You can upgrade to the Professional edition of Windows 8 to get advanced features like BitLocker encryption, but other features aren’t available to normal Windows users. They’re only in the Enterprise edition of Windows, which requires a volume-licensing agreement.
In Windows 7 and Vista, these Enterprise features were also available in the pricy Ultimate editions of Windows. There’s no Ultimate edition of Windows 8, so these features aren’t even available to enthusiasts.
Windows To Go
Windows To Go is a new feature in Windows 8, but it’s restricted to Windows 8 Enterprise. It allows you to install Windows onto a USB flash drive or external hard drive. You can then plug that USB drive into any computer and boot from it. You get a live Windows operating system running from a USB drive, and your files and settings are saved back to that drive. You can boot this copy of Windows on any computer, taking your operating system with you in your pocket. This is basically how a Linux live USB drive works — but for Windows.
This is a great feature that could be useful to many computer geeks and even normal users who now rely on Linux live USB environments. However, Microsoft is targeting this feature at IT departments. They’re positioning Windows To Go as a way to get a managed Windows 8 system on any computer.
AppLocker is the kind of security feature that could make a huge difference in the real world. AppLocker allows you to set rules for exactly what user accounts on a computer can run which programs. You could use AppLocker to set up a whitelist, ensuring a user account on your computer can only run a handful of safe applications.
Confusingly, the Professional edition of Windows will allow you to create AppLocker rules using the Group Policy Editor. However, these rules won’t be enforced unless you’re using an Enterprise edition of Windows, so don’t even try. This feature is found both in Windows 7 and Windows 8. On Windows 7, you can get it as part of the Ultimate edition of Windows 7 — on Windows 8, you can’t get it at all without a volume-licensing agreement.
This would be a great way to secure a Windows computer used by your kids or relatives — give them access to the applications they need and block everything else. We’ve successfully used the Family Safety feature to implement application whitelisting on other editions of Windows 8. It includes an application-whitelisting feature, although it’s a bit awkward to use and relies on the metaphor of “child” and “parent” accounts. If you’re the child trying to protect your parents’ computer, it may be a bit awkward to explain.
“Store App” Sideloading
By default, those new Windows 8 apps — the ones Microsoft used to call “Metro apps” but now calls “Store Apps” — can only be installed from the Windows Store. Unlike on Android — and unlike with traditional Windows desktop software, which you can get from anymore — you can’t install Windows 8 apps from outside the store. Windows 8 is like Apple’s iOS in this way. On iOS, this limitation has led to controversial games Apple won’t allow you to play on iOS devices.
The ability to install apps from outside the app store is known as “sideloading.” Only Enterprise editions of Windows have built-in support for sideloading, and that only works when they’re joined to a Windows domain. Enterprise systems not joined to a Windows domain don’t have this feature. Windows Professional computers joined to a domain also don’t have this feature unless you purchase a special license through your Microsoft volume-licensing agreement. The ability to run applications Microsoft hasn’t specifically approved is only for organizations with volume-licensing agreements.
Sideloading is literally the ability to install Store apps from outside the Store. For some reason, those Store apps are still called Store apps when they’re installed from outside the Store.
For the sake of completeness, here are the other features available only on Enterprise editions of Windows 8. Even most Windows enthusiasts wouldn’t want to use these at home.
- DirectAccess – DirectAccess is a VPN-like feature. Traditional VPN connections have to be initiated manually by the user. DirectAccess is designed to connect automatically every time a user connects to the Internet. A corporation can ensure laptops it distributes will always attempt to connect directly to their network, tunneling their Internet activity through an encrypted connection.
- BranchCache – BranchCache is a feature designed for organizations that have multiple “branches” in different locations. For example, the main office might hold a server with useful data a branch office needs to access. Rather than access this data over the WAN (Internet) connection all day, BranchCache can create and maintain a local cache of the data. This speeds things up and reduces Internet connection usage. BranchCache can operate in “Distributed Cache” mode where its cache is stored across the computers in the branch office, or “Hosted Cache” mode where the cache is hosted on a server in the branch office.
- RemoteFX Virtualization Features – Only an Enterprise edition of Windows can run in a RemoteFX virtual machine and use RemoteApp, RemoteFX virtual graphics processing unit (vGPU), and other advanced virtualization features. These features are designed for running Windows on a host server, providing access to that Windows environment to multiple clients accessing the Windows system remotely. This doesn’t matter if you’re just running Windows in a virtual machine on your home computer.
- Services for Network File System (NFS) – The Enterprise edition of Windows includes support for the Network File System (NFS) protocol. NFS is a network-file-sharing protocol generally used by Linux and other Unix-like operating systems. You’ll need the Enterprise edition of Windows to access NFS shares without third-party software.
- Subsystem for Unix-based Applications – Microsoft’s Subsystem for UNIX-based Applications (SUA) or Windows Services for UNIX (SFU) software provides a Unix-like environment designed to allow easier porting of Unix applications to Windows. This feature was deprecated on Windows 8 Enterprise and was completely removed in Windows 8.1 Enterprise. You’re better off using Cygwin if you need Unix applications on Windows — or even just running Linux in a virtual machine.
Most of these features won’t really make sense on non-Enterprise versions of Windows, although it would be nice to have the ability to access and learn them on Professional editions of Windows. However, some of these features could be very useful — Windows To Go would be a great alternative to Linux live USB drives, and AppLocker would be an excellent tool for locking down Windows PCs and protecting them from malware.