I’ve got a new work laptop from my employer. The old one is not necessary anymore for work related stuff. As I have an ancient personal laptop and a budget is a bit tight currently, I thought to use old work laptop for personal stuff.
I already installed Win10 LTSC and plan to encrypt the complete OS with VeraCrypt and on another partition to add Linux Mint (with LUKS) and dual boot it, but mainly will use Win.
As I can use this old laptop however I want it, I just have to return it once I decide to leave, my question is, how safe is to use it this way? Beside the mentioned complete encryption, my plan is to zero-fill it (or whatever it’s called) before I return it, so I’m not sure would someone be able to recover my data?
As this is a work laptop, head of IT admin department told me they are sending these to be recycled, but they are destroying SSDs. So most likely nobody will try to recover it anyway, but I would like to see, if someone would like to, is there any chance for that?
~~As long as the laptop is no longer managed by the company, and you are not logging back into your company’s AD then it is just another laptop, no special concerns here.
In terms of destroying data before returning, if you FDEed with veracrypt with good password, then i would say even quick format would be enough, no one can crack it anyway, unless you stored national secrets there and want to be 10000% sure, then zero fill it.~~
Edit: Please ignore my text above and note This reply
I highly disagree here and I believe this is very dangerous advice in fact.
Please note your work laptop (the laptop you do work on) is subject to any kind of investigation the company would be placed under. Meaning that it can be seized when the company is any kind of trouble.
Why not just buy an SSD and install it in the Laptop? SSDs are cheap and it alleviates all the concerns you mention. Just keep your SSD when you return the laptop. You could return their SSD immediately for IT to dispose of or re-use.
If your using it for personal use, I would not connect it to your works network anymore or do work stuff on it.
First of all, get a written confirmation from IT that you can use that old laptop as your own. Many companies are selling old laptops to their employees for a very cheap price.
After getting confirmation, ask IT team to release the laptop. It is most likely enrolled in a MDM program, like Intune and even if you change disks, laptop will try to register itself to company portal.
Another point. It is a company property, not yours, unless otherwise is communicated to you in written form. Whatever you do to modify the system, will be illegal.
I agree with ph00lt0 and Bhaelros. This is unusually generous of your IT department, and frankly I don’t think they’re following best practice. The safest legal option for you is to send back the laptop right away without doing anything not work related (get a shipping label from IT).
If your heart is set on using the laptop for personal stuff, first, get it in writing that you’re allowed to do so. Even then, don’t do anything sensitive like banking or look up NSFW stuff, and don’t mine crypto.
Is this really that unusual? I have gotten recycled / retired PCs from pretty much every job (over multiple fields) I have been in. Most large businesses have a set cycle that they go through hardware. One firm I worked at it was every three years and, all of a sudden there would be a ton of Optiplexs up for grabs.
The key here is OP verifying that they are actually allowed to take this laptop and keep it for personal use.
I would assume those computers were cleaned up by IT before giving them back out. If I understand OP correctly, they are hanging on to a work laptop without any clean up from IT before transitioning to personal use.
Since it’s a work laptop that means they own the hardware. It’s just too easy for them to install a keylogger to make sure you’re not abusing their system.
It’s 100% worth it to buy your own personal laptop that’s separate from your work laptop.
After I read all these replies and different opinions, I agree with you all, I won’t use it for any personal stuff.
Unfortunately, the only problem I made is, I already installed “new” Win and basically run over the version which was the one I used for work. The device has no rootkits or keyloggers, otherwise I would see it at network level firewall/logs. Besides, they are shipped directly from a supplier to us.
I installed Win before opening this thread, which wasn’t that smart now when I think of it. I did hwid registration and it has a valid Win license now for LTSC. Meantime, I did NVME Secure erase, so the device is currently without OS.