Travel Technology - Combining work and personal on a laptop

I have just started a new job with a 'real' company (as opposed to academia).

This company has a very strict security policy which says that basically nothing except work software or data can be added to their machines, and 'personal' machines don't get access to the mail server (except via webmail) or the VPN.

How do other frequent travelers deal with this? Do you carry 2 machines when you travel? If not, how do you deal with things like watching DVDs, listening to music or Audible books, manipulating photos or (for this forum) using KVS?

Thanks,

Dr. PITUK

Just buy an extra laptop hard drive. might cost you like $150. Then you just put the work hd in when its work time and swap it out with the other when your done. thats what i do.

The hard drive suggestion is a good idea, or, if size is an issue, you can get memory sticks that you can wear around your neck that are pre-loaded with a linux distribution, complete with office software, an email client and a web browser.

Just boot the memory stick up for personal use, and use the hard drive for work.

I carry 2 laptops, because the personal one is a Mac.

I've used the secondary hard drive option as well, and it's a bit of a pain. If you are on the personal system you can't use the work system, and vice versa. My ADD is such that multitasking R us....

I'd recommend trying out the flash drive idea. The Linux distro is the slimmest solution, but if you aren't comfortable with that, take a look at this one that says you can run windoze on a flash drive: http://www.consumerelectronicsnet.com/articles/viewarticle.jsp?id=136168

An external travel HD is a good idea. DVD's play without adding files. I like the idea of booting to another OS. You can even find - by searching around - an XP os that can be installed on a flash drive and booted. There are many applications that are portable, that don't add files or any entries to the registry.

About the only case that would be impossible is if the laptop was loaded with something like Pointsec. In which, you're extremely limited in your options to use the laptop. Also, some laptops installed with certain VPN software, might require that all Internet access be directed through the corporate gateway and only specific software could be run from the laptop.

Best to check with your IT people.

I leave my personal system at home and use remote desktop to keep up with things.

My company also has a policy about personal stuff on the company laptop; however, as long as you are not doing porn or malware, they don't give anyone any grief over a few programs.

I've run into that at my new job. I won't use one of the locked-down firm laptops -- they're too restricted, even for my work. I'll make do with Citrix and webmail and use my own laptop. However, I'm planning to have a nice heart-to-heart with our IP director and see if I can't convince him that I pose no risk to the firm's computer security by connecting directly to the exchange server.

My company also has a policy about personal stuff on the company laptop; however, as long as you are not doing porn or malware, they don't give anyone any grief over a few programs.

Yeah, our official policy is like that too...but I have Firefox installed and various other little things. No one's cried foul yet.

The really dumb thing is that you can't run a file called "setup.exe". You can run a file called "Copy of setup.exe" however. Ctrl-C, Ctrl-V. :)

Any suggestions on where to get Linux on a flash drive or do you just make an image yourself? Have you tried using this in public computers as well? Thanks.

Pendrivelinux.com (http://www.pendrivelinux.com/) has instructions to do it yourself. There are also custom Linux PC makers who will pre-do one at a very cheap price (this place (http://store.madtux.org) for example).

To the OP - I would second the earlier suggestion of a remote access program. I have some mobile apps that let me get to personal email, web, etc on my phone - but use LogMeIn (https://secure.logmein.com/home.asp)if I need to get to my full home PC.

Thanks for the suggestions. I will have a talk with the IT people. If that doesn't work I will try the pen drive or just buy a personal laptop and accept that it will be limited.

Thanks,

Dr. PITUK

I liked in that would too, until I broke down and got a Macbook and started carrying 2 laptops. Its a backbreaker but for me (especially currently), its worth it.

Previously, I tried everything. When I first started with my current company they were using Windows 2000...so I made a new partition, installed XP and bound it to my own domain... no real problems, I called the helpdesk and got the installer for the VPN package... I just had to authenticate to email since it wasn't getting it from NTLM... Then I realized that created more problems than it was worth. After that I tried everything from dual booting to VMware with either windows or Linux.... my last iteration was to dual boot b/c I was not 100% convinced that the company wasn't taking periodic screen shots.

Another solution is simply to use Remote Desktop. If you have a machine running XP pro at home and have a way to get secure access back to that machine then you can use Remote Desktop and actually use your home computer just like you were in front of it. That, with a good webmail for personal use might just do the trick.


Bottom line, now I have to mess with 2 computers in security, but I'm so much happier.

Sony used to have a nice laptop where you could replace the HDD with another one in only 10 seconds without any tools. I loved it. This is also possible on my Thinkpad T42 and T40 if you dont use the bottom securing screw. You need an extra caddy for all of these.

MisterNice

Do the new Linux on a USB drives work with new Intel based Macs? Has anyone tried this? Thanks.

I leave my personal system at home and use remote desktop to keep up with things.


I do this, too, only the other way around - I travel with a personal laptop and use remote desktop to work on my company computer, which I leave at my desk. I can also get to my corporate email via VPN on my personal laptop.

Sony used to have a nice laptop where you could replace the HDD with another one in only 10 seconds without any tools. I loved it. This is also possible on my Thinkpad T42 and T40 if you dont use the bottom securing screw. You need an extra caddy for all of these.

MisterNice
YOu need one of these for a ThinkPad T4x series: ThinkPad 2nd HDD Adapter for Ultrabay Slim (http://shop.lenovo.com/SEUILibrary/controller/catalog.workflow:item.detail?GroupID=38&Code=41U3148&model-number=2379). It's hot swappable in the CD/DVD bay. You can install a complete OS on it and boot from it.

1. Don't always take policies so seriously. What's the expression, rules are just guidelines?
2. Become friendly with your company IT staff. Offer to buy someone some beers or dinner.
3. Try to get local administrator access to the pc. If you can't find someone in IT, there are programs where you can crack the local admin password :).

I'm not saying to load all kinds of junk on the machine, and you should be cautious, but at the same time some policies go too far, especially if you travel, etc.

In places I've worked generally a user may not by default but can get local admin access to the box. The understanding might be for instance that if something goes wrong the pc would be reimaged and the third party software not necesarily supported.

I would quite likely circumvent any rules before I carry two laptops or do something crazy and tedious like that :).

1. Don't always take policies so seriously. What's the expression, rules are just guidelines?
2. Become friendly with your company IT staff. Offer to buy someone some beers or dinner.


You must not work for a big company. Not trying to sound rude at all...but that's not happening in a major IT shop.

Any given day I have b/t 5 an 10 million medical records on my laptop. Sure I can take out the battery and short the CMOS password out and I could dump the hashes and get the local admin password (we are also local admins fortunately) but I dont want to do that. I dont want them to ever suggest that any of the data was compromised b/c I loaded some for personal use. And if they found out I have the feeling they wouldn't be so nice about it. There's a reason for the policies.

I'm not a mindless follower and I have to resist my hacker urges every day... but in the end it just made sense to carry a personal laptop.

1. Don't always take policies so seriously. What's the expression, rules are just guidelines?
In some firms, including mine, violating IT rules is a termination offense.

2. Become friendly with your company IT staff. Offer to buy someone some beers or dinner.
I'm very friendly with my company IT staff. They won't risk their jobs by subverting the IT rules for the firm, nor would I ask a friend to do so.

3. Try to get local administrator access to the pc. If you can't find someone in IT, there are programs where you can crack the local admin password :).My firm won't allow users to have local administrator access. Cracking the password is a termination offense.

I'm not saying to load all kinds of junk on the machine, and you should be cautious, but at the same time some policies go too far, especially if you travel, etc.I agree that policies go too far (a reflection of the old "white coat, computers in a locked refrigerated room, limit access" mentality). However, setting yourself up for termination makes no sense.

In places I've worked generally a user may not by default but can get local admin access to the box. The understanding might be for instance that if something goes wrong the pc would be reimaged and the third party software not necesarily supported.That's a very sound policy. Unfortunately, it's not one in place in many organizations.

I would quite likely circumvent any rules before I carry two laptops or do something crazy and tedious like that :).I won't risk my job by doing that. Instead, I use my personal computer and make do with the kludges, e.g. Citrix, provided by my firm.

In some firms, including mine, violating IT rules is a termination offense.


I'm very friendly with my company IT staff. They won't risk their jobs by subverting the IT rules for the firm, nor would I ask a friend to do so.

My firm won't allow users to have local administrator access. Cracking the password is a termination offense.

I agree that policies go too far (a reflection of the old "white coat, computers in a locked refrigerated room, limit access" mentality). However, setting yourself up for termination makes no sense.

That's a very sound policy. Unfortunately, it's not one in place in many organizations.

I won't risk my job by doing that. Instead, I use my personal computer and make do with the kludges, e.g. Citrix, provided by my firm.

I've told myself I will never work for a company where I don't have total control over my laptop. So far, so good.

I've told myself I will never work for a company where I don't have total control over my laptop. So far, so good.My priorities for employment involve considerations beyond whether I have control over a firm laptop.

Another option is to use VMWare Player and make your own standalone appliance that you can just run when you need to do the personal stuff and have a little contained environment. This requires the very thin installation of the free VMWare Player, so you could see if you can get sign-off on just that installation, but after that you can have a whole "virtual" machine.

I do this so I can have a totally customized network testing environment that doesn't mess with my production laptop. I know some people are fine with traveling with multiple laptops, but I'm always trying to find ways to drop weight with my travel stuff, so I wouldn't imagine having to hork another laptop around as well.

Another option is to use VMWare Player and make your own standalone appliance that you can just run when you need to do the personal stuff and have a little contained environment. This requires the very thin installation of the free VMWare Player, so you could see if you can get sign-off on just that installation, but after that you can have a whole "virtual" machine.

I do this so I can have a totally customized network testing environment that doesn't mess with my production laptop. I know some people are fine with traveling with multiple laptops, but I'm always trying to find ways to drop weight with my travel stuff, so I wouldn't imagine having to hork another laptop around as well.
This is an interesting idea. I already have my own laptop, and I won't allow IT to image it with their restricted installation. However, I'm going to propose to IT that I install their image in a virtual machine (I'll use Virtual PC, which is already running well on my computer), and use that for connecting to the office, both via the LAN and when I'm outside via VPN. It's not an ideal situation for me, but it will let me work as I need to, and may even let me eliminate the otherwise superfluous desktop in my office.

Thanks!

Im still curious about the USB bootable Linux. If I did that would I be able to mount the actual hard drive or a partition of it under the Linux OS that was running on the USB? Thanks.

Im still curious about the USB bootable Linux. If I did that would I be able to mount the actual hard drive or a partition of it under the Linux OS that was running on the USB? Thanks.

Yes. You'd be able to mount anything. Note: NTFS write support isn't mature yet, but reading is OK.