omid

persianforum

http://news.persianforum.net/default.asp?view=plink&t=article&id=1303

Syskey.exe is a tool available in Windows Server 2003 ,Windows 2000 and XP to encrypt the contents of the SAM Accounts Database.

Windows 2000,2003,XP requires the encryption of password hashes when those are stored on the machine. the encryption key is stored locally on the machine and it randomly generated by the system.

Syskey.exe enables you to move the key out of the machine by storing it on a floppy disk or by asking a startup password.

In this article I want describe how to use the syskey.exe to secure the Windows SAM database.

At command prompt type syskey and press Enter,

Securing the Windows XP Account Database dialog box will appear

By default the "Encryption Enabled" option is selected

You can't Disable it because Windows always encrypt the SAM database

Now, click Update button

The Startup Key dialog box appear

You have two choices : Password Startup and System Generated Password

Use Password Startup if you want system ask for a password to start windows

The Password must be at least 12 characters long, enter password and then click OK.

Now after restarting the system, Windows prompt for a Startup Password right before starting services.

You can enter the password or click Restart

Your second choice is System Generated Password

in this option you have two choices

Store Startup Key on Floppy Disk and Store Startup Key Locally

By default System Generated Password and Store Startup Key Locally are selected

This means system will store encryption key on the hard disk of this computer.

With this option selected the encryption key randomly generate by system and its no need

to enter password or inserting floppy disk during system startup.

If you want Store encryption key on a Floppy Disk, select Store Startup Key on Floppy Disk

and then click OK the system aks you to enter a Floppy Disk, after inserting a blank floppy disk

system will copy encryption key to the floppy disk.

After restarting system, Windows ask you for a floppy disk which contain encryption key.

To start windows insert the Floppy Disk then click OK.

I recommend alway create a backup floppy disk, without this floppy disk you can't start system.

If you added a Startup Password or created a floppy and now want to remove it

and use default option, Just run syskey utility and select System Generated Password and then Store Startup Key Locally

then click OK the system ask you for your current password or floppy disk enter password or insert floppy and click OK.

; )

Its very simple but Useful and important

Hope this article help you,