SysKey is an inbuilt Windows utility that can help you secure the Security Accounts Management or SAM database. It can optionally be configured to require the user to enter the key at boot time as a startup password or load it on removable storage media. but most administrators don’t bother using it because it makes recovering a computer difficult in the event that a user forgets their password. The utility can also be used to configure a startup password that must be entered to decrypt the system key so that Windows can access the SAM database. the Windows operating system prevents the use of stored, unencrypted password hashes and requires that the password hashes and user information be encrypted. These encrypted versions of the passwords are usually stored in a file called sam, found in the system32\config folder.To open the SAM Lock Tool, perform the below steps.
- Log on to Windows with an account that has local administrator access
- Type SYSKEY into the run on the start menu.
- Select the Encryption Enabled Option.
- Select the Password Startup Option. Enter the Startup Password that must be entered each time.
- Reboot the computer.
From now on the Startup Password must
be entered to unlock the SAM database before local login will be allowed.