Re: Passfilt.dll and Syskey

From: Peter Yang [MSFT] (petery@online.microsoft.com)
Date: 03/12/03


From: petery@online.microsoft.com (Peter Yang [MSFT])
Date: Tue, 11 Mar 2003 23:51:32 GMT


Hello Scott,

You can use the SysKey utility to further secure the SAM database by moving
the SAM database encryption key off the Windows 2000 computer. The SysKey
utility can also be used to configure a start-up password that must be
entered to decrypt the system key so that Windows 2000 can access the SAM
database.

1. Open a command prompt and type in Syskey.

2. In the Securing the Windows NT Account Database dialog box you will see
that the Encryption Enabled option is automatically selected and is the
only one available. The reason for this is that Windows 2000 always
encrypts the SAM database.

If you have further concerns, please feel free to post back.

Thanks & Regards,

Peter Yang
Microsoft Online Support Engineer

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Content-Class: urn:content-classes:message
| From: "Scott" <sgirard@harman.com>
| Sender: "Scott" <sgirard@harman.com>
| References: <04b901c2e731$2c326870$3301280a@phx.gbl>
<OTfGMG35CHA.1604@TK2MSFTNGP10.phx.gbl>
| Subject: Re: Passfilt.dll and Syskey
| Date: Tue, 11 Mar 2003 07:46:35 -0800
| Lines: 31
| Message-ID: <062601c2e7e5$652a1920$a601280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcLn5WUqPVc6nEA9Qq2YttO2fne2mg==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.win2000.security
| NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
| Path: cpmsftngxa06!cpmsftngxa08.phx.gbl
| Xref: cpmsftngxa06 microsoft.public.win2000.security:7096
| X-Tomcat-NG: microsoft.public.win2000.security
|
| More . Detail. I have registered the passfilt.dll and
| executed the syskey.exe in my WIndows NT 4.0 Domain and it
| is running with no issues. I am about to upgrade to
| WIndows 2000 Active Directory and I know that passfilt.dll
| is no longer equired in Windows 2000 but syskey can still
| be running.
| My main concern is what are the best steps for prepairing
| for the upgrade. And what should I do during and after the
| upgrade. Are there any repecussions to this?
| Thanks
| Scott
| >-----Original Message-----
| >More detail... have you done this yet, and if so, are you
| having any
| >symptoms and/or error messages? I assume you checked
| www.google.com and
| >www.google.com/advanced_group_search and
| www.microsoft.com/support ?
| >
| >
| >"Scott" <sgirard@harman.com> wrote in message
| >news:04b901c2e731$2c326870$3301280a@phx.gbl...
| >> Has anyone ran into an issue upgrading a Windows NT 4
| >> environment with passfilt.dll and syskey activated and
| >> running to WIndows 2000 Active DIrectory.
| >> Thanks
| >> SCott
| >
| >
| >.
| >
|