I would like to encrypt a single user profile but have been told EFS isn't the solution.
I have a laptop that I leave in my bag and use for work and private purposes. I want to secure data in case my laptop is stolen or lost, and also I would like a way to trace my laptop in such case in order to get it back. I have installed Prey (device tracking) for that.
Below are ideas I have so far with Pro's and Cons
use Bitlocker/ full disk encryption
Pro: all data is secure in case laptop is stolen
Con: computer can't boot without password therefore unable to track laptop
create encrypted container and move all documents, google drive, desktop shortcuts. have container mount on logon
Pro: data is secure, computer can boot/ be tracked, guest account can be made
Con: google drive will complain as it may startup before container is mounted, Risk of data leakage (such as web browsing data)
create hidden OS using Veracrypt and create a decoy OS (with prey) with the decoy os decryption key stuck under the screen
Pro: data is secure, laptop can be tracked, no one would suspect there's a hidden OS as I'm obviously not very bright leaving the os decrypt key on a sticker
Con: quite a bit of administrative overhead
buy a flush USB drive and install windows 10 (decoy) with Prey set as 1st boot device. Bitlocker main OS drive
Pro: data secure, device can be tracked, no google drive hackyness
Con: have to select correct boot device every time computer boots
What is the best way to go?