This sounds like a nefarious question but it’s really not. I have a work laptop and I need to get some personal planning done after work tomorrow. Naturally I don’t want to carry 2 laptops or run the laptop on the internal hard drive for personal use, but going back home and out again is very inconvenient. So my question is - would dual booting via an SSD (that I already use on another machine) leave any trace on the internal hard drive?
Honestly, I don’t expect this to ever be a real issue, I doubt anyone will ever check or even care, but I just want to keep my work stuff entirely separate from my personal stuff. So if there’s a fair chance I could muddy the two in any way by doing this, I won’t - but it’s my understanding that dual booting would be more or less adequately secure?
Unless the work laptop had extra care put into security, probably not. If the OS drive is encrypted and leveraging a TPM, it’s possible that the other drive being installed would fuck the TPM config though and make the main drive unbootable even if the procedure were completely reversed. Then someone with access to the recovery key for the drive would have to take some action to get back into the OS. You can try running manage-bde.exe and see if you can view your own recovery key, that would make TPM stuff mostly irrelevant (but you might not be able to reset the TPM without UEFI/BIOS access so you’d have to enter the long recovery key on each subsequent boot) though the endpoint protection software they use might log recovery key operations, I know Windows Defender for Endpoint/Identity will so if your business uses InTune or anything I’d be careful about that. There are also laptops sold to Enterprise that still feature LoJack for some reason, so if you boot into a new Windows OS the UEFI/BIOS will drop some LoJack related rootkit drivers into the OS Folder and autorun them at launch. LoJack doesn’t really report back anything about machine names changing or anything, but I’m sure it would be logged in their database. Honestly if the machine did get stolen later on, odds are the alternating machine names prior wouldn’t even come up in any communication with the company. The LoJack folks would just try to identify where the laptop was now, if someone did swap the drive, but I think some people stealing laptops are smart enough to flash the bios or swap the bios chip with a clean bios that has LoJack disabled…
When I was involved in security an endpoint would be locked down to only boot from a specific device, otherwise it would just sit on an unbootable device based on our boot order, even if the OS drive were swapped.
Do only have one connected at a time ideally thoug, there shouldn’t really be anything detectable unless the device decided to reorder the boot order or something weird. Odds are nobody would ever notice it though, unless your machine were being forensically examined and the place had a super well-documented build process defined, it would still be pretty inconclusive.
