1

Here at the company where I work we have created a custom Windows 7 image for our computers. When we have an issue, or receive a new computer, we just re-image them with our master backup. We have done this for about a decade.

Recently, however, we have discovered that customers are taking our image through dos-based usb drives and installing it on their own computers.

Is there a way to protect our image from being copied? Would encrypting the drive prevent someone from doing this?

Thank you, Luke

Improve this question
2
  • It's not clear what customers do...I imagine that only employees have access to the image and you never leave it in the hands of customers. How exactly do they copy it? Could you better describe the environment, like, who is "we" and who are the customers?
    – simlev
    Commented Mar 30, 2017 at 14:50
  • I work at an engine manufacturing company. We send computers to our customers who place the computers on their trucks to log data. The problem is, since they have physical access to the computers, they decided to make their own alternative computer solution, so they are taking our images using DOS based imaging usb drives, and are installing the images on their own computers. Does that help?
    – Luke R
    Commented Mar 30, 2017 at 14:57

1 Answer 1

Reset to default
0

Normally the image would have all the required drivers and software but would not have been activated with a serial key. This happens after the imaging process manually by a member of IT. If the image was stolen and used, after 30 days the machine enters the not licenced mode if the user does not activate with a key.

It sounds like your image is fully activated, I recommend deregistering the licence from the image template.

If the image is stored on a separate partition you could bitlocker encrypt the partition with a password that only your company knows.

Improve this answer
4
  • The problem here is that they can still take a copy of the image after it has been activated. A better method would be some kind of hardware dongle or key that is embedded within the computer.
    – Mokubai
    Commented Mar 30, 2017 at 15:11
  • @Mokubai - There is an easier solution. Configure the Windows so it will not mount USB drives and configure the firmware so always boots from the HDD first and password protect it from changes.
    – Ramhound
    Commented Mar 30, 2017 at 15:25
  • @Ramhound I agree, firmware lockdown would block this simple kind of attack, but would not prevent someone from dismantling the machine and passing the drive through a cloning machine. Clearly a multi pronged defense, probably including threat of legal action, might be best.
    – Mokubai
    Commented Mar 30, 2017 at 15:36
  • 1
    @Mokubai - I am pretty sure people would notice hardware missing HDDs, a HDD clone process, can be done in a couple hours on a swing shift. Honestly this is less of a technical/software problem and more of a people problem, one that can be solved by, having a clause in a contract (IMO)
    – Ramhound
    Commented Mar 30, 2017 at 15:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .