How to mitigate any privacy-related risks associated with taking your laptop for repair?

Unless your hard drive is encrypted linux tools can be use to blank any local windows password.

Put a second hard drive in, removing the first and don't put anything sensitive on it in the first place. Leave the password blank or password, and bring it in for repair.

If your data is that sensitive surely it is worth the cost of a second hard drive.

Another option, place all your sensitive data in an encrypted volume and don't save the password or hand it out. However, changing the location of files per program to the encrypted volume would take more effort that the other options. Also you can clone the original hdd to a new hard drive and wipe and reload the original one. If you want to keep the original hard drive in the machine.


Physical access to a system is the trump card of security.

Passwords can be bypassed, locks broken, data copied, software installed...the list of threats is impressively long. But you may have no choice but to find a way to minimize your risk if you need your system serviced. Here are some options:

1. Request a remote troubleshooting session.

While this won't allow the repair shop to troubleshoot all possible computer problems, an experienced technician can discover a lot about a system's health without physical access to the PC. In a remote session it's normal that the customer participate and watch the tech's every move. Most remote access programs are explicit about files being transferred to/from the system, granting you further oversight. If at any point you don't feel comfortable with what you see you can kill the network connection, ending the session.

2. Remove the hard disk.

Since the problem you're experiencing may be strictly hardware related, you could take the machine in without its hard disk. (If you're not comfortable doing this yourself, have the technician do it while you watch when you drop the PC off.) Explain to the tech that you have confidential data and that if he needs a running OS you'll gladly pay for the extra time it will take to install a temporary drive and an OS on it. A good repair shop will have access to a spare hard disk and installation media for all major operating systems, making this a reasonable request.

Be prepared for the possibility your problem is caused by something unique to your installation of Windows. In this case, proper diagnosis will require your instance of Windows to be present for troubleshooting, reducing the suitability of this strategy.

3. Encrypt the sensitive data on the machine.

There are a number of good tools available for encrypting files, folders, or entire volumes. If you know specifically what data needs protection, this is a good option.

If you go the route of encrypting select files or folders, it's critical that you scrub the free space on your disk after encrypting the data. In most cases when a file is encrypted, a new, encrypted file is written to disk, then the unencrypted file is deleted. This leaves the original file vulnerable to data undelete utilities. A tool like Sysinternals' SDelete can be used to prevent such recovery programs from finding any unencrypted data.

This option is best if you know the location of all data that needs protection. As stated in the OP, and as is generally true for many systems, it can be hard to secure everything. Full volume encryption is perfect for in this case, but if the repair shop needs access to your specific instance of Windows to properly troubleshoot the problem, you'll end up needing to grant the technician access to the unlocked disk volume, defeating the encryption altogether.

4. Take the machine to someone you trust.

Given the drawbacks to some of the above options, this may be a necessary strategy. The very fact you need outside help to maintain your system suggests you will eventually end up with a problem that requires your service technician to come in contact with your sensitive information. Should that day come, it would be handy to have someone you know that has a professional work ethic and can be trusted with other people's personal details--trusted to access the least data required to perform the repair, glance past personal information, forget quickly, and get the job done. It can be done. I do it every day.

Ask around. Technicians with a reputation of trust receive personal recommendations from people with their own secrets that must be kept. Many people in positions with access to sensitive information have to rely on someone else to service their computers, especially at home. You may know such people.


The easiest way is to remove the hard drive before taking it in for repair. Presumably the technician can use a USB disk to diagnose the problems.

Alternatively - and not ideally - watch over the techs shoulder as he does the repair.