restricting access to volumes disk even for admin account windows
I am running windows 7 x64.
I am sharing my PC with a brother who plays a lot of games and runs all kinds of questionable programs that might have trojans, etc. A lot of that software needs admin privileges to install/run, especially the games. I want him to play games on his own disk, without damaging/corrupting my disks (which has already happened twice).
Is it possible to completely restrict access to either folders or entire volumes / disks to processes running with admin privileges?? And admin users?
I'm not too happy about going the encryption route as it will be impossible to access the data without Win7, and also, its time consuming - i have several large disks.
I do not mind running two copies of Win7 in separate partitions, as long as admin account & hostile processes in one Windows cannot see the disks accessible to the other copy of Windows.
Thanks.
Solution 1:
You do have options. You may not like them.
Physical control. There are hot-swappable drive bays (which I mention because they are designed for ease of swappability, not because you would EVER want to swap them while the machine was running), or you might be able to find a physical switch that will switch between two hard drives.... I've never seen one, but I've never looked. In any case, if the drive is not attached to the machine, he can't affect it, regardless of privileges.
-
Encryption. You can use OS-independent encryption like TrueCrypt. The time-consuming part is one-time (only for encryption), and you should be able to decrypt it later, regardless of the OS you use. I've found encrypted hard disks not to noticeably affect performance even on a limited CPU like a laptop. The down-side of this option is twofold.
A. Since the hard drive is still connected, your brother could still corrupt the attached, encrypted disk.
B. You are vulnerable to the "Evil Maid" attack in the situation where your brother acquires super-sophisticated spyware / viruses.