In the Configuration Manager console, click Software Library.

In the Software Library workspace, expand Operating Systems, and then click Task Sequences.

On the Home tab, in the Create group, click Create Task Sequence Media to start the Create Task Sequence Media Wizard.

On the Select Media Type page, specify the following information, and then click Next.

• Select Prestaged media.
  
  
• Select Allow unattended operating system deployment to boot to the Windows To Go deployment with no user interaction.
  
  

  Important

  When you use this option with the SMSTSPreferredAdvertID custom variable (set later in this procedure), no user interaction is required and the computer will automatically boot to the Windows To Go deployment when it detects a Windows To Go drive. The user is still prompted for a password if the media is configured for password protection. If you use the Allow unattended operating system deployment setting without configuring the SMSTSPreferredAdvertID variable, an error will occur when you deploy the task sequence.

On the Media Management page, specify the following information, and then click Next.

• Select Dynamic media if you want to allow a management point to redirect the media to another management point, based on the client location in the site boundaries.
  
  
• Select Site-based media if you want the media to contact only the specified management point.
  
  

On the Media Properties page, specify the following information, and then click Next.

• Created by: Specify who created the media.
  
  
• Version: Specify the version number of the media.
  
  
• Comment: Specify a unique description of what the media is used for.
  
  
• Media file: Specify the name and path of the output files. The wizard writes the output files to this location. For example: \\servername\folder\outputfile.wim
  
  

On the Security page, specify the following information, and then click Next.

• Select Enable unknown computer support to allow the media to deploy an operating system to a computer that is not managed by Configuration Manager. There is no record of these computers in the Configuration Manager database. Unknown computers include the following:
  
  
  • A computer where the Configuration Manager client is not installed
    
    
  • A computer that is not imported into Configuration Manager
    
    
  • A computer that is not discovered by Configuration Manager
    
    
• Select Protect the media with a password and enter a strong password to help protect the media from unauthorized access. When you specify a password, the user must provide that password to use the prestaged media.
  
  

  Security Note
  As a security best practice, always assign a password to help protect the prestaged media.

  Note
  When you protect the prestaged media with a password, the user is prompted for the password even when the media is configured with the Allow unattended operating system deployment setting.

• For HTTP communications, select Create self-signed media certificate, and then specify the start and expiration date for the certificate.
  
  
• For HTTPS communications, select Import PKI certificate, and then specify the certificate to import and its password.
  
  For more information about this client certificate that is used for boot images, see PKI Certificate Requirements for Configuration Manager.
  
  
• User Device Affinity: To support user-centric management in Configuration Manager, specify how you want the media to associate users with the destination computer. For more information about how operating system deployment supports user device affinity, see How to Associate Users with a Destination Computer.
  
  
  • Specify Allow user device affinity with auto-approval if you want the media to automatically associate users with the destination computer. This functionality is based on the actions of the task sequence that deploys the operating system. In this scenario, the task sequence creates a relationship between the specified users and destination computer when it deploys the operating system to the destination computer.
    
    
  • Specify Allow user device affinity pending administrator approval if you want the media to associate users with the destination computer after approval is granted. This functionality is based on the scope of the task sequence that deploys the operating system. In this scenario, the task sequence creates a relationship between the specified users and the destination computer, but waits for approval from an administrative user before the operating system is deployed.
    
    
  • Specify Do not allow user device affinity if you do not want the media to associate users with the destination computer. In this scenario, the task sequence does not associate users with the destination computer when it deploys the operating system.
    
    

On the Task Sequence page, specify the Windows 8 task sequence that you created in the previous section.

On the Boot image page, specify the following information, and then click Next.

Important
The architecture of the boot image that is distributed must be appropriate for the architecture of the destination computer. For example, an x64 destination computer can boot and run an x86 or x64 boot image. However, an x86 destination computer can boot and run only an x86 boot image. For Windows 8 certified computers in EFI mode, you must use an x64 boot image.

• Boot image: Specify the boot image to start the destination computer.
  
  
• Distribution point: Specify the distribution point that hosts the boot image. The wizard retrieves the boot image from the distribution point and writes it to the media.
  
  

  Note
  The administrative user must have Read access rights to the boot image content on the distribution point. For more information about setting access rights, see the Manage Accounts to Access Package Content in the Operations and Maintenance for Content Management in Configuration Manager topic.

• If you selected Site-based media on the Media Management page of this wizard, in the Management point box, specify a management point from a primary site.
  
  
• If you selected Dynamic media on the Media Management page of the wizard, in the Associated management points box, specify the primary site management points to use and a priority order for the initial communications.
  
  

On the Images page, specify the following information, and then click Next.

• Image package: Specify the package that contains the Windows 8 operating system image.
  
  
• Image index: Specify the image to deploy if the package contains multiple operating system images.
  
  
• Distribution point: Specify the distribution point that hosts the operating system image package. The wizard retrieves the operating system image from the distribution point and writes it to the media.
  
  

  Note
  The administrative user must have Read access rights to the operating system image content on the distribution point. For more information about setting access rights, see the Manage Accounts to Access Package Content in the Operations and Maintenance for Content Management in Configuration Manager topic.

On the Select Application page, select application content to include in the media file, and then click Next.

On the Select Package page, select additional package content to include in the media file, and then click Next.

On the Select Driver Package page, select driver package content to include in the media file, and then click Next.

On the Distribution Points page, select one or more distribution points that contain the content required by the task sequence, and then click Next.

On the Customization page, specify the following information, and then click Next.

• Variables: Specify the variables that the task sequence uses to deploy the operating system. For Windows To Go, use the SMSTSPreferredAdvertID variable to automatically select the Windows To Go deployment by using the following format:
  
  SMSTSPreferredAdvertID = {DeploymentID}, where DeploymentID is the deployment ID associated with the task sequence that you will use to complete the provisioning process for the Windows To Go drive.
  
  

  Tip
  When you use this variable with a task sequence that is set to run unattended (set earlier in this procedure), no user interaction is required and the computer automatically boots to the Windows To Go deployment when it detects a Windows To Go drive. The user is still prompted for a password if the media is configured for password protection.

• Prestart commands: Specify any prestart commands that you want to run before the task sequence runs. Prestart commands can be a script or executable that can interact with the user in Windows PE before the task sequence runs to install the operating system. Configure the following for the Windows To Go deployment:
  
  
  • OSDBitLockerPIN: BitLocker for Windows To Go requires a passphrase. Set the OSDBitLockerPIN variable as part of a prestart command to set the BitLocker passphrase for the Windows To Go drive. BitLocker for Windows To Go requires a passphrase. Set the OSDBitLockerPIN variable as part of a prestart command to set the BitLocker passphrase for the Windows To Go drive.
    
    

    Warning
    After BitLocker is enabled for the passphrase, the user must enter the passphrase each time the computer boots to the Windows To Go drive.

  • SMSTSUDAUsers: Specifies the primary user of the destination computer. Use this variable to collect the user name, which can then be used to associate the user and device. For more information about associating users with the destination computer, see How to Associate Users with a Destination Computer.
    
    

    Tip
    To retrieve the username, you can create an input box as part of the prestart command, have the user enter their username, and then set the variable with the value. For example, you can add the following lines to the prestart command script file:UserID = inputbox("Enter Username" ,"Enter your username:","",400,0)env("SMSTSUDAUsers") = UserID

  For more information about how to create a script file to use as your prestart command, see Prestart Commands for Task Sequence Media in Configuration Manager.
  
  

Complete the wizard.

Note
It can take an extended period of time for the wizard to complete the prestaged media file.

On the server to host the Windows To Go Creator package files, create a source folder for the package source files.

Note
The computer account of the site server must have Read access rights to the source folder.

Copy the prestaged media file that you created in the Create Prestaged Media section to the package source folder.

Copy the Windows To Go Creator tool (WTGCreator.exe) to the package source folder. The creator tool is available on any Configuration Manager SP1 primary site server at the following location: <ConfigMgrInstallationFolder>\OSD\Tools\WTG\Creator.

Create a package and program by using the Create Package and Program Wizard.

In the Configuration Manager console, click Software Library.

In the Software Library workspace, expand Application Management, and then click Packages.

On the Home tab, in the Create group, click Create Package.

On the Package page, specify the name and description of the package. For example, enter Windows To Go for the package name and specify Package to configure a Windows To Go drive using System Center Configuration Manager for the package description.

Select This package contains source files, specify the path to the package source folder that you created in step 1, and then click Next.

On the Program Type page, select Standard program, and then click Next.

On the Standard Program page, specify the following:

• Name: Specify the name of the program. For example, type Creator for the program name.
  
  
• Command Line: Type WTGCreator.exe /wim:PrestageName.wim, where PrestageName is the name of prestaged file that you created and copied to the package source folder for the Windows To Go Creator package.
  
  Optionally, you can add the following options:
  
  
  • enableBootRedirect: command-line option to change the Windows To Go startup options to allow boot redirection. When you use this option, the computer will boot from USB without having to change the boot order in the computer firmware or have the user select from a list of boot options during startup. If a Windows To Go drive is detected, the computer boots to that drive.
    
    
• Run: Specify Normal to run the program based on the system and program defaults.
  
  
• Program can run: Specify whether the program can run only when a user is logged on.
  
  
• Run mode: Specify whether the program will run with the logged on users permissions or with administrative permissions. The Windows To Go Creator requires elevated permissions to run.
  
  
• Select Allow users to view and interact with the program installation, and then click Next.
  
  

On the Requirements page, specify the following:

• Platform requirements: Select the applicable Windows 8 platforms to allow provisioning.
  
  
• Estimated disk space: Specify the size of the package source folder for the Windows To Go Creator.
  
  
• Maximum allowed run time (minutes): Specifies the maximum time that the program is expected to run on the client computer. By default, this value is set to 120 minutes.
  
  

  Important

  If you are using maintenance windows for the collection on which this program is run, a conflict might occur if the Maximum allowed run time is longer than the scheduled maintenance window. If the maximum run time is set to Unknown, it will start during the maintenance window, but will continue to run until it completes or fails after the maintenance window is closed. If you set the maximum run time to a specific period (not set to Unknown) that exceeds the length of any available maintenance window, then that program will not be run.

  Note
  If the value is set to Unknown, Configuration Manager sets the maximum allowed run time to 12 hours (720 minutes).

  Note
  If the maximum run time (whether set by the user or as the default value) is exceeded, Configuration Manager stops the program if run with administrative rights is selected and Allow users to view and interact with the program installation is not selected on the Standard Program page.

Click Next and complete the wizard.

In the Configuration Manager console, click Software Library.

In the Software Library workspace, expand Application Management, and then click Packages.

On the Home tab, in the Create group, click Create Package.

On the Package page, specify the name and description of the package. For example, type BitLocker for Windows To Go for the package name and specify Package to update BitLocker for Windows To Go for the package description.

Select This package contains source files, specify the location for the BitLocker tool for Windows To Go, and then click Next. The BitLocker tool is available on any Configuration Manager SP1 primary site server at the following location: <ConfigMgrInstallationFolder>\OSD\Tools\WTG\BitLocker\

On the Program Type page, select Do not create a program.

Click Next and complete the wizard.

In the Configuration Manager console, click Software Library.

In the Software Library workspace, expand Operating Systems, and then click Task Sequences.

Select the Windows 8 task sequence that you reference in the prestaged media.

On the Home tab, in the Task Sequence group, click Edit.

Click the Setup Windows and ConfigMgr step, click Add, click General, and then click Run Command Line. The Run Command Line step is added after the Setup Windows and ConfigMgr step.

On the Properties tab for the Run Command Line step, add the following:

1. Name: Specify a name for the command line, such as Enable BitLocker for Windows To Go.
   
   
2. Command Line: x86\osdbitlocker_wtg.exe /Enable
   
   Optional parameters:
   
   
   • /pwd:<None|AD> – Specify the BitLocker password recovery mode. Select AD to configure BitLocker Drive Encryption to back up recovery information for BitLocker-protected drives to Active Directory Domain Services (AD DS). Backing up recovery passwords for a BitLocker-protected drive allows administrative users to recover the drive if it is locked. This ensures that encrypted data belonging to the enterprise can always be accessed by authorized users. When you specify None, the user is responsible for keeping a copy of the recovery password or recovery key. If the user loses that information or neglects to decrypt the drive before leaving the organization, administrative users cannot easily access to the drive.
     
     
   • /wait:<TRUE|FALSE> – Specify whether the task sequence waits for encryption to complete before it completes.
     
     
3. Select Package, and then specify the package that you created at the start of this procedure.
   
   
4. On the Options tab, add the following conditions:
   
   
   • Condition = Task Sequence Variable
     
     
   • Variable = _SMSTSWTG
     
     
   • Condition = Equals
     
     
   • Value = True
     
     

Note
The Enable BitLocker step, which is likely after the new command-line step, is not used to enable BitLocker for Windows To Go. However, you can keep this step in the task sequence to use for Windows 8 deployments that do not use a Windows To Go drive.

In the Configuration Manager console, click Software Library.

In the Software Library workspace, expand Application Management, and then click Packages.

Select the Windows To Go package that you created in the Create a Windows To Go Creator package step.

On the Home tab, in the Deployment group, click Deploy.

On the General page, specify the following settings:

1. Software: Verify that the Windows To Go package is selected.
   
   
2. Collection: Click Browse to select the collection to which you want to deploy the Windows To Go package.
   
   
3. Use default distribution point groups associated to this collection: Select this option if you want to store the package content on the collections default distribution point group. If you have not associated the selected collection with a distribution point group, this option will be unavailable.
   
   

On the Content page, click Add and then select the distribution points or distribution point groups to which you want to deploy the content associated with this package and program.

On the Deployment Settings page, select Available for the deployment type, and then click Next.

On the Scheduling, configure when this package and program will be deployed or made available to client devices.

The options on this page will differ depending on whether the deployment action is set to Available or Required.

On the Scheduling, configure the following settings, and then click Next.

1. Schedule when this deployment will become available: Specify the date and time when the package and program is available to run on the destination computer. When you select UTC, this setting ensures that the package and program is available for multiple destination computers at the same time rather than at different times, according to the local time on the destination computers.
   
   
2. Schedule when this deployment will expire: Specify the date and time when the package and program expires on the destination computer. When you select UTC, this setting ensures that the task sequence expires on multiple destination computers at the same time rather than at different times, according to the local time on the destination computers.
   
   

On the User Experience page of the Wizard, specify the following information:

• Software installation: Allows the software to be installed outside of any configured maintenance windows.
  
  
• System restart (if required to complete the installation): Allows a device to restart outside of configured maintenance windows when required by the software installation.
  
  
• Embedded Devices: For Configuration Manager SP1 only. When you deploy packages and programs to Windows Embedded devices that are write filter enabled, you can specify to install the packages and programs on the temporary overlay and commit changes later, or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
  
  

On the Distribution Points page, specify the following information:

• Deployment options: Specify Download content from distribution point and run locally.
  
  
• Allow clients to share content with other clients on the same subnet: Select this option to reduce load on the network by allowing clients to download content from other clients on the network that have already downloaded and cached the content. This option utilizes Windows BranchCache and can be used on computers running Windows Vista SP2 and later.
  
  
• All clients to use a fallback source location for content: Specify whether to allow clients to fall back and use a non-preferred distribution point as the source location for content when the content is not available on a preferred distribution point.
  
  

Complete the wizard.

In the Configuration Manager console, click Software Library.

In the Software Library workspace, expand Operating Systems, and then click Task Sequences.

Select the Windows 8 task sequence that you created in the Create a Task Sequence to Deploy Windows 8 step.

On the Home tab, in the Deployment group, click Deploy.

On the General page, specify the following settings:

1. Task sequence: Verify that the Windows 8 task sequence is selected.
   
   
2. Collection: Click Browse to select the collection that includes all devices for which a user might provision Windows To Go.
   
   

   Important
   If the prestaged media that you created in the Create Prestaged Media section uses the SMSTSPreferredAdvertID variable, you can deploy the task sequence to the All Systems collection and specify the Windows PE only (hidden) setting on the Content page. Because the task sequence is hidden, it will only be available to media.

3. Use default distribution point groups associated to this collection: Select this option if you want to store the package content on the collections default distribution point group. If you have not associated the selected collection with a distribution point group, this option will be unavailable.
   
   

On the Deployment Settings page, configured the following settings, and then click Next.

• Purpose: Select Available. When you deploy the task sequence to a user, the user sees the published task sequence in the Application Catalog and can request it on demand. If you deploy the task sequence to a device, the user will see the task sequence in Software Center and can install it on demand.
  
  
• Make available to the following: Specify whether the task sequence is available to Configuration Manager clients, media, or PXE.
  
  

  Important

  Use the Only media and PXE (hidden) setting for automated task sequence deployments. Select Allow unattended operating system deployment and set the SMSTSPreferredAdvertID variable as part of the prestaged media to have the computer automatically boot to the Windows To Go deployment with no user interaction when it detects a Windows To Go drive. For more information about these prestaged media settings, see the Create Prestaged Media section.

On the Scheduling page, configure the following settings, and then click Next.

1. Schedule when this deployment will become available: Specify the date and time when the task sequence is available to run on the destination computer. When you select UTC, this setting ensures that the task sequence is available for multiple destination computers at the same time rather than at different times, according to the local time on the destination computers.
   
   
2. Schedule when this deployment will expire: Specify the date and time when the task sequence expires on the destination computer. When you select UTC, this setting ensures that the task sequence expires on multiple destination computers at the same time rather than at different times, according to the local time on the destination computers.
   
   

On the User Experience page, specify the following information:

• Show Task Sequence progress: Specify whether the Configuration Manager client displays the progress of the task sequence.
  
  
• Software installation: Specify whether the user is allowed to install software outside a configured maintenance windows after the scheduled time.
  
  
• System restart (if required to complete the installation): Allows a device to restart outside of configured maintenance windows when required by the software installation.
  
  
• Embedded Devices: When you deploy packages and programs to Windows Embedded devices that are write filter enabled, you can specify to install the packages and programs on the temporary overlay and commit changes later, or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
  
  
• Internet-based clients: Specify whether the task sequence is allowed to run on an Internet-based client. Operations that install software, such as an operating system, are not supported with this setting. Use this option only for generic script-based task sequences that perform operations in the standard operating system.
  
  

On the Alerts page, specify the alert settings that you want for this task sequence deployment, and then click Next.

On the Distribution Points page, specify the following information, and then click Next.

• Deployment options: Select Download content locally when needed by running task sequence.
  
  
• When no local distribution point is available, use a remote distribution point: Specify whether clients can use distribution points that are on slow and unreliable networks to download the content that is required by the task sequence.
  
  
• Allow clients to use a fallback source location for content: Specify whether to allow clients to fall back and use a non-preferred distribution point as the source location for content when the content is not available on a preferred distribution point.
  
  

Complete the wizard.