storing user data and settings
InatypicalWindowsinstallation,userdataandsettingsarestoredonthecomputer’sinternaldisk.
However,withWindowsToGo,accesstotheinternaldiskisdisabled.Dataandsettingsareinstead
storedwithintheworkspaceitselfontheUSBdrive.Microsoftdoesnotrecommendthisscenario.
TheUSBdrivewiththeWindowsToGoworkspacecontainsnorecoveryoptions;therefore,ifthe
driveislostordamaged,theuserwilllosetheirdataandsettings.Withthisinmind,usersneeda
method to access their data and settings from multiple locations when using the Windows To Go
workspace.
MultipleoptionsareavailableforaccesstodataandsettingsfromwithinaWindowsToGo
workspace.Forexample,UE-VwithFolderRedirectionandOfineFilesisanexcellentwayto
separatedataandsettingsfromtheworkspaceandenablethemtoroam.Thesetechnologies
requirelittleinfrastructureandareveryeasytocongure.
Iftheinfrastructureorexpertiseisnotavailableforthesetechnologies,SkyDriveisalsoanoption.
SkyDrivecanbeusedtosynchronizebothdataandsomeWindows8.1settings(e.g.,Internet
ExplorerFavorites,desktopwallpaper,andsoon)whenloggingontotheWindowsToGo
workspacewithaMicrosoftaccount.
Table3describestheoptionsfordataandsettingstorage.

TABLE 3 Options for Data and Setting Storage in Windows To Go
local storaGe in tHe
windows to Go
workspace
ue-V witH folder
redirection
skydriVe
Conguration
Requires no additional
conguration
Requires agent
installation in the
workspace and Group
Policy infrastructure
Requires minimal
conguration;must
log on with a Microsoft
account for settings to
besynchronized
IT expertise None IT pro End user
Backup None
Usesbackupmethods
already in place in the
infrastructure
Cloud-basedservice
thatisbackedupinthe
datacenter
Data and settings
roaming
None Yes

Yes,aslongasa
Microsoft account is
used
Bandwidth used None Intranet Internet
19WINDOWS TO GO
UE-V with Folder Redirection
UE-V with Folder Redirection provides access to data and settings for a consistent desktop
experiencenomatterwheretheuserlogson.Itistherecommendedmethodforprovidingaccess
todataandsettingswithWindowsToGo,becauseitprovidesthebestcombinationofexibility
andmanageabilityformostinfrastructures.
UE-VwithFolderRedirectionconsistsofseveralcomponentsthatcombinetoprovideaseamless
virtualizedexperience:
• UE-V UE-Vsynchronizesusers’settingswithasimplenetworkleshare.Changesmadeto
Windowsandapplicationsettingswillbesynchronizedwiththeleshareandavailablewhen
userslogontotheirWindowsToGoworkspaceoranydomain-joinedPC.
• Folder Redirection Folder Redirection stores user data and application-related data on a
lesharesothatusercanaccessthedataregardlessoflogonlocation.
• Ofine Files OfineFilesensurethatlesandfoldersareaccessibleevenifthedeviceis
currentlydisconnectedfromthenetwork.ThisincludestheUE-Vsettingsstoreandany
redirectedfolders.ConguringOfineFilesisessentialifstudentsareallowedtotaketheir
WindowsToGoworkspaceshomewiththem.
Cloud storage
CloudstorageisaviableoptionforkeepinguserdatainaWindowsToGodeployment.When
consideringcloudstorage,SkyDriveandOfce365providemanyoptions.
AnyonecanobtainSkyDrivestorage,andMicrosoftprovidesupto7GBofspaceatnocost.Users
canpurchaseadditionalspace,ifnecessary.Visit
formoreinformationonSkyDrive.SkyDriverequiresaMicrosoftaccount,andstudentsunder
theageof13requireparentauthorization.Formoreinformation,seeWindows 8.1 deployment
planning: A guide for education at />Ofce365alsooffersafullversionofOfce,withstorageavailableinthecloud.Thisisaviable
optionifOfcewillbetheprimarytoolusedintheWindowsToGodeployment.Ofce365offers

educationalinstitutionplans,includingafreetierforstudentsandfaculty.
WithSkyDrive,bothdataandsettingscanbestoredinthecloud.Thesesettingscanincludethings
likeInternetExplorerfavorites,desktop,andothersettings.IfSkyDriveisdisabledthroughGroup
Policy,itwouldalsobedisabledforbothdataandsettingsstorage.However,ifyoucreateanew
OUfortheWindowsToGodrives,thenSkyDrivecouldbeenabledforthatOUspecically.
20WINDOWS TO GO
Additionalresources:
• Windows User State Virtualization at />aspx
• “UserExperienceVirtualization”at />aspx
• SkyDrivewebsiteat />• “Ofce365Deployment”at />• “SecurityandDataProtectionConsiderationsforWindowsToGo”atrosoft.
com/en-us/library/jj592679.aspx
• “SupportingInformationWorkerswithReliableFileServicesandStorage”athttp://technet.
microsoft.com/en-us/library/hh831495
• “FolderRedirection,OfineFiles,andRoamingUserProlesOverview”athttp://technet.
microsoft.com/library/hh848267
• “OverviewofuserandroamingsettingsforOfce2013”at />us/library/jj733593.aspx
21WINDOWS TO GO
Conguring Windows To Go for remote access
Enablinguserstoaccessnetworkresourcesfromoff-campuslocationssuchasathomeisan
importantaspectoftheWindowsToGousagescenario.Toprovideaccesstonetworkresources,
youmightdeployaremoteaccesssolution.WindowsToGocanusesuchalready-supported
remoteaccesssolutionsas:
• DirectAccess DirectAccessprovidesanadvancedremoteaccesssolutionthatenablesbuilt-
insecurity,monitoring,andintegrationwithotherMicrosoftenterpriseservices.
• Traditional VPN-based solution AVPNisalsosupportedasameanstoenableremote
accessfromWindowsToGo.Windows8.1addssupportforawidervarietyofVPNclients.
• Auto-triggered VPN UseanapporresourcethatneedsaccessthroughtheinboxVPN(e.g.,
acompany’sintranetsite)andWindows8.1automaticallypromptstosigninwithoneclick.
ThisfeatureisavailablewithMicrosoftandthird-partyinboxVPNclients.
Seethesection“CongureWindowsToGoworkspaceforremoteaccess”intheDeploy Windows

To Go in Your Organization guide at for
moreinformation,includingWindowsPowerShellscriptsrelatedtotheremoteaccessdeployment.
Additionalresources:
• “RemoteAccess(DirectAccess,RoutingandRemoteAccess)Overview”athttp://technet.
microsoft.com/library/hh831416
• “DeployWindowsToGoinYourOrganization”at />jj721578.aspx
• Ofine Domain Join (Djoin.exe) Step-by-Step Guide at />library/dd392267(WS.10).aspx
• “What’sNewinRemoteAccessinWindowsServer2012R2”at />en-us/library/dn383589.aspx
22WINDOWS TO GO
Securing Windows To Go drives
AkeysecurityconsiderationforWindowsToGodeploymentistheuseofBitLocker.BitLockerhelps
toprotectthedatawithintheworkspaceiftheUSBdriveislost.UsingBitLockercanhelpprotect
students’securityandprivacyintheeventofalostWindowsToGoworkspace.
Asdescribedearlier,BitLockerinaWindowsToGoworkspacedoesnotusetheTPM.Theuser
insteadispromptedforapasswordtounlockthedrive.Youcancontrolthepasswordpolicy
throughGroupPolicy;bydefault,passwordsareeightcharactersinlength.
Whenrstinsertedintotheprovisioningcomputer,theUSBdrivetobeusedfortheworkspace
isconsideredanormalremovabledatadrive.Thedrivemusthaveoneormorevolumesalready
dened.Inaddition,youmayneedtochangeGroupPolicysettingsrelatedtoBitLockertouse
theWindowsToGoCreatorWizardwithBitLocker.Thesepolicies,whicharefoundinComputer
Conguration\Policies\AdministrativeTemplates\WindowsComponents\BitLockerDrive
Encryption,include:
• Control use of BitLocker on removable drives ControlswhetherBitLockercanbeusedon
removabledrives.Thispolicymustbeenabled.
• Congure use of smart cards on removable data drives Ifthispolicyisenabled,signin
withyoursmartcardpriortobeginningtheWindowsToGoCreatorWizard.
• Congure use of passwords for removable data drives The computer on which you run
theWindowsToGoCreatorWizardmustbeabletoconnecttoadomaincontrollerwhenthis
setting, along with the Require password complexityoption,areenabled.
• Require additional authentication at startup This setting, which you must also change,

enablestheuseofpasswordswithanoperatingsystemdrivesothatBitLockercanbe
conguredwithintheworkspace.EnablethesettingbyselectingtheAllow BitLocker
without a compatible TPMoption.
AnoptionthatenableseasiermanagementofBitLockerisMicrosoftBitLockerAdministrationand
Monitoring(MBAM).MBAM,whichispartoftheMicrosoftDesktopOptimizationPack,isavailable
withMicrosoftSoftwareAssurancelicensing.Visit />enterprise/products-and-technologies/mdop/mbam.aspxformoreinformationonMBAM.