How to use the SysKey utility to secure the Windows Security Accounts Manager database (310105)
The information in this article applies to:
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, 64-Bit Enterprise Edition
- Microsoft Windows Server 2003, 64-Bit Datacenter Edition
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Tablet PC Edition
- Microsoft Windows XP 64-Bit Edition Version 2002
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Advanced Server
This article was previously published under Q310105 For a Microsoft Windows NT version of this article, see 143475. SUMMARY The Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows 2003 Security Accounts Management Database (SAM) stores hashed copies of user passwords. This database is encrypted with a locally stored system key. To keep the SAM database secure, Windows requires that the password hashes are encrypted. Windows prevents the use of stored, unencrypted password hashes.
You can use the SysKey utility to additionally secure the SAM database by moving the SAM database encryption key off the Windows-based computer. The SysKey utility can also be used to configure a start-up password that must be entered to decrypt the system key so that Windows can access the SAM database. This article describes how to use the SysKey utility to secure the Windows SAM database.
Modification Type: | Major | Last Reviewed: | 7/12/2004 |
---|
Keywords: | kbhowto KB310105 kbAudITPRO |
---|
|