SQL Server : Transparent Data Encryption (TDE) and physical access to the PC

Question

Just a model case. Provided the SQL Server 2008 R2 Enterprise database is encrypted with the TDE. Someone starts the machine from Linux live CD, resets the local user/admin password and boot into Windows 8.1. Will this allow them to access the database data, to encrypt them?

If it is possible to get the access like that for a local account could it somehow help to start using Microsoft Account? Or the local administrator account will be still the risk for Linux access, even if disabled? And the only option how to protect the database data on "workstation/laptop" is to encrypt the whole drive?

Answer 1

TDE only protects the databases from being attached to another server (i.e., the hard drive gets stolen, the files get detached and mounted on another server). In the scenario you describe, TDE will NOT prevent access to the data.