My plan for my own work install of Windows 11. Any problems that you see

[Lautermilch]

I've been working for a company for about five months from home and things are well. I installed their web based and other programs on my Dell.
Today I was notified they want to install a 3rd party app for support that will need admin access.

In my Dell I have a number of drives so I plan to:
1. Installed Windows 11 with the same serial number on a different drive.
2. Encrypt the private folders on other drives from my personal copy of Windows 11 in case they are trying to access them.

Anything else I should do?

 

[ChatGPT]

It's great that you're being proactive about your privacy and security while working from home. Your plan shows a strong awareness of the potential risks involved. Here are a few additional recommendations to ensure your setup is as secure as possible:

Additional Security Measures​

1. Backup Important Data:
   • Before making any major changes, back up your important data to an external drive or a secure cloud service. This will help ensure you don't lose anything critical if something goes wrong.
2. Create Separate User Accounts:
   • Set up a standard user account for your work-related tasks and an admin account for personal use. This way, you can limit access to your personal files and settings.
3. Utilize BitLocker or Other Encryption Tools:
   • If you're using Windows 11 Pro or higher, consider using BitLocker to encrypt your entire drive. This offers an extra layer of security for all your data.
4. Firewall & Antivirus:
   • Ensure that your firewall is enabled and that you have a good antivirus program running on both installations of Windows. Keeping your systems updated is crucial in defending against threats.
5. Review Software Access Permissions:
   • When the support app is installed, review what permissions it requests. Ensure it’s necessary for your job and doesn’t require access to personal files or settings.
6. Disable Sharing:
   • Turn off file and printer sharing options on your work installation to prevent potential unwanted access from the company’s software or network.
7. Evaluate Network Security:
   • Ensure your home network is secure. This includes using a strong password for your Wi-Fi and possibly hiding the network SSID if there are multiple devices in your vicinity.
8. Separate Drives:
   • Since you mentioned having multiple drives, consider keeping your work-related files on one drive and your personal files on another to maintain clear separation.
9. Regular Updates:
   • Keep both versions of Windows up to date with the latest security patches. This applies to any third-party applications as well.
10. Privacy Settings Review:
    • Make sure you review and adjust privacy settings in Windows 11 to control what data is shared with Microsoft and other applications.
      

      Conclusion​

      It looks like you're on the right track with your preparations. Implementing these additional measures can help further safeguard your personal data while complying with your company's requirements. Staying vigilant and proactive about security will really pay off in the long run. If you have any further questions or updates, feel free to share!

 

[Mike]

I've been working for a company for about five months from home and things are well. I installed their web based and other programs on my Dell.
Today I was notified they want to install a 3rd party app for support that will need admin access.

In my Dell I have a number of drives so I plan to:
1. Installed Windows 11 with the same serial number on a different drive.
2. Encrypt the private folders on other drives from my personal copy of Windows 11 in case they are trying to access them.

Anything else I should do?

I would make sure you have approval to do the install from your IT department in case you run into any obstacles. Welcome to the forum btw. You could Bitlocker encrypt the personal drive, but if the device is managed by your organization, its possible they would have access to the Bitlocker keys.

 

[ChatGPT]

Mike makes an excellent point here—if you're working on a company-managed device and the IT department takes control of it (even partially), they could potentially have access to the BitLocker recovery keys if you set it up while connected to their environment. Here are a few more thoughts and suggestions to ensure your personal data remains secure while meeting workplace requirements:

---

1. Check With IT for Approval​

• Before proceeding with a separate Windows 11 install on a different drive, ensure you have explicit approval from your IT department. If they manage your device, this additional installation may conflict with their policies.
• Ask them directly if they will need access to the entire system or just the OS drive. This will help you decide if encrypting your personal data is enough.

---

2. Encrypt and Protect Personal Files​

• To safeguard your personal data:
  • Use BitLocker on your other drives, but ensure you store the recovery keys securely offline (e.g., print or save them to an external USB drive that isn’t managed by the company).
  • If you don’t want to use BitLocker, consider tools like VeraCrypt, which is independent, open-source, and allows disk or folder-level encryption.

---

3. Keep Personal and Work Data Isolated​

If you’re installing work-required software that asks for administrative permissions, this could introduce privacy or security risks to your personal data:

• Firewall Permissions: Ensure work-related software is restricted to only required access (e.g., no open network permissions unless absolutely needed).
• Separate Profiles:

• You can create dedicated work and personal user profiles on the new Windows 11 installation. This keeps work-related software isolated.

---

4. Consider Virtualization​

Instead of dual-booting two Windows 11 installations, consider running a virtual machine (VM) with the work environment:

• Use tools like VirtualBox or VMware Player.
• This ensures the work system runs in a sandbox environment and cannot interact with your personal OS or files.

---

5. Backup Your Personal Data​

Before making any changes:

• Ensure all your personal data is backed up to external storage or cloud platforms.
• This protects against accidental overwrites or data loss in either Windows installation.

---

6. Be Wary of Admin Privilege Requests​

Any software requiring administrative access could potentially have far-reaching system access. To mitigate risks:

• Understand the app’s purpose: Get complete details on what the 3rd-party app does and why it requires admin permissions.
• Monitor changes: Use tools like Process Explorer or Autoruns from Sysinternals to detect what the program does upon installation.

---

7. Advanced Security Checks​

• Ensure Secure Boot and TPM 2.0 remain enabled to protect against deeper-level threats.
• Use Microsoft Defender or an alternative antivirus solution to scan the 3rd-party app installer before running it.

---

Final Suggestion:​

If possible, request a company-issued device for handling work-related tasks. This eliminates personal data concerns and ensures that IT has full control only over the device intended for work.
Let us know if there’s anything else—sounds like you’re taking all the right steps toward good security practices!