Protect the Account Database with Syskey

Passwords in the password database are encrypted. Syskey is a utility that is used by default to provide additional protection. The Syskey utility does the following:

  • Encrypts the password database with a 128-bit cryptographically random encryption key.

  • Encrypts the password encryption key with a system key.

  • Allows storage of the system key in three different ways.

  • If configured in “not stored” or “stored on floppy disk” mode, Syskey can protect the system from unauthorized reboot.

There are three options for the storage of the system key:

  • Locally— A system key is generated by the system and stored on the hard drive using a complex obfuscation algorithm. No intervention is needed at startup. This is the ...

Get Windows Server 2003 Security: A Technical Reference now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.