I currently have a Dell laptop that runs Windows for work. I use an external SSD via the Thunderbolt port to boot Linux allowing me to use the laptop as a personal device on a completely separate drive. All I have to do is F12 at boot, then select boot from USB drive.
However, this laptop is only using 1 of the 2 internal M.2 ports. Can I install Linux on a 2nd M.2 drive? I would want the laptop to normally boot Windows without a trace of the second option unless the drive is specified from the BIOS boot options.
Will this cause any issues with Windows? Will I be messing anything up? For the external drive setup, I installed Linux on a different computer, then transferred the SSD to the external drive. Can I do the same for the M.2 SSD – install Linux on my PC, then transfer that drive to the laptop?
Any thoughts or comments are welcome.
Edit: Thank you everyone! This was a great discussion with a lot of great and thoughtful responses. I really appreciate the replies and all the valuable information and opinions given here.
If the second internal ssd is there when windows boots, it will leave a trace. IMHO booting off the external drive is the best option if you want it to leave no trace on the windows partitions.
Also, it’s possible any booted device will leave a trace in the bios or uefi boot logs, which your corporation may have configured to ship to their audit logs or something similar.
Thanks for the information. And good point - I will check to see if there’s any logs in the BIOS. Is there any way to know if boot logs are being sent? Is that a BIOS setting, or something that would be configured in Windows?
I’m not familiar with windows so I don’t know exactly how to tell if the logs are being sent to a central log store. My assumption about how it would work is windows would have a capability that reads the UEFI boot logs and sends them with other windows system logs to a central log store. This feature is almost certainly built into windows. You may be able to open up a log inspection tool of some sort and search them. I’m really just guessing about these details from first principles though.
I understand the rationale behind you doing this, I’ve done it myself.
Your company sends you abroad for a week or two. You want to access your Netflix account but don’t want to do it on the company computer. On the other hand you don’t want to carry two laptops with you.
As others have said, tampering company hardware can get you in trouble with the IT department, and it’s enough to get you fired in some cases.
If you value your job get permission to do it or get yourself a tablet.
I work in IT and that’s what I do lol
IT will ask you the next day what you did to thier computer.
From a technical perspective I’m curious - how would they know a drive has been added without physically inspecting the laptop?
CPU/BIOS-level system management engines such as Intel IME/vPro or AMD Secure Technology give device access to IT even if the OS is replaced or the system is powered off.
If your IT staff isn’t utilizing that technology, then when you boot into a corporate-managed OS, they can see any hardware that is currently connected to the system.
If they’re not doing any monitoring at all, you’re fine (but the viability of the business is in question). If they’re doing OS-level monitoring, stick with the USB thing and leave it unplugged when booted into the corporate OS. If they’re doing CPU-level monitoring, you’re already likely flagged.
If you’re unsure how much monitoring they’re doing, attempting to find out may also be a resume-generating event (RGE). Cheers, and good luck!
Intel IME can snitch on this kind of thing. Completely independent of the OS too.
The drive is visible to the OS so if they have any kind of management software in place which looks for hardware changes it will be noticed.
Quite interesting. Thank you for the information!
I’m glad you asked, people provided some great answers.
Good rule of thumb is just don’t mess with company property at all, cuz they’ll know. For example I simply turned a wall TV on one weekend so my skeleton crew had something to do, and I was asked why a few days later. If it’s electronic they can track it.
Microsoft system administrators have full access to any physical device information, this includes a report on new internal devices or changes. Your company may not be so serious about security, but why on earth are you willing to risk your livelihood on this?
Not just Windows sys admins … I have this access to MacBooks, tablets, and phones in my company.
Windows, MacOS, Linux, iOS, Android … If it’s in use in an enterprise environment that knows what they’re doing, they have full access to the device.
You can buy a used ThinkPad T480 for like $75 on ebay. A lot cheaper than having to explain your shenanigans to Maude from HR.
Honestly, this is good advice. It’s much better to keep personal computer activity on a personal device, whether that’s on a ThinkPad or anything else.
I have a recommendation, buy a personal laptop that isn’t tied to your company.
I have to second the get your own laptop.
The company I work for has software that does hardware / software inventory regularly. So additional hardware added can and will show up.
Also, when hired we are told in in uncertain terms that tampering with the laptop can and will be grounds for termination.
Booting off of an external drive is ill advised as many work laptops have restrictions to the USB/thunderbolt ports as well as modifying bios settings.Lastly, using corporate hardware (be it a cell phone, or a laptop) should never be used for personal use. It’s a good way to lose your job. I know more than one person in my career that lost their job either from texts sent from a work cell phone, or using their work computer for personal things. It’s just not worth it.
The big takeaway is that you do not own this computer. It is not yours, it is being lent to them for a very specific purpose. And what you want to do, hell what you’re already doing, is way outside of that purpose.
How would you feel if you lent a friend your conputer to check their email and found out they had bypassed a lot of your security mechanisms (passwords) to set up their own admin account?
What about when you begrudgingly get a MFA app on your personal phone because your employer’s too cheap to shell out for a yubikey or hardware token? How would you feel if their app also rooted your phone just for shits and giggles?
What you’re proposing is not only dangerous to your career, it’s also potentially illegal. And also just downright unethical.
🙃
How badly do you need your job?
In most cases, work laptops have software(s) installed to automatically keep track of these activities, and flag it to security team of your organization. At that point, it will either lead to a formal warning to you, or termination/forced resignation.
From organization point of view, this is to avoid any accidental (or intentional) leak of confidential data, and/or accidentally (or intentionally) infecting your (work) system with malware/ransomware.
The latter had happened in one of my previous organizations, and the person responsible was terminated from job immediately.
This is just a bad idea in general.
For anyone wondering about the security issues caused by this, even if the windows partition is encrypted, it’s still possible to get secrets from the Windows install.
If you have root access to a Linux machine, you can easily replace the Windows kernel loader with one that looks just like Windows, but does nothing other than steal your encryption password on login/boot.
Secure Boot/TPM would protect against this, but Linux users (especially those that are more lax about security) tend to disable it as part of installing Linux.
I had a work laptop and did the “external USB” thing. One day, at work, I’m messing with my Linux on a public wifi, having unplugged from the corporate LAN.
A co-worker walks by, sees the Network cord unplugged, plugs it in. I am oblivious in the washroom.
Corporate security got to my laptop before I did.
I didn’t get fired.
I don’t work there anymore, though.
Yeah, this is just a terrible idea. The risk is far greater than any potential reward you might be getting.
IDK about other places, but the document we make our users sign make it clear that modifying the internal hardware is a fireable offense.
The laptop isn’t yours, use a personal device for personal stuff, and work device for work only.
I think this is a good idea. You may want to use a different MAC on Linux, true.
Also only use the personal drive at home if you fear being spied on.
The chance that your company embeds spyware in the BIOS is like 0%. If you can press F12, Windows is off and you will not be spied on.
Otherwise make sure to do real reboots and use this shutdown command to really turn off windows, as otherwise it hibernates only.
