How do I dual boot two Windows 7 installations?

Hello. I'm looking for a security solution when it comes to stolen laptops. I would like a solution that involves both full system encryption for the main O/S, and a dummy O/S that is loaded with location tracking and spying software.

The problem with doing this on one O/S is that full system encryption requires a password at boot, meaning the thief will be forced to wipe the HDD and the location tracking software will never get a chance to work. Likewise, I can disable the encryption and use a guest account on a single O/S, but that leaves my files vulnerable. I could also use a Truecrypt container for my secure files, but they are of fixed size, cumbersome to use, and can't protect all sensitive data without mucking up the main user account.

The best solution would be (ideally) as follows:

• One Windows 7 installation fully encrypted using Truecrypt.
• One Windows 7 installation setup as a dummy O/S.
• Grub Bootloader that can load either O/S (Grub supports unlocking Truecrypt).

The two main problems that I have with this setup, is that this requires 5 partitions (2 for each Win7 install, 1 for grub), and I haven't figured out how to reduce this number. I can only have 4 primary partitions on a drive using MBR. Another problem I'm having, is that Windows 7 likes to mess around with the drive letter assignments, refuses to boot from anything but C: drive, and doesn't check UUIDs or anything else when selecting which partition to boot.

I can try to do this with Windows XP as the dummy O/S, reducing the partition number to 4, and Windows XP will boot off any drive letter. Still, Windows has a problem with attacking other Windows installations, and causing general mayhem. Windows does not like to share the HDD with other Windows, go figure.

It feels like a big step backwards that Windows 7 is less flexible than XP when booting multiple O/S, and I'm hoping that there is some trick to getting this to work. I have tried looking into UEFI as well, but getting Windows 7 to work on UEFI has proven equally impossible.

I'm hoping someone more knowledgeable than me can give me some advice, or maybe have some tips and ideas on how to approach this in a different way. I feel like there should be a way to make this work, but I'm out of options. Any help would be appreciated. Thank you!

Either create a partiton on your existing harddrive and install 7 or get a new harddrive and add it to the system and insall 7 on that.

It sounds like you know what your doing.
Ignore my reply.

smarteyeball said:

Is partial encryption (folders vs drive) a possible compromise?

Only if what I'm asking is impossible. Folder encryption (in my experience) doesn't work with protecting temp files, appdata, and other system folders with sensitive information, without potentially corrupting the entire user account. Also, messing with fixed container sizes and symlinks is just a headache. Windows does not like it when your 'Desktop' folder is inside a container that only gets mounted after the Desktop is loaded.

If no Linux - is the Grub loader that necessary?

Yes, because Grub supports booting into the Truecrypt boot loader, which means you can have system level encryption on a single partition, instead of the entire disk. Grub also solves the problem with TC's bootloader lacking a timeout, so if my laptop (for whatever reason) reboots or turns itself on, it won't get stuck at the TC login at full CPU power while locked away in my workbag.

Grub also lets you hide the other partitions and create custom messages. I can make the dummy O/S the default boot on a 5s timeout, hide the second O/S as "Windows System Utilities" (or whatever it's called), and then when that option is selected, make it say "Please insert disc, or press ESC to continue..."

The idea is that, in the seldom occasions I have to reboot or turn on my computer, I just have to select the second option, and enter my password at the fake error message. It's easy and not too inconvenient, and it allows me to have my entire O/S protected by full system encryption.

If a thief were to steal my laptop, he would simply let it boot to the guest O/S, and even if he tried to boot the second option, he would get an error message telling him to press ESC (which is just a clever custom message to cancel the TC bootloader) and boot into the dummy O/S anyway. And once inside the dummy O/S, the other encrypted partition would not even be visible.

I think that, while having most of the HDD locked away from the guest O/S might be annoying for the thief (if he even notices), what is far more obvious and annoying is being stuck inside a standard-level account that requires a password for elevated privileges, and a locked admin account in another persons name.

Most criminals are too stupid to bother reformatting the HDD (that's why they're criminals, after all) unless there's some motivating reason to do so. Giving them an entire O/S to themselves, one that is setup for their maximum comfort (and my spying ability) increases their incentive to just 'leave things be' and not bother with a wipe or reformat.

I'm hoping to gain that advantage, while hiding my main O/S inside a fully encrypted partition. I have all the tools to do this, but the trivial thing that's stopping me is Windows 7 not being able to 'play nice' with two installations of itself. If I can get past that hurdle, everything else should work without a hitch!

Here is another possibility:

Absolute Software Corporation Online Store

So I'm assuming nobody else has any information on how to make two Windows 7 installations play nicely together? That's really what I'm trying to figure out here. I have the other parts worked out, but I can't get two Windows 7 installations to work together.

Please help, thanks!

Your idea of using XP should work fine and without the grub. As long as you install xp first. Never been a problem.

Like I said earlier, grub is a requirement because it can boot .iso files (and .mbr files) and chainloads the Truecrypt bootloader.

But in any case I managed to get it all working. It turns out the "System Reserved" partition is complete BS (for lack of a better term) and Windows can be installed without it, provided you setup the partition tables before installing Windows. This makes things so much easier, since now Windows is installed and booting off the same partition, and I have no problems fitting everything under the 4-partition maximum for the MBR.