Not if the PC runs Windows with Secure Boot and Bitlocker with Microsoft recommended settings for a domain member, and is powered down when not in use. No known way round that so far.
Hmm.. Secure boot.. You mean that thing that Lenovo has recently shown is broken beyond belief, because windows will bend over and take any code loaded in the right place in the BIOS without so much as a cursory AV check before execution?
Haven't tried Bitlocker yet (and never will), but given MS's past approaches to security I am quite certain that someone soon will find that a) there is a hard-coded backdoor and b) the key to that backdoor is "passw0rd". Probably a secondary backdoor in case the first one fails - "12345".
As to the "domain" bullshit.. How many home users are set for that?
Want security? Don't run Windows.
I know I know.. Don't feed the trolls.. That reminds me, I'm fresh out of rat poison..