Re: Passfilt.dll and Syskey

From: Peter Yang [MSFT] (petery@online.microsoft.com)
Date: 03/12/03


From: petery@online.microsoft.com (Peter Yang [MSFT])
Date: Tue, 11 Mar 2003 23:51:32 GMT


Hello Scott,

You can use the SysKey utility to further secure the SAM database by moving
the SAM database encryption key off the Windows 2000 computer. The SysKey
utility can also be used to configure a start-up password that must be
entered to decrypt the system key so that Windows 2000 can access the SAM
database.

1. Open a command prompt and type in Syskey.

2. In the Securing the Windows NT Account Database dialog box you will see
that the Encryption Enabled option is automatically selected and is the
only one available. The reason for this is that Windows 2000 always
encrypts the SAM database.

If you have further concerns, please feel free to post back.

Thanks & Regards,

Peter Yang
Microsoft Online Support Engineer

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Content-Class: urn:content-classes:message
| From: "Scott" <sgirard@harman.com>
| Sender: "Scott" <sgirard@harman.com>
| References: <04b901c2e731$2c326870$3301280a@phx.gbl>
<OTfGMG35CHA.1604@TK2MSFTNGP10.phx.gbl>
| Subject: Re: Passfilt.dll and Syskey
| Date: Tue, 11 Mar 2003 07:46:35 -0800
| Lines: 31
| Message-ID: <062601c2e7e5$652a1920$a601280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcLn5WUqPVc6nEA9Qq2YttO2fne2mg==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.win2000.security
| NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
| Path: cpmsftngxa06!cpmsftngxa08.phx.gbl
| Xref: cpmsftngxa06 microsoft.public.win2000.security:7096
| X-Tomcat-NG: microsoft.public.win2000.security
|
| More . Detail. I have registered the passfilt.dll and
| executed the syskey.exe in my WIndows NT 4.0 Domain and it
| is running with no issues. I am about to upgrade to
| WIndows 2000 Active Directory and I know that passfilt.dll
| is no longer equired in Windows 2000 but syskey can still
| be running.
| My main concern is what are the best steps for prepairing
| for the upgrade. And what should I do during and after the
| upgrade. Are there any repecussions to this?
| Thanks
| Scott
| >-----Original Message-----
| >More detail... have you done this yet, and if so, are you
| having any
| >symptoms and/or error messages? I assume you checked
| www.google.com and
| >www.google.com/advanced_group_search and
| www.microsoft.com/support ?
| >
| >
| >"Scott" <sgirard@harman.com> wrote in message
| >news:04b901c2e731$2c326870$3301280a@phx.gbl...
| >> Has anyone ran into an issue upgrading a Windows NT 4
| >> environment with passfilt.dll and syskey activated and
| >> running to WIndows 2000 Active DIrectory.
| >> Thanks
| >> SCott
| >
| >
| >.
| >
|



Relevant Pages

  • Re: Passfilt.dll and Syskey
    ... I searched on our database and did not find ... any issues about syskey after upgrading DC to 2000 AD. ... | What are the procedures for upgrading to Windows 2000 from ... I am about to upgrade to ...
    (microsoft.public.win2000.security)
  • Re: Passfilt.dll and Syskey
    ... What are the procedures for upgrading to Windows 2000 from ... >You can use the SysKey utility to further secure the SAM ... >the SAM database encryption key off the Windows 2000 ... I am about to upgrade to ...
    (microsoft.public.win2000.security)
  • Re: System startup password
    ... He indicated that he configured syskey to require a manually entered ... password before access to the operating system was enabled. ... the password reset disk can also defeat syskey passwords though you will not ... Steve - NTpasswd just lets you change the password to Windows. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Advice on removing a start-up password
    ... Syskey was introduced in Windows NT 4.0 to protect the SAM database (the ... When a syskey password is set, the password database ...
    (Ubuntu)
  • Re: Advice on removing a start-up password
    ... Syskey was introduced in Windows NT 4.0 to protect the SAM database from being accessed offline and cracked. ... Windows will prompt you for this password so that it can read the password database and the system can be used normally. ...
    (Ubuntu)