Re: SAM encripted with syskey

From: Miroslaw Slawek Chorazy (mchorazy_at_depaul.edu)
Date: 02/09/05

  • Next message: Thor (Hammer of God): "Re: Password Protected Screen Saver and Administrative Password"
    Date: Wed, 09 Feb 2005 14:33:29 -0600
    To: <focus-ms@securityfocus.com>, <Oscar.Anzaldo@xerox.com>
    
    

    From the Microsoft provided documents, "Hardening Windows 2003 Server
    Domain Controllers" part of the "Windows Server 2003 Security Guide"
    one reads...

    "Finally, the loss of the Syskey password or floppy disk leaves your
    domain controller in a state where it cannot be restarted. There is no
    method for you to recover a domain controller if the Syskey password or
    floppy disk is lost. If this happens, the domain controller must be
    rebuilt."

    slawek

    >>> "Anzaldo, Oscar" <Oscar.Anzaldo@xerox.com> 2/8/2005 17:11 >>>
    Hi list,

    Does anyone knows a way to disable syskey encryption or a way to
    retrieve the password for a SAM encripted with syskey?

    Regards

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Thor (Hammer of God): "Re: Password Protected Screen Saver and Administrative Password"

    Relevant Pages

    • Re: SysKey
      ... Not to mention that if I get physical access to a domain controller that is not ... protected with syskey other than default level, I can be domain administrator within ... SysKey would have no impact on accounts stored ... Hashed representations of passwords stored in either the ...
      (microsoft.public.win2000.security)
    • SysKey
      ... We want to use SysKey on our AD domain controller. ... systems accaessing this information? ... SysKey protected environment maintain? ...
      (microsoft.public.win2000.security)
    • Re: SysKey
      ... If you run Syskey on your computer you should already see ... > We want to use SysKey on our AD domain controller. ... > Has anyone experienced problems after using the utility in a Windows ... > SysKey protected environment maintain? ...
      (microsoft.public.win2000.security)
    • Re: Blank Forest Functional Level - Unable to fix
      ... to a domain controller. ... promote the new server with Windows Server 2003x64 R2 to a domain controller ... The domain functional level was Windows Server 2003. ... Server 2003 however the forest functional level is blank. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Blank Forest Functional Level - Unable to fix
      ... to a domain controller. ... promote the new server with Windows Server 2003x64 R2 to a domain controller ... The domain functional level was Windows Server 2003. ... Server 2003 however the forest functional level is blank. ...
      (microsoft.public.windows.server.active_directory)