You might be surprised how much Intel corp security teams have.

Yeah… I really don’t see the motives to do this either. Possibly:

1. I guess if you’re traveling and you have to bring 2 laptops.

2. Or you can’t afford a PC with the same specs as your work laptop.

Both of those situations don’t warrant booting work laptop to external personal HD though.

Intel IME can snitch on this kind of thing. Completely independent of the OS too.

Microsoft system administrators have full access to any physical device information, this includes a report on new internal devices or changes. Your company may not be so serious about security, but why on earth are you willing to risk your livelihood on this?

CPU/BIOS-level system management engines such as Intel IME/vPro or AMD Secure Technology give device access to IT even if the OS is replaced or the system is powered off.

If your IT staff isn’t utilizing that technology, then when you boot into a corporate-managed OS, they can see any hardware that is currently connected to the system.

If they’re not doing any monitoring at all, you’re fine (but the viability of the business is in question). If they’re doing OS-level monitoring, stick with the USB thing and leave it unplugged when booted into the corporate OS. If they’re doing CPU-level monitoring, you’re already likely flagged.

If you’re unsure how much monitoring they’re doing, attempting to find out may also be a resume-generating event (RGE). Cheers, and good luck!

The drive is visible to the OS so if they have any kind of management software in place which looks for hardware changes it will be noticed.

I’m glad you asked, people provided some great answers.

Good rule of thumb is just don’t mess with company property at all, cuz they’ll know. For example I simply turned a wall TV on one weekend so my skeleton crew had something to do, and I was asked why a few days later. If it’s electronic they can track it.

Simple question: what would your employer say if you asked them?

My contract has a standard “no using company computers for personal business” clause. However I feel entirely confident that my employer doesn’t mind me using it to do personal errands using the web browser (on my own time). And I know they have no problem with me using Zoom or Teams to join meetings for non-work things in the evening. How do I know this? Because I asked them…

I’ve never asked them “can I install a new hard drive in my laptop, install an OS I downloaded off the internet, and boot into that OS to do things which I’d rather you not be able to track like you could on the main OS”. But I’m completely confident I’d know what the answer would be if I did ask.

If you think installing a new SSD etc. is acceptable, ask them. If you’re not asking them because you’re worried they’d say “no”, then don’t do it.

Try asking them instead if you can use your laptop to look up directions to the dentist on Google Maps. See if you get the same answer.

There is a difference between using software on a work computer for private purposes and installing another OS on a work computer, don’t you think?

I feel like 10-15 yrs ago, you’d be absolutely right here, but not now. Everyone I know, even less technical folks, keep it separate simply because they do that stuff on their phone instead.

There’s a difference between using a web browser to access certain websites, which still use the sandboxing and safe environment that the company has set up, and running your own OS which has unrestricted hardware access to everything.

IT likely knows that people will use their laptops for personal use, but probably trust that browsers are good enough at sandboxing that is not a concern. They can also tweak settings in whatever Windows management thingie they’re using to ensure that everything is up to date and all the programs you are running are safe.

However, running your own OS is very different. They can’t trust the browser sandbox or OS any more. They can’t trust that you’ll only run safe software. They can’t trust that you’ll not install malware that will infect firmware or your Windows install (which will steal company secrets).

If I were running an IT department I’d 100% lock down the efi and require a password. I’d try to make it as frictionless as possible if you wanted a certain distro for work reasons, but ultimately I’d like to know what’s going on.

Just because people do it doesn’t mean you should.

Using a separate SSD and OS might work fine for protecting your data from company monitoring software, but it doesn’t protect company data from your rogue OS. If your company has a dedicated security team, your head will roll when they find out you put the company at risk. And if they don’t, you better hope IT is either apathetic or incompetent.

It’s not worth the risk of losing your job for being a liability. They might not be able to tell future employers why you are no longer employed with them, but “we would not hire {you} again if given the opportunity” speaks for itself.

Just buy a shitty laptop and use that.

If you have a job that gave you a computer you can probably afford to go buy your own.

Depending on the org this is a fireable offense, and at the very least highly suspect, so just be aware.

Sure, people should not use their work computer for personal use.

This isn’t great. But what you’re wanting to do will get you fired.

and I would bet that when they take their laptop home they would not hesitate to boot it up for personal use. And the people working remotely I would wager use it even more.

Are you willing to bet your job or career on this? If so, proceed. Otherwise, I would heed the multiple warnings given in this thread. But then again, you might just be one of those fuck around and find out types. If so, be sure and drop in here and let us know how well it went.

Your point is valid but the IT department isn’t tracking your shits

Or maybe they are if you work for amazon