I currently have a Dell laptop that runs Windows for work. I use an external SSD via the Thunderbolt port to boot Linux allowing me to use the laptop as a personal device on a completely separate drive. All I have to do is F12 at boot, then select boot from USB drive.
However, this laptop is only using 1 of the 2 internal M.2 ports. Can I install Linux on a 2nd M.2 drive? I would want the laptop to normally boot Windows without a trace of the second option unless the drive is specified from the BIOS boot options.
Will this cause any issues with Windows? Will I be messing anything up? For the external drive setup, I installed Linux on a different computer, then transferred the SSD to the external drive. Can I do the same for the M.2 SSD – install Linux on my PC, then transfer that drive to the laptop?
Any thoughts or comments are welcome.
Edit: Thank you everyone! This was a great discussion with a lot of great and thoughtful responses. I really appreciate the replies and all the valuable information and opinions given here.
If the second internal ssd is there when windows boots, it will leave a trace. IMHO booting off the external drive is the best option if you want it to leave no trace on the windows partitions.
Also, it’s possible any booted device will leave a trace in the bios or uefi boot logs, which your corporation may have configured to ship to their audit logs or something similar.
Thanks for the information. And good point - I will check to see if there’s any logs in the BIOS. Is there any way to know if boot logs are being sent? Is that a BIOS setting, or something that would be configured in Windows?
I’m not familiar with windows so I don’t know exactly how to tell if the logs are being sent to a central log store. My assumption about how it would work is windows would have a capability that reads the UEFI boot logs and sends them with other windows system logs to a central log store. This feature is almost certainly built into windows. You may be able to open up a log inspection tool of some sort and search them. I’m really just guessing about these details from first principles though.
Forget the technical details. I work in a corporate security department and if yours finds out what you’re doing there’s high odds they would absolutely hate it. I mean it likely isn’t an issue for org security (assuming they’re using bitlocker appropriately etc.) But not everyone over security is so rational and there are edge case attacks which may even trouble more sensible individuals. Either get permission, expect to do this in secret, or better yet just don’t.
Exactly. This is a terrible idea. I’m fairly certain that anyone caught doing this would be immediately fired at some companies.
Yeah… I really don’t see the motives to do this either. Possibly:
-
I guess if you’re traveling and you have to bring 2 laptops.
-
Or you can’t afford a PC with the same specs as your work laptop.
Both of those situations don’t warrant booting work laptop to external personal HD though.
Not to mention you really can’t hide that other drive from windows, and I’m sure a lot of the security tools would start screaming about new storage added when not expected. Data Loss Prevention is a big deal and random storage showing up doesn’t often mean the user has good things planned.
I mean it likely isn’t an issue for org security (assuming they’re using bitlocker appropriately etc.)
Data loss/leak prevention would vehemently disagree. It’s a potential exfiltration point, especially if the org is blocking USB writes.
Networking might have a thing or two to say about it as well, as it is essentially an untrusted setup on company networks
(assuming they’re using bitlocker appropriately etc.)
You shouldn’t do this. Why would you do this
Want to elaborate on why it’s such a bad idea? I’m curious now
Provided the user doesn’t put their windows password in, then things should not be accessed.
Well for one thing the laptop doesn’t belong to OP so it’s not their’s to mess with.
I was more looking for a functional reason, not just a “cos I said so” from the employer.
I thought maybe some of you work in cybersec had a real answer or a cve/attack vector etc.
You run the risk of getting your ass fired. It’s not your property, you’re not supposed to mess with it, let alone installing additional hardware and another OS which could then lead to issues with the work side of things.
So you’re saying it will mess with the other partitions?
This is essentially OPs question, but I didn’t see you answer it in that way.
IT will ask you the next day what you did to thier computer.
From a technical perspective I’m curious - how would they know a drive has been added without physically inspecting the laptop?
The drive is visible to the OS so if they have any kind of management software in place which looks for hardware changes it will be noticed.
Microsoft system administrators have full access to any physical device information, this includes a report on new internal devices or changes. Your company may not be so serious about security, but why on earth are you willing to risk your livelihood on this?
I’m glad you asked, people provided some great answers.
Good rule of thumb is just don’t mess with company property at all, cuz they’ll know. For example I simply turned a wall TV on one weekend so my skeleton crew had something to do, and I was asked why a few days later. If it’s electronic they can track it.
CPU/BIOS-level system management engines such as Intel IME/vPro or AMD Secure Technology give device access to IT even if the OS is replaced or the system is powered off.
If your IT staff isn’t utilizing that technology, then when you boot into a corporate-managed OS, they can see any hardware that is currently connected to the system.
If they’re not doing any monitoring at all, you’re fine (but the viability of the business is in question). If they’re doing OS-level monitoring, stick with the USB thing and leave it unplugged when booted into the corporate OS. If they’re doing CPU-level monitoring, you’re already likely flagged.
If you’re unsure how much monitoring they’re doing, attempting to find out may also be a resume-generating event (RGE). Cheers, and good luck!
You’re better off doing it the current way. Or better still just get one for yourself if you use it that much.
