Dual Catalina boot machine to separate work and home systems.

Question

Level 1

16 points

Dual Catalina boot machine to separate work and home systems.

I would like to separate and isolate my work data (emails, apps, google drive, etc) from my home data (emails, iCloud storage, accounts, etc). I have been looking into making my laptop a dual boot Catalina machine and so far have installed a second OS on an APFS volume. All seams to work fine except every time I log in I am asked by Security Agent to authenticate as a user from the other OS partition in order to decrypt the volume and mount it.

I actually don’t want any connectivity between the two OS’s - the two Volumes - and ideally I don’t want to be asked to mount the other volume every time I log into the machine.

Question: If I used a partition (container) rather than a volume, would the OS still want to mount the other OS at log in?

Question: Is there a way to completely isolate partitions/containers/volumes from each other on a single disk such that two instances of the OS are completely independent and secure?

Many thanks in advance for your insights.

MacBook Pro with Touch Bar

Posted on Mar 14, 2020 2:39 AM

Reply

Answer 1

xnav

Level 5

7,113 points

Mar 14, 2020 7:05 AM in response to Phil.W

I actually don’t want any connectivity between the two OS’s - the two Volumes - and ideally I don’t want to be asked to mount the other volume every time I log into the machine.

If you click 'Cancel' on the authentication prompt the mount will be abandoned and the alternate volume will be unavailable. Won't this meet your needs?

Reply

Answer 2

Old Toad

Level 10

215,544 points

Mar 14, 2020 10:51 AM in response to Phil.W

Have you considered having your work system and data on an external SSD and boot from it when needed?

Otherworld Computing (MacSales.com) offers a variety of excellent external SSDs. You can go with USB 3 connectivity or the more expensive Thunderbolt.

I boot from an external SSD with USB 3.1 connectivity in about 50-55 seconds. Booting into my internal SSD is about 25-30 seconds. Once booted the performance seems the same. When not in use the external SSD can be stored in a protected environment.

Just some food for thought.

Reply

Answer 3

Ronasara

Level 6

15,519 points

Mar 14, 2020 1:59 PM in response to Phil.W

Old Toad makes some excellent suggestions. I might add the following for consideration. If I understand correctly, your laptop is provided by your employer. Yes, I would get a good external SSD drive. You could then keep all your personal files on that drive and use the internal drive for business. Then when, and if, you get another computer for personal use, it is an easy matter to then copy your personal files on to it. That is how I would do it.

Reply

Answer 4

Mar 14, 2020 5:51 AM in response to Phil.W

It would be much simpler to just add another user account— admin or not your choice.

"Fast user switching" requires no reboot to partitions.

Set up users, guests, and groups on Mac - Apple Support

Do you specify what exact Mac /model /year /size /retina /touchbar is this

or what exact macOS you are currently running?

Computers with the T2 chip, security is not an issue—

ref: macOS - Security - Apple

https://www.apple.com/macos/security/

Reply

Answer 5

Phil.W Author

Level 1

16 points

Mar 14, 2020 6:52 AM in response to leroydouglas

Thanks.

So you're right, it would be much simpler to create a different user account, but . . . .

The company I work for is looking to achieve a UK CyberEssentials rating and to do that they are using MDM on all work laptops and phones. My work MacBook is enrolled and is fine for when I'm on the road. When I work from home I would like to use my MacBook Pro (16" 2019) for all the obvious reasons. To do this, as a BYOD machine, I would have to enrol it to MDM and also company managed Sophos. I would kind of like to avoid this on my own machine hence looking for ways to isolate home stuff from work stuff.

Hope that helps explain why the odd question.

Reply

Answer 6

Phil.W Author

Level 1

16 points

Mar 14, 2020 8:37 AM in response to xnav

Yes, but it would be nice to not have it prompt every time I, or my wife, or my kids log in to the home accounts.

Just thought someone might now a simple fix that I had missed.

would it make any difference putting the work OS on a separate partition?

Many thanks once again.

Reply

Answer 7

Phil.W Author

Level 1

16 points

Mar 14, 2020 10:20 AM in response to BobTheFisherman

Yes, we are actually trying to find a solution that we would both be happy with. I'm not keen with MDM on the whole system and they are wanting to make sure they can meet certain security requirements. Isolating one OS installation from the other would help.

Thanks

Reply

Answer 8

Phil.W Author

Level 1

16 points

Mar 14, 2020 8:47 AM in response to Phil.W

So would it therefore be possible to change the way the system tries to mount volumes at login?

Reply

Answer 9

xnav

Level 5

7,113 points

Mar 14, 2020 8:49 AM in response to Phil.W

would it make any difference putting the work OS on a separate partition?

I think you'll still be prompted.

Reply

Answer 10

xnav

Level 5

7,113 points

Mar 14, 2020 9:04 AM in response to Phil.W

This may help.

Reply

Answer 11

Mar 14, 2020 9:09 AM in response to Phil.W

Is your employer ok with your planned dual boot system? If I was your employer I would tell you to use your work computer for work and to get a home computer for home and family accounts.

Reply

Answer 12

Phil.W Author

Level 1

16 points

Mar 14, 2020 10:15 AM in response to xnav

I'll take a look at that later, thanks.

Reply

Answer 13

Old Toad

Level 10

215,544 points

Mar 14, 2020 2:36 PM in response to Ronasara

Yes, Ronasarea makes an excellent point. I missed that it was your company's laptop so putting your personal system and data files on the external would be the way to go.

Reply