Windows To Go

One of my favourite enterprise features that Microsoft is adding to Windows 8 is Windows To Go, which lets you provision a desktop on a USB flash drive and take it with you to boot on any hardware that meets the usual Windows 8 requirements. An IT department can build a desktop image, with applications installed (perhaps some of the intranet apps that you wouldn’t let your staff install on their home PC), and even domain join it before passing it to someone who needs to travel light, or who wants to be able to do some sensitive work on their personal laptop (the one that’s full of spyware and crap because their kids have had the ability to install anything – you know the one – it’s got so many browser toolbars that any web page is only an inch or two tall!). You can even secure it with BitLocker, without requiring a TPM chip in the hardware that’s going to host it.

Speaking of that host hardware, as I said, so long as it would support Windows 8 and will boot from USB, then you’re good to go. You won’t have access to any internal drives in that hardware (unless you’re also the administrator of that machine), but you will be able to use additional devices that you’ve plugged into its other USB ports, for example. When you use Windows To Go on a host PC for the first time, it’s going to do some plug’n’play detection (which may take a few minutes), then continue to boot. Every new bit of hardware is going to be stored in a profile, so the next time you use the same host it’s going to boot much faster (about as fast as you would expect from an internal drive).

Windows To Go isn’t, as a recent TechTarget mailing so cleverly pointed out, the answer to all your “Consumerisation of IT” dreams – they astutely observed that Windows To Go won’t run on an iPad. Running Windows from a USB flash drive on a device that has no USB port is apparently beyond Microsoft – shame on them! ;-)

As an additional security measure, if you need to exit in a hurry (I like to imagine myself using Windows To Go behind enemy lines while I’m on some kind of secret mission – I don’t know why!), then you can just pull the drive out and the machine will freeze. If you don’t push it back into the same USB port within 60 seconds then the machine will reboot. If you knocked it out by accident (because the guy entering the internet cafe wasn’t actually a SPECTRE assassin hot on your heels), then you can plug it back in and carry on – if you were playing a video at the time, for example, it’ll take under a second to continue playback.

So to recap, as the IT guy, you can give somebody a Windows 8 instance (which you trust) that they can boot on their own hardware (which you don’t trust!), and you can continue to manage that instance like you would any other domain computer. You can give them software that you wouldn’t let them install on an untrusted computer without all the expense of giving them a trusted computer that you’ve configured. Just as importantly, your user can do important work stuff on the shiny new laptop that they bought for themselves without having to give it to you so that you can configure it and take away their admin rights. It’s a fantastic step in the right direction where “Bring Your Own Device/Computer” (BYOD/BYOC) is concerned.

With Windows 8 just in Consumer Preview (and Windows Server 8 in Beta) at present, all the details aren’t fully released about this feature yet, so some of this may not be 100% acurate at the time you read this:

You need at least a 32GB (my test image has Windows 8, Office 2010, Windows Live Essentials and a bunch of files on it and it still has 15GB free). The drive should be USB 3.0, although it’s going to work when plugged into a USB 2.0 port. These flash drive aren’t aren’t especially cheap at the moment, and they don’t all work as you’d hope…

When OEMs build drives, they have firmware that includes (among other things) a Removable Media Bit. The RMB is the thing that tells Windows whether the drive is “fixed” or “removable” (it defines the seperation in Windows Explorer). The trouble is that if you get one where the RMB is set to “removable” then Windows won’t do certain things with it. It won’t let you partition the drive, so you can’t use BitLocker; it won’t run Windows Update (including standalone WU packages); it won’t let you download apps from the Microsoft Store, and I dare say there are other things that I haven’t come up against yet. With some drives you can flip the value of the RMB, but on the Kingston DT Ultimate G2 32GB that I have, you can’t (I asked Kingston about this and told them why it was an issue – they’re going to bear it in mind for future products).

The upshot is that while you may be able to get Windows To Go to work today, you might not be able to do everything with it, and you might want to exercise caution before buying a load of drives, even if someone says that it works with a particular model.

All that said, if you want to give it a go, there are step-by-step instructions on the TechNet wiki, and a very informative video from the 2011 BUILD conference. Also, Ars Technica has an step-by-step with a slightly different method, using the WAIK and a single partition, so you can do it on a “removable” drive (although you can tweak the TechNet steps to do that too).

Before I forget (and because this is one of the things that I was asked at the TechDays UK IT Camp this week), you are going to be activating Windows via AD or a key management server, hence my pointing out right at the start of this post that this is an enterprise feature.

NEBytes: Windows 8 and Imagine Cup North East

If you’re in the North East of England, get yourself along to NEBytes tomorrow evening (Wednesday 21st March). I’m collaborating with Ben Lee and Ross Dargan to give you as much depth as you can handle on Windows 8, and we’re getting to see what some of the student teams have been doing for the Imagine Cup.

There’s plenty space, so come and join us at Newcastle University (Claremont Tower, room 1.02) from 18:30 – please register at Eventbrite if you’re coming.

Microsoft Script Explorer for Windows PowerShell

Attendees of my presentation to NEBytes in January got an early look at this, but now everyone can join in the fun because today sees the public release of Beta 1 of Microsoft Script Explorer for Windows PowerShell.

An add-in for the PowerShell ISE, as well as a standalone application, Script Explorer brings together a number of online repositories for PowerShell scripts, snippets and modules, like the TechNet Script Center and PoshCode, as well as How To guidance, to make them easy to search and browse. This is particularly useful for people new to PowerShell to find examples of code from which they can learn, but also helps more experienced users to avoid re-inventing wheels.

It’s true that all of the online resources can currently be found through appropriate use of your favourite search engine, but where Script Explorer goes beyond that is in giving you the ability to search your local file system and script repositories on your network. You can create a corporate script repository and then use Script Explorer as a friendly front-end to enable others in your organisation to make use of your production-ready scripts (NB. Script Explorer isn’t a development tool, so you don’t get things like version control – that’s why I say you should only point it at production-ready code).

Script Explorer is fully extensible, so you can configure your own focus areas and repositories. The web-based content is accessed through an aggregator that Microsoft are managing, so they can add additional resources dynamically too.

I’ve already started to build a corporate repository for all the scripts and snippets that I’ve been writing over the years – useful work that I perhaps haven’t been sharing with colleagues as well as I might. I’m able to break those down into the focus areas that are specific to the services we provide and deploy that config with Script Explorer to the rest of my team. It’s a definite improvement on the current hierarchical folder structure that we’re using on a network share.

You can go ahead and download Microsoft Script Explorer for Windows PowerShell Beta 1 now, and if you have any issues or feedback, there’s a TechNet forum dedicated to Script Explorer.

Please, please, please always be careful about running any code that you find online, even through Script Explorer. Make sure that you understand what impact it’s going to have on your environment before you run it. If you can’t be quite sure, try dropping a few -whatif and -confirm parameters on any cmdlet that looks like it might alter/create/delete anything and if possible, run it on a test system before it goes anywhere near anything that’s in production.

PowerShell Web Access on the Windows Server 8 Beta

One of my favourite features of Windows Server 8 is Windows PowerShell Web Access. This essentially presents a basic PowerShell console over HTTPS, hosted by IIS8. When I get an email on my phone saying that a new support ticket has come into my team while I’m on the train commuting to/from the office, in lots of cases I can just launch PSWA on the phone and solve it pretty quickly.

Microsoft have provided some fairly comprehensive documentation on the deployment process for PSWA at It has changed significantly between the Developer Preview and the Beta, adding some cmdlets to do the configuration and ensuring that you can more or less deploy PSWA without any knowledge of IIS.

PSWA provides a remote PowerShell session, so the login screen asks for your credentials as well as a computer to connect to. You can supply different credentials to the PSWA server and the remote target, plus you can target specific remote target configurations on the endpoint. That means as an admin, you could setup a limited endpoint and tell a less privaledged user how to connect to it via PSWA, perhaps giving them the ability to explore but not alter some things.

That screenshot is PSWA in the Chrome Beta on Android 4 (ICS) on an Asus Transformer Prime. You can just about see the interface elements along the bottom of the PSWA UI there. There’s a Tab button, which lets you do tab-completion on devices like phones and tablets where the virtual keyboard doesn’t have a Tab key (clever!). And you’ve got some up and down arrows to navigate your command history. It’s pretty darned good for a v1.0.

I setup a Windows Server 8 Beta machine in my domain with a proper SSL certificate and it all worked like a charm. I’d had some issues earlier with using a test cert created by the Install-PswaWebApplication cmdlet on a standalone server, so I’m going to spend a bit of time later working out what was up there and if I find it wasn’t just me, I’ll share that info.

It’s worth saying that you can’t have multiple instances of PSWA running on the same server, so if you don’t want to install an application called “pswa” inside the “Default Web Site”, then you should specify WebSiteName and WebApplicationName parameters when you’re installing first time otherwise you’ll have to strip it out and start again.

There are some things that I’d like to see added to PSWA over time. One of them is the addition of more UI buttons like the Tab for commonly used PowerShell characters that aren’t so easily accessible on phone virtual keyboards, like | { } ` $_ (if you agree, you can vote up my suggestion on Connect). I’d also like to see support for snippets – this would be particularly useful on devices without a full keyboard.

Learn PowerShell in a series of free Live Meetings

On Monday 12th March, Ed Wilson, the Microsoft Scripting Guy, is starting a week of free Live Meetings to get beginners up to speed with Windows PowerShell. The live sessions are at 10am(Pacific) each day, so that’s 7pm in the UK, but they’ll also be recorded and available at the TechNet Script Center’s Learn PowerShell page, where you can already find some great content.

The Windows PowerShell for the Busy Admin series covers the following:

Session 1PowerShell SmowerShell or: Why Bother to Learn Windows PowerShell

In this session, Microsoft Scripting Guy ,Ed Wilson, discusses the fact that in addition to being the management future for Microsoft products, Windows PowerShell offers a number of compelling reasons for learning it. These reasons include the following: it is powerful and provides the ability to collect and to consolidate information from multiple remote systems into a centralized view of the data. It is safer than many other tools, and offers the ability to prototype a command prior to the command execution. There is also a confirmation mode that will allow a network administrator or other IT Pro the ability to selectively step through a group of commands to cherry pick commands to execute or ignore. Windows PowerShell also has built in logging that provides documentation of not only what commands are executed, but the resultant output from those commands. In addition, Windows PowerShell contains numerous features to promote a high level of discoverability and intuitive usability. This session is heavy with practical tips and demonstrations.

Session 2Heard It Through the Pipeline or: How to Compound PowerShell Commands for Fun and Profit

One of the most basic and one of the most powerful features of Windows PowerShell is the pipeline. By using the Windows PowerShell pipeline, one can take a basic set of cmdlets and build a nearly infinite assortment of useful commands. And yet, all of this boils down to using the pipeline to perform essentially four types of activities. The first is to use the pipeline to retrieve items and to work on them. The second is to use the pipeline to filter out data. The third basic use of the pipeline is to persist information. Lastly, the use of the pipeline to format output. In this session, all four basic uses of the pipeline are covered with a heavy dose of demos.

Session 3Sole Provider? Not Hardly or: A Look at Windows PowerShell Providers

One of the revolutionary concepts in Windows PowerShell is the idea of PowerShell providers. Windows PowerShell providers provide a singular way to access different types of data that are stored in different locations. Default providers include a file system, registry, alias, variable, function, and environmental variable. This means that one can use Get-Item to access content stored in any of these locations. Not only that, but these providers are extensible, which means that Microsoft teams (and non-Microsoft developers) can create additional providers.

Session 4The Main Event or: PowerShell Does Event Logs

Regardless of one’s position, it seems that at some point or another everyone will be involved in looking at event logs. And why not…especially since Windows has such great logging support. Whether it is for security reasons, troubleshooting reasons, or general Windows health monitoring, the logs contain nearly all of the required information one seeks. In this session, Microsoft Scripting Guy, Ed Wilson, discusses the classic and the newer ETW style of logs, and looks at the tools that are used with each type of log.

Session 5More than Remotely Possible or: Using PowerShell to Manage the Remote Desktop

Let’s face it, even though there are lots of commercial products out there that assist in managing desktops,or servers, most are very complex, and they require a dedicated support team to manage them. Even in organizations where such tools exist, the teams agenda, and the front-line admin’s agenda often clash. For adhoc situations, using Windows PowerShell to manage remote machines fills-in the gray area. In this session, Microsoft Scripting Guy, Ed Wilson,discusses using Windows PowerShell to manage remote machines.

I’d encourage anyone who hasn’t already begun, to learn PowerShell before it’s too late!

Hacking Imagination

The Imagine Cup is an annual competition run by Microsoft for groups of students to develop technology solutions to real world problems. This year has seen the launch of a North East regional heat of the competition, funded by Sunderland Software City and organised by Codeworks. The winners of the heat will get through to the UK finals in the software design category and compete for a place at the worldwide finals in Sydney, Australia.

On Friday 17th Feb, the teams of students from the NorMAN universities and FE colleges were bussed to a secret location (Redworth Hall Hotel, near Newton Aycliffe) to take part in a 36 hour hack to develop their ideas with industry mentors and attend workshops on topics ranging from project management to presentation skills.

I had been asked to be a mentor and drove down for the Saturday (after the teams and some of the other mentors had already been on the go for over 20 hours). What I found, apart from a dozen teams of fairly sleepy students, were some excellent ideas and a lot of enthusiasm, not just for the competition, but a genuine desire to bring positive change through the application of technology. The enthusiasm level was bumped up by Microsoft UK’s Ben Nunney (a previous UK winner of the Imagine Cup) who talked about last year’s global final in NYC, where Steve Ballmer, Mayor Michael Bloomberg and Eva Longoria were in attendance and Microsoft hired the whole of Ellis Island for a party!

For the last 12 hours of the hack, I had the opportunity to sit down with most of the teams of students, to hear their ideas and give them a few pointers on how to progress their entries. I also got to sit with a few of them through two of the workshops – really excellent sessions that I took a lot away from, and were (I suspect) far better than many lectures the students attend.

At the end of the event, after each team had given a 5 minute presentation about their entry, Ben asked who had had fun and learned something – every hand was up in answer to both questions, and he was quick to point out to the students that that included every mentor.

The whole experience was really inspirational; a sentiment that has been echoed on blogs and Twitter by the other mentors and organisers. If you get the opportunity to get involved with something like this, I can’t recommend it enough. Until you get that chance, you can follow the progress of this year’s teams at or via Twitter: @imaginecupne. You can also see some of the fun you missed in this photo album on Facebook.