Physical access to a system is the trump card of security.
Passwords can be bypassed, locks broken, data copied, software installed...the list of threats is impressively long. But you may have no choice but to find a way to minimize your risk if you need your system serviced. Here are some options:
1. Request a remote troubleshooting session.
While this won't allow the repair shop to troubleshoot all possible computer problems, an experienced technician can discover a lot about a system's health without physical access to the PC. In a remote session it's normal that the customer participate and watch the tech's every move. Most remote access programs are explicit about files being transferred to/from the system, granting you further oversight. If at any point you don't feel comfortable with what you see you can kill the network connection, ending the session.
2. Remove the hard disk.
Since the problem you're experiencing may be strictly hardware related, you could take the machine in without its hard disk. (If you're not comfortable doing this yourself, have the technician do it while you watch when you drop the PC off.) Explain to the tech that you have confidential data and that if he needs a running OS you'll gladly pay for the extra time it will take to install a temporary drive and an OS on it. A good repair shop will have access to a spare hard disk and installation media for all major operating systems, making this a reasonable request.
Be prepared for the possibility your problem is caused by something unique to your installation of Windows. In this case, proper diagnosis will require your instance of Windows to be present for troubleshooting, reducing the suitability of this strategy.
3. Encrypt the sensitive data on the machine.
There are a number of good tools available for encrypting files, folders, or entire volumes. If you know specifically what data needs protection, this is a good option.
If you go the route of encrypting select files or folders, it's critical that you scrub the free space on your disk after encrypting the data. In most cases when a file is encrypted, a new, encrypted file is written to disk, then the unencrypted file is deleted. This leaves the original file vulnerable to data undelete utilities. A tool like Sysinternals' SDelete can be used to prevent such recovery programs from finding any unencrypted data.
This option is best if you know the location of all data that needs protection. As stated in the OP, and as is generally true for many systems, it can be hard to secure everything. Full volume encryption is perfect for in this case, but if the repair shop needs access to your specific instance of Windows to properly troubleshoot the problem, you'll end up needing to grant the technician access to the unlocked disk volume, defeating the encryption altogether.
4. Take the machine to someone you trust.
Given the drawbacks to some of the above options, this may be a necessary strategy. The very fact you need outside help to maintain your system suggests you will eventually end up with a problem that requires your service technician to come in contact with your sensitive information. Should that day come, it would be handy to have someone you know that has a professional work ethic and can be trusted with other people's personal details--trusted to access the least data required to perform the repair, glance past personal information, forget quickly, and get the job done. It can be done. I do it every day.
Ask around. Technicians with a reputation of trust receive personal recommendations from people with their own secrets that must be kept. Many people in positions with access to sensitive information have to rely on someone else to service their computers, especially at home. You may know such people.
34The only sure way is to remove the hard drive. For the symptoms you describe, it is probably not necessary to provide the hard drive along with the repair. But, being I used to own and operate a repair shop, it would be frustrating for me. I understand some people may not be trustworthy, but I always treated my customer’s data with respect and made sure my employees did too. Without the hard drive you are limiting a technician’s ability to fully diagnose your computer for troubles you may not even know about - which is what my shop always did. If you don’t trust them, go elsewhere. – Appleoddity – 2017-11-19T23:53:35.600
4An alternative would be to take your computer somewhere where you can wait and watch the repair. Some big box stores will do that. But, that is only because those places charge you 3x the cost, have little to no experience technicians working for them, and will do only a fraction of the work the real computer shop will do. Any good diagnosis and repair takes time. – Appleoddity – 2017-11-19T23:56:40.430
1@phyrfox This applies to the USA, I assume. – Angew is no longer proud of SO – 2017-11-20T08:51:56.130
1
See also https://superuser.com/questions/308500/taking-out-hard-drive-from-laptop-before-giving-it-for-upgrade-repair
– Mawg says reinstate Monica – 2017-11-20T13:01:29.5971Also, FWIW, I'd back up important data if you haven't already. – Wayne Werner – 2017-11-20T17:34:20.557
Take out the hard drive its usually user accessible unless you have a thin laptop.Then you should be safe from spying and they can use a Linux USB to test it. – Suici Doga – 2017-11-22T10:13:56.767
@Appleoddity Any decent technician should have some spare drives of any type they can use to boot the system if they need to. Not 100%, but it lets you test the hardware as OP describes, also with less variables to control like however the user's OS is configured. – Pysis – 2017-11-22T19:42:19.287
You could create a temporary admin level account and get tech to use that – user619818 – 2017-11-23T10:06:29.367
What if the sensitive data is the cause of the problem? :) – Solomon Ucko – 2018-12-23T04:49:08.810