I'm thinking about getting a used laptop, but part of me is thinking not to and instead make use of my work laptop instead. However, it has a very locked-down system and even if I could technically bypass the security, I can't install anything on it without breaching work policy etc. I've thought about the possibility of just buying another HDD and swapping the two around whenever I want to switch from work to personal and back, but I'd prefer to avoid that as sooner or later I suspect I'd run into trouble, wearing out the SATA port or something. So preferably I'd like to just get a bigger HDD, partition it, clone the work HDD onto one of the partitions and then have my personal OS on another partition. But the work HDD is encrypted - am I going to run into trouble trying to clone an encrypted drive?
If you are going to use your work laptop in any way .. I'd recommend using something like a Windows To Go USB drive (to host the OS on) - that way none of your data ever touches the work laptop disk.
In theory you could encrypt only a partition but almost certainly it's going to be full disk. I don't believe you'd successfully shrink a full disk encryption to just partitions as the unlocker typically replaces the MBR. If you have an optical drive you can swap it for a generic hard drive caddy if that helps, and then use the Escape / F10 / whatever to boot to the other HDD when you are at home. Frankly though, and this is coming from someone who consults on security and policy, it is not a good idea at all to do this on your work laptop. If your employer has gone for encryption that mostly implies they care about something like ISO27001; other parts of your IT policy could mean dismissal for something like this. There's a chap selling cheap Dell ex-corp laptops in the sale forums. Might be better for you.
Does your employer have a BYO policy (or they may trialling one, as many that don't already are, though probably industry dependant)? It doesn't help with not having to buy another laptop, but it could mean you can use one for both business and pleasure. If you want to do it "right", then ask your IT department what they would recommend. If you haven't asked your IT department because it would be an unequivocal "no way", then you probably have your answer already. It's not really worth potentially losing your job over saving a bit of cash on a laptop. On the other hand, booting from USB would be the least intrusive and probably wouldn't get you in trouble.
This - I've got an SSD in a USB enclosure with a linux distro installed, and as (one of) my work laptop is not BIOS-locked, I can boot straight from USB. it's only USB2 though, so I do find myself pulling the original drive and putting the SSD in if I'm going to be using it for more than an hour or two
Thanks for your thoughts, everyone. Wouldn't be surprised if the bios was locked on mine, I haven't checked yet though. I'll chuck a portable OS on a memory card and give it a go to see.
It would here. Our laptops are BIOS locked, but even if they weren't I would be in serious doo-doo for breach of IT policy if I was ever caught doing something like that. Words like "dismissal" and "gross misconduct" spring to mind. To be honest I agree with this: If they're using encryption then it's very likely that there is data on your work laptop that should never be seen outside of that organisation. Booting from USB could easily be interpreted as an attempt to circumvent that encryption, regardless of your intentions. If there's any personally identifiable data on that machine then it's heading towards "criminal prosecution, fines, jail" territory.
No disagreement from me - what I meant was they're unlikely to find out you're doing it, rather than they won't care you're doing it.
this is EXACTLY why i thank the deity of your choice that i am out of the hardware realm of IT and into virtulization. user is a 4 letter word ...