Determine whether Syskey has been applied to a system

Syskey strongly encrypts the password hashes in the Windows NT
SAM. Syskey will help to protect the passwords stored in ERDs and backup tapes.
The system will not boot without the encryption key. For background: Encrypt
hashes in SAM with 128-bit encryption using SYSKEY

How can you determine whether Syskey has or has not been applied to enhance
NT’s security? You can set down at the console of each NT and issue the Syskey
command. The Syskey command will tell you whether it is in place, and if it is,
whether the startup key is stored locally on the hard drive; startup key must be
entered at the console at boot; or the startup key is stored on a floppy disk
which must be inserted in the floppy drive when the system prompts for the
diskette. Not a realistic solution if you have hundreds of
systems spread around the country.

How does NT know that Syskey has been applied to a system? The presence of
the SecureBoot value means Syskey has been applied. Its
value reveals the method Startup Key must be accessed:

Key: SYSTEM\CurrentControlSet\Control\Lsa
Value: 0x1 Startup Key stored on local hard
Value: 0x2 password Startup
Value: 0x3 Startup Key stored on
floppy disk

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top