Windows To Go

What does “Windows To Go” mean

Windows To Go is a feature in Windows 8.1 Enterprise, Windows 8 Enterprise, Windows 10 Enterprise, and Windows 10 Educational that allows them to boot and run from certain USB mass storage devices such as USB flash drives and external hard disk driveswhich have been certified by Microsoft as compatible. It is a fully manageable corporate Windows environment and includes an user’s OS, application, settings and files.

It is intended to allow enterprise administrators to provide users with an imaged version of Windows that reflects the corporate desktop, as an ideal and easy solution to support BYOD policies for both employees as well as for Contractors and Teleworkers.

Differences from standard installation

Drive removal detection:
As a safety measure designed to prevent data loss, Windows pauses the entire system if the USB drive is removed, and resumes operation immediately when the drive is inserted within 60 seconds of removal. If the drive is not inserted in that time-frame, the computer shuts down after those 60 seconds to prevent possible confidential or sensitive information being displayed on the screen or stored in RAM. It is also possible to encrypt a Windows To Go drive using BitLocker or to use hardware encrypted devices.

Driver configuration:
The first time Windows To Go boots on a particular computer, it installs the drivers for that particular hardware and multiple reboots may be required. Subsequent booting operations go straight into Windows 8.

Windows Store:
For Windows 8.1, the Windows Store is enabled and working by default in Windows To Go. In Windows 8 the Windows Store cannot be accessed on a Windows To Go installation: those attempting to visit the Store will receive an error message. A Group Policy Object exists to manage this. Using Group Policy, Windows Store can be enabled for a Windows To Go workspace (limited to one PC) and Store apps can be used on that workspace.

Local hardware inaccessible:
In default configurations, Windows To Go installations do not see the local hard disk drive or solid-state drive present in a host computer. This can be changed by policy.

Use Cases for Windows To Go

Contractors/Temporary Employees

Most enterprises incur significant overhead and expense when provisioning contract workers with the computing resources they need to do the work they are contracted to do. In addition, network access and information rights become a large concern – balancing the productivity of the contract workers without compromising corporate network security. And the problems don’t stop there. Because this workforce is temporary in nature and ever changing, the need to be able to remotely manage or disable devices and data become an important component of risk management.<br />


Today, most enterprises offer employees some form of flexible work schedules —including either full or part-time work-from-home arrangements. But how do you do it? There is no budget to buy new PCs for teleworkers and as a result these workers are using their own computers as the primary tool for their work and network access. How can your help desk cope with hundreds or thousands of home computers with varying versions of operating systems and varying patch levels, running all of the different applications your employees and their families have installed, including very real threat of malware and viruses?

VDI Endpoints

VDI applications extend the secured endpoint of the enterprise in an effort to reduce operating costs, provide users with wide choices of devices including their own computer platforms (BYOD/BYOC), operate seamlessly from their workplace of choice, whether it be from their home, at a WiFi hotspot, or a remote office location (BYON). Based on an application store executing in the corporate cloud, whether it be public or hybrid, VDI also promises to improve application performance, and enhance corporate security against malware and loss of sensitive data. Where the challenges of VDI Endpoints dramatically occur is in the BYOD/BYOC/BYON space, where uncontrolled computer platforms with varying level of security, patch implementation, and operational environments communicate openly over public networks with varying degrees of authentication and security functions.

Computer Replacement

Your company has older machines still in operation but they do not have the horsepower or memory to run new operating systems or applications efficiently. Until now, your only option was to buy new hardware and software, creating a huge budgetary mess and expense and sending hundreds of laptops and desktops to storage or landfill. Documented business cases have shown that an IT organization can save up to 75% in per-employee IT costs by issuing a hardware-encrypting Windows To Go live drive with repurposed older PCs and Macs and eliminate the need to purchase new laptops.<br />


Your organization allows employees to use their own computers at work to save money and get off of the PC upgrade wagon. According to a late 2014 survey by BMC, it is estimated that the average BYOD-carrying employee works an extra two hours and sends 20 more emails every day! This increase in employee productivity is complemented by the reduction in IT costs by not providing computers.<br /> But how do you enforce strong separation of personal and company information, prevent company data from leaking out through personal email accounts or social media, and ensure that terminated employees do not pass confidential information on to their new employers? And also how do you cost-effectively support these users with the necessary applications and network access while they are all running on different platforms? Equally important are the issues of security compliance in regulated industries with standards such as HIPAA, Sarbanes-Oxley, and FDA 21 CFR 11.

Cloud Computing & Secure Access

There is no doubt, we now live in the Cloud! We rely on network access for most of our applications and documents. The ability to login in and be productive from virtually anywhere increases productivity and the convenience outweighs most of the risks. But there are very real risks and for certain documents the Cloud is not enough. DropBox, iCloud, Google and all Cloud-based solutions work hard to protect their data with varying forms of login authentication and “data at rest” protections…but it is not enough. Stored corporate data is at risk if the Cloud is part of the solution.

SPYRUS Windows To Go live drives turn personal computers, including many Macs (service provided by SPYRUS), into compliant enterprise Windows desktops-with or without connectivity. SPYRUS Windows To Go drives boot the OS and completely bypass the host computer’s hard drive. There is no impact on the host computer and no footprint left behind when the drive is shut down.

Discover more

Want to learn more?

Do you need more information about the configuration and the deployment of the Windows To Go live drives? No worries, we can help!
Contact us

Data Encryption

Discover the best solution among today’s market wide and different encryption offerings, and look at the introduction of the GDPR as a new opportunity to improve your organization’s cybersecurity.

Read More

Anti-Malware Protection

USB peripherals can turn into a dangerous vector of malware (the so-called BadUSB), due to an inherent vulnerability of their architecture. USB manufacturers can deal with that issue making the USB drives “secure-by-design”.

Read More

Remote Support

More and more sophisticated technologies and high-speed connections allow to gain access to and control machines thousand of miles far, in total security. Discover how a remote desktop software solution can improve your business.

Read More

Social Engineering

Did you know that 91% of successful data breaches started with a spear-phishing attack? Cyber-attacks are rapidly getting more sophisticated. An  adequate training can help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks.

Read More