How do I dual boot two Windows 7 installations?

[dizzysoul]

Hello. I'm looking for a security solution when it comes to stolen laptops. I would like a solution that involves both full system encryption for the main O/S, and a dummy O/S that is loaded with location tracking and spying software.

The problem with doing this on one O/S is that full system encryption requires a password at boot, meaning the thief will be forced to wipe the HDD and the location tracking software will never get a chance to work. Likewise, I can disable the encryption and use a guest account on a single O/S, but that leaves my files vulnerable. I could also use a Truecrypt container for my secure files, but they are of fixed size, cumbersome to use, and can't protect all sensitive data without mucking up the main user account.

The best solution would be (ideally) as follows:

• One Windows 7 installation fully encrypted using Truecrypt.
• One Windows 7 installation setup as a dummy O/S.
• Grub Bootloader that can load either O/S (Grub supports unlocking Truecrypt).

The two main problems that I have with this setup, is that this requires 5 partitions (2 for each Win7 install, 1 for grub), and I haven't figured out how to reduce this number. I can only have 4 primary partitions on a drive using MBR. Another problem I'm having, is that Windows 7 likes to mess around with the drive letter assignments, refuses to boot from anything but C: drive, and doesn't check UUIDs or anything else when selecting which partition to boot.

I can try to do this with Windows XP as the dummy O/S, reducing the partition number to 4, and Windows XP will boot off any drive letter. Still, Windows has a problem with attacking other Windows installations, and causing general mayhem. Windows does not like to share the HDD with other Windows, go figure.

It feels like a big step backwards that Windows 7 is less flexible than XP when booting multiple O/S, and I'm hoping that there is some trick to getting this to work. I have tried looking into UEFI as well, but getting Windows 7 to work on UEFI has proven equally impossible.

I'm hoping someone more knowledgeable than me can give me some advice, or maybe have some tips and ideas on how to approach this in a different way. I feel like there should be a way to make this work, but I'm out of options. Any help would be appreciated. Thank you!

 

[Zomby88]

Either create a partiton on your existing harddrive and install 7 or get a new harddrive and add it to the system and insall 7 on that.

It sounds like you know what your doing.
Ignore my reply.

 

[smarteyeball]

I would like a solution that involves both full system encryption for the main O/S, and a dummy O/S that is loaded with location tracking and spying software.

So your ultimate goal is to not only protect your data, but to also encourage a thief/buyer to use the laptop in order to recover it. Hence the tracking software on the dummy O/S? Admirable idea.

Unfortunately this plan largely hinges on the laptop falling into the hands of a 'non tech savvy' buyer. Someone who sees two O/S entries, can't access one, so happily just uses the other 'working' O/S. In the interim it's phoning home it's location which you can give to the authorities to aid in recovery.

Admittedly there are buyers like that out there and recovery through tracking is precedented - but most people would simply format the partition anyway to reclaim space after unsuccessfully attempting to gain access to it. You still have a chance of recovering your laptop with a dummy O/S, but you'll lose data either way.


Is partial encryption (folders vs drive) a possible compromise?

• Grub Bootloader that can load either O/S (Grub supports unlocking Truecrypt).

The two main problems that I have with this setup, is that this requires 5 partitions (2 for each Win7 install, 1 for grub), and I haven't figured out how to reduce this number.

Is it just the bootloader, or is there a Linux install attached to the Grub?

If no Linux - is the Grub loader that necessary?

 

[dizzysoul]

Is partial encryption (folders vs drive) a possible compromise?

Only if what I'm asking is impossible. Folder encryption (in my experience) doesn't work with protecting temp files, appdata, and other system folders with sensitive information, without potentially corrupting the entire user account. Also, messing with fixed container sizes and symlinks is just a headache. Windows does not like it when your 'Desktop' folder is inside a container that only gets mounted after the Desktop is loaded.

If no Linux - is the Grub loader that necessary?

Yes, because Grub supports booting into the Truecrypt boot loader, which means you can have system level encryption on a single partition, instead of the entire disk. Grub also solves the problem with TC's bootloader lacking a timeout, so if my laptop (for whatever reason) reboots or turns itself on, it won't get stuck at the TC login at full CPU power while locked away in my workbag.

Grub also lets you hide the other partitions and create custom messages. I can make the dummy O/S the default boot on a 5s timeout, hide the second O/S as "Windows System Utilities" (or whatever it's called), and then when that option is selected, make it say "Please insert disc, or press ESC to continue..."

The idea is that, in the seldom occasions I have to reboot or turn on my computer, I just have to select the second option, and enter my password at the fake error message. It's easy and not too inconvenient, and it allows me to have my entire O/S protected by full system encryption.

If a thief were to steal my laptop, he would simply let it boot to the guest O/S, and even if he tried to boot the second option, he would get an error message telling him to press ESC (which is just a clever custom message to cancel the TC bootloader) and boot into the dummy O/S anyway. And once inside the dummy O/S, the other encrypted partition would not even be visible.

I think that, while having most of the HDD locked away from the guest O/S might be annoying for the thief (if he even notices), what is far more obvious and annoying is being stuck inside a standard-level account that requires a password for elevated privileges, and a locked admin account in another persons name.

Most criminals are too stupid to bother reformatting the HDD (that's why they're criminals, after all) unless there's some motivating reason to do so. Giving them an entire O/S to themselves, one that is setup for their maximum comfort (and my spying ability) increases their incentive to just 'leave things be' and not bother with a wipe or reformat.

I'm hoping to gain that advantage, while hiding my main O/S inside a fully encrypted partition. I have all the tools to do this, but the trivial thing that's stopping me is Windows 7 not being able to 'play nice' with two installations of itself. If I can get past that hurdle, everything else should work without a hitch!

 

[seekermeister]

Here is another possibility:

Absolute Software Corporation Online Store

 

[dizzysoul]

So I'm assuming nobody else has any information on how to make two Windows 7 installations play nicely together? That's really what I'm trying to figure out here. I have the other parts worked out, but I can't get two Windows 7 installations to work together.

Please help, thanks!

 

[Zomby88]

Your idea of using XP should work fine and without the grub. As long as you install xp first. Never been a problem.

 

[dizzysoul]

Like I said earlier, grub is a requirement because it can boot .iso files (and .mbr files) and chainloads the Truecrypt bootloader.

But in any case I managed to get it all working. It turns out the "System Reserved" partition is complete BS (for lack of a better term) and Windows can be installed without it, provided you setup the partition tables before installing Windows. This makes things so much easier, since now Windows is installed and booting off the same partition, and I have no problems fitting everything under the 4-partition maximum for the MBR.

 

[karlsnooks]

Creating a Dual-Boot System with Windows 7

Boot2VHD-Part 1-Overview of Native Boot To VHD - ITProGuru Blog by Systems Management Expert Dan Stolts - Site Home - TechNet Blogs

 

[karlsnooks]

Dizzy,
You do realize: 2 Win 7s = 2 Win 7 licenses

 

[Layback Bear]

Just a thought. Unless the hard drive has the tracking device. Any body that knows and wants the information on the laptop world just take the hard drive out and have their way with the information.

 

[karlsnooks]

Lojack for Laptops by the Absolute Software people is an interesting program which will also put info into the bios. They've spent a good bit of time to thwart nearly all theft attempts.

 

[fjawor]

The best solution would be (ideally) as follows:

• One Windows 7 installation fully encrypted using Truecrypt.
• One Windows 7 installation setup as a dummy O/S.
• Grub Bootloader that can load either O/S (Grub supports unlocking Truecrypt).

Any ideas on how to do this?

Thanks

 

[gregrocker]

Do not use the GRUB bootloader which can corrupt Win7 beyond repair when on the same HD - we see it a lot here.

Win7 will autoconfigure a Dual Boot when you install it as second OS, works exactly as shown here: Dual Boot Installation with Windows 7 and Vista

This is a convoluted theft solution - a dummy OS will only fool a dummy. A thief will wipe the HD which deletes both OS's at once.

Look at the solutions presented more recently here: http://www.sevenforums.com/general-discussion/201288-stolen-laptop-devastated.html

 

[Layback Bear]

I have never tried to steal a laptop so I just guessing but couldn't one just take out the motherboard battery and clear Lojack and the bios. I'm thinking one should keep the computer in their possession or locked up in a safe place. My understanding is that most punks that steal laptops don't want the information they just want the laptop. It would take a ton of money and time to get encrypted information off of a hard drive. If that information has that much value to others your laptop needs a armed guard.

 

[fjawor]

Do not use the GRUB bootloader which can corrupt Win7 beyond repair when on the same HD - we see it a lot here.

Win7 will autoconfigure a Dual Boot when you install it as second OS, works exactly as shown here: Dual Boot Installation with Windows 7 and Vista

This is a convoluted theft solution - a dummy OS will only fool a dummy. A thief will wipe the HD which deletes both OS's at once.

Look at the solutions presented more recently here: http://www.sevenforums.com/general-discussion/201288-stolen-laptop-devastated.html

But the windows 7 boot loader will not work with truecrypt. Only GRUB will.

Also, I am not trying to fool anyone with this. This is just because my siblings and I use the same computer and I have some confidential work stuff that I do not want them to get into.

 

[DeaconFrost]

I feel like people come up with the most wild, of-the-wall, how-to questions every day.

If you are worried about your laptop getting stolen, take steps to protect it, and then get LoJack if you are truly worried about it.

 

[dizzysoul]

Do not use the GRUB bootloader which can corrupt Win7 beyond repair when on the same HD - we see it a lot here.

Win7 will autoconfigure a Dual Boot when you install it as second OS, works exactly as shown here: Dual Boot Installation with Windows 7 and Vista

This is a convoluted theft solution - a dummy OS will only fool a dummy. A thief will wipe the HD which deletes both OS's at once.

Look at the solutions presented more recently here: http://www.sevenforums.com/general-discussion/201288-stolen-laptop-devastated.html

But the windows 7 boot loader will not work with truecrypt. Only GRUB will.

Also, I am not trying to fool anyone with this. This is just because my siblings and I use the same computer and I have some confidential work stuff that I do not want them to get into.

I had noticed your reply through an e-mail in my junk folder, and I had typed out a long and informative reply that guided you through the setup process.

Unfortunately this terrible forum auto-logged me out while I was typing it and gobbled up the reply, even though I am using chrome (which protects form data from this), which is an impressive feat but also an example of how this forum is terribly coded.

If you are still interested then please respond and let me know. Thanks!

 

[dizzysoul]

I feel like people come up with the most wild, of-the-wall, how-to questions every day.

If you are worried about your laptop getting stolen, take steps to protect it, and then get LoJack if you are truly worried about it.

These are steps to protect it silly. LoJack is just as susceptible to a drive wipe, unless you buy a laptop with the hardware level protection built-in. By the way, it costs money, plus a subscription, plus once it's activated it will remain active for the life of the laptop, even after your subscription expires. There's virtually no possible way to remove it. Oh, and it has been abused before.

I see you have a lot of fancy badges, so why are being so negative and unhelpful?

 

[DeaconFrost]

It isn't being negative or unhelpful...just because you don't like the answers given. What you are asking is like buying a second car and towing it around with you in case the first one is stolen. My comments are not in response to just you...but to the outbreak of people overthinking solutions. Usually, a person asks about dual-booting Windows 7 so they can *ahem* optimize one for gaming.

Laptops don't get stolen if you are careful and use your head. In the rare event they do, you can always us a combination of strong user account passwords and some level of an encrypted partition on your drive to store whatever material it is you are worried about someone getting. That only requires one license, and a little bit of time.

If you wish to go more in-depth than that...do what many of us do. Use a home tower for anything of value and use, and then use a laptop basically as an internet terminal for travel, school-work, business-travel...whatever you are involved in.

I'm a big believer in the K.I.S.S. methodology.