Easily Identify Windows To Go In Your Scripts

Updated Powershell and vbscript Functions 8/16/2015

When Windows 8 was released into the wild this new supported feature “Windows To Go” was released with it. Now that Windows 8.1 is here the “To Go” OS was upgraded and released just the same.

From a scripting perspective, being able to differentiate between an internal OS drive and an external “To Go” configuration may be desired. Luckily with Windows 8 and up, Microsoft added a property to the Win32_OperatingSystem WMI Class to make this easier.

vbScript: (Updated 8/16/2015)

Function IsPortableOS(ComputerName)
   Dim SWBemlocator, objWMIProc
   Dim objOS, colOS, strOSVer, bIsPortableOS

   ' Create connection objects
   Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
   Set objWMIProc = SWBemlocator.ConnectServer(ComputerName, "root\CIMV2")
   Set colOS = objWMIProc.ExecQuery("Select * from Win32_OperatingSystem")

   For Each objOS In colOS
      strOSVer = Left(objOS.Version,3)
      

      If ((strOSVer > "6.1") OR (LEFT(strOSVer,2) = "10"))Then
         ' Only return a value if Win8 or above.
         IsPortableOS = objOS.PortableOperatingSystem
      Else
      	' Property doesn't exist in Win7 and before
      	IsPortableOS = False
      End If
   Next
End Function

Powershell: (Updated 8/16/2015)

function Get-OperatingSystemInformation()
{
   [cmdletbinding()]
   param(
      [Parameter(Mandatory=$true)]
      [string] $ComputerName
   )

   try
   {
      $wmiObjOperatingSystem = Get-WmiObject Win32_OperatingSystem -ComputerName $ComputerName
   }
   catch
   {
      Write-Verbose -Message "Unable to get Operating System from WMI for computer $computer"
      return [HashTable]::new($null)
   }
	
   # Cast the version property to type System.Version
   [System.Version]$vOsVersion = $wmiObjOperatingSystem.Version

   # We do a try here because with Windows 7 This property does not exist.
   try
   {
      if ($wmiOsObject.PortableOperatingSystem)
      {
         $boolIsPortableOs = $true
      }
      else
      {
         $boolIsPortableOs = $false
      }
   }
   catch
   {
      $boolIsPortableOs = $false
   }

   return $htOs = @{
      'caption'=$wmiObjOperatingSystem.Caption;
      'fullversion'=$wmiObjOperatingSystem.Version;
      'osarchitecture'=$wmiObjOperatingSystem.OSArchitecture;
      'versionMajor'=$vOsVersion.Major;
      'versionMinor'=$vOsVersion.Minor;
      'versionBuild'=$vOsVersion.Build;
      'isPortableOS'=$boolIsPortableOs
   }
}

One important detail to note is that we need to do an OS version evaluation before checking the PortableOperatingSystem property. Until Windows 8 this property didn’t exist. You could put “$wmiOperatingSystem.PortableOperatingSystem” in a try/catch if you wanted to as well.

Now its not that often that you’ll have to detect or identify a Windows To Go configuration but if you’re like me and you manage a TPM BitLocker configuration for standard laptops those policies and the To Go sticks will not play nicely. You can simply create a Group Policy WMI filter for portable operating systems:

Select * from Win32_OperatingSystem where PortableOperatingSystem = "True"

Enjoy!
-NDS

Advertisements

3 thoughts on “Easily Identify Windows To Go In Your Scripts

  1. Does the same apply for Windows 10 enterprise 64bit? We are trying out windows to go as a viable option and I’ve redone mine a few times because the portable os returns a “false” so my new windows to go bitlocker gpo does not apply. Even if I remove the wmi filter I created using your above query it won’t turn on bitlocker because it complains that the drive has to be ntfs which it is. I’m guessing it’s complaining about the fat32 portion of the drive.

    Thanks

    • Pete,

      I updated both functions, the Powershell version would support Windows 10, the vbscript would not at first but now does.

      For our Windows To GO Group Policies, we do use the WMI Filter that I specified in the bottom of the post:

      Select * from Win32_OperatingSystem where PortableOperatingSystem = "True"

      What I’d suggest doing is looking at the technet documentation for creating the Windows To GO Device. We use this process with a powershell script and haven’t had any issues with the detection. Specifically, look at the “Windows PowerShell equivalent commands” section and step 5 for applying the SAN Policy.

      Let me know if this works out for you.

      • Thanks. I’ve read this buy haven’t tried the powershell part. I’m just using the built in Windows to go like the devs I have trying this out did. I guess I can choose the bitlocker encryption during creation then upload the keys to AD after I join the domain but it not showing as portable os in wmi is annoying. I’ll try the powershell method in a bit maybe I’ll have different results. Thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s