GWeck
commented
2 years ago This severely restricts Windows usage if personal data are processed (see Windows 10 and 11 Usage According to GDPR). The GDPR requires that any telemetry is suppressed in this case, but, on the other hand, connection to Windows servers may be required from time to time for license and activation control. This can only be achieved if any personal data are kept in an AppVM with no Internet access, while the connections to the Microsoft servers are made from the corresponding template.
Using a StandaloneVM would expose the personal data to telemetry transmissions, which is, in the EU, forbidden according to the GDPR. The only logical consequence in this dilemma is, in my opinion, never to join a Windows system processing personal data to an Active Directory domain.
But, on the other hand, this situation in Qubes is not worse than using Windows outside of Qubes, because a native Windows system processing personal data cannot be legally used without killing its telemetry - which is not fully possible. At least, Qubes provides a solution for systems without Active Directory.
marmarek
DemiMarie
How to file a helpful issue
The problem you're addressing (if any)
Joining a Windows TemplateVM or TemplateBasedVM to an Active Directory domain, or to Azure Active Directory, will never work. The reason is that both of these rely on configuration, including secrets, that must be unique to a given machine. Having two Windows VMs with the same Active Directory machine account is a bad idea; I suspect it has undefined results.
The solution you'd like
Trying to join a non-standalone Windows VM to a domain, or making a domain-joined Windows VM a TemplateVM, should fail.
The value to a user, and who that user might be
Windows users will avoid a not-very-obvious footgun.