SYSKEY is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit encryption key.
Microsoft Windows Security Accounts Management Database (SAM) stores hashed copies of user passwords. This database is encrypted with a locally stored system key. To keep the SAM database secure, Windows requires that the password hashes are encrypted. Windows prevents the use of stored, unencrypted password hashes.
Configure Windows System Key Protection Utility
- At a RUN window, type syskey, and then press ENTER.
- In the Securing the Windows Account Database dialog box, note that the Encryption Enabled option is selected and is the only option available. When this option is selected, Windows will always encrypt the SAM database.
- Click Password Startup if you want to require a password to start Windows.
- Click System Generated Password if you do not want to require a startup password.
Select either of the following options:
Click Store Startup Key on Floppy Disk to store the system startup password on a floppy disk. This requires that someone insert the floppy disk to start the operating system.
Click Store Startup Key Locally to store the encryption key on the hard disk of the local computer. This is the default option.
- Click OK to complete the procedure.
Note The Microsoft Windows NT 4.0 SAM database was not encrypted by default. You can encrypt the Windows NT 4.0 SAM database by using the SysKey utility.
Note If you must remotely restart a computer that requires a password (if you use the Password Startup option),