RE: issues with syskey in NT 4.0

From: jason d. montgomery (jason@atgi.com)
Date: 12/02/02

  • Next message: The Blueberry: "RE: issues with syskey in NT 4.0" 
    From: "jason d. montgomery" <jason@atgi.com>
To: <focus-ms@securityfocus.com>
Date: Mon, 2 Dec 2002 16:12:14 -0500

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    You may have done this already, but if not run a search on the MS TechNet site for 'Syskey' - you'll pull back a bunch of known issues - from first glance, it looks like all issues are resolved by Service Packs, Patches, or proper configuration):

    http://www.microsoft.com/technet/

    Article(s) I found of particular interest:

    Analysis of Alleged Vulnerability in Windows 2000 Syskey and the Encrypting File System
    http://www.microsoft.com/technet/security/news/efs.asp

    and

    Analysis of Reported Vulnerability in the Windows 2000 Encrypting File System (EFS)
    http://www.microsoft.com/technet/security/analefs.asp

    later,
    jdm

    > Is there any known issues with enabling syskey under NT 4.0? In other
    > words, does enabling syskey break any functionality, or cause any other
    > problems for either the operating system itself or for any application?
    >
    > (I'm having a bit of an argument with a client over enabling syskey; I'm
    > strongly recommending they use it, but they don't want to for various
    > reasons i.e. they're afraid it'll break something or cause other kinds
    > of problems; I'm not aware of any issues that could justify their fears).
    >
    > Paul Greene
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (MingW32)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAj3rzK4ACgkQ/o/QohhvQMuGrACgs+B8GaWtjFrceYVav4kXRTsP
    7z8An2GvmAsoc3pp2Wch8iz3fktGwlY8
    =HALg
    -----END PGP SIGNATURE-----

    Relevant Pages

    • Re: Passfilt.dll and Syskey
      ... I searched on our database and did not find ... any issues about syskey after upgrading DC to 2000 AD. ... | What are the procedures for upgrading to Windows 2000 from ... I am about to upgrade to ...
      (microsoft.public.win2000.security)
    • Re: Passfilt.dll and Syskey
      ... You can use the SysKey utility to further secure the SAM database by moving ... the SAM database encryption key off the Windows 2000 computer. ... entered to decrypt the system key so that Windows 2000 can access the SAM ...
      (microsoft.public.win2000.security)
    • Re: System startup password
      ... He indicated that he configured syskey to require a manually entered ... password before access to the operating system was enabled. ... the password reset disk can also defeat syskey passwords though you will not ... Steve - NTpasswd just lets you change the password to Windows. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Passfilt.dll and Syskey
      ... What are the procedures for upgrading to Windows 2000 from ... >You can use the SysKey utility to further secure the SAM ... >the SAM database encryption key off the Windows 2000 ... I am about to upgrade to ...
      (microsoft.public.win2000.security)
    • Re: FAQ - READ BEFORE POSTING
      ... > On Windows 2000, this is only true if SYSKEY is not used in offline mode. ... > another password or carry around a floppy just to log on? ...
      (microsoft.public.security)