Windows – How to achieve better isolation with Windows 10 multiboot

bitlockermulti-bootwindowswindows 10

My Setup

My setup looks like this:

  1. Drive 1: Windows 10 System Drive – Joined to company domain.
  2. Drive 2: Windows 10 System Drive – Joined to personal domain.
  3. Drive 3: Fixed drive – additional storage for Drive 2.

This gives me multiboot and allows me to share a hardware while keeping my work licenses and files separated from my personal.

Problem

Ive noticed there is still some cross contamination between the 2 OS's.

  • In the file explorer, I can see and view the contents of all drives, including the additional system drive.
  • Somehow, OS 1 detects my Microsoft account used on OS 2. It offers to let me log into my Microsoft account used in OS 2 in desktop apps (ex: OneDrive, SharePoint Designer).

Proposed Solution

I believe I can disconnect Drive 1 and use BitLocker to encrypt Drive 2 and 3. One risk here is that once encrypted, OS 1 will still have some knowledge or hooks to OS 2 and once encrypted, will make OS 1 angry. I learned this the hard way on a previous attempt when encrypting drive 3 (which is where my OneDrive folder lived) with a password (not a TPM module) and didn't give the system drive on drive 2 a way to unlock it automatically.

So my question is: is this a safe approach? Is there a better way? Will this achieve the isolation I am looking for?

Best Answer

You can detach other instance's partitions in each instance. Windows will be aware that other partitions exist, but no program will be able to access them. This is completely safe and doesn't affect your data. Partitions can be re-attached if you ever need them.

Repeat these steps in both instances of Windows:

  1. Press Win+R and type diskmgmt.msc, press Enter. Disk Management window will open.

  2. Identify the partition you don't want visible and right-click it. Choose Change Drive Letter and Paths....

  3. Select drive letter on the list and click Remove. Windows will warn you that this may have unpleasant side effects. If both of your systems are perfectly separated, it shouldn't cause any problems.

  4. Open Windows Explorer and confirm that the drive is no longer available.

Related Question