{
	"id": "2f4ce44c-3628-4112-acd1-ff6f338fca8b",
	"created_at": "2026-04-06T00:06:33.622786Z",
	"updated_at": "2026-04-10T03:20:59.781385Z",
	"deleted_at": null,
	"sha1_hash": "c79b6b13ef483711373a4b282d951dd4fe7e20d5",
	"title": "How to use the SysKey utility to secure the Windows Security Accounts Manager database",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35895,
	"plain_text": "How to use the SysKey utility to secure the Windows Security\r\nAccounts Manager database\r\nArchived: 2026-04-05 21:10:45 UTC\r\nFor a Microsoft Windows NT version of this article, see 143475.\r\nSummary\r\nThe Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows 2003 Security Accounts\r\nManagement Database (SAM) stores hashed copies of user passwords. This database is encrypted with a locally\r\nstored system key. To keep the SAM database secure, Windows requires that the password hashes are encrypted.\r\nWindows prevents the use of stored, unencrypted password hashes.\r\nYou can use the SysKey utility to additionally secure the SAM database by moving the SAM database encryption\r\nkey off the Windows-based computer. The SysKey utility can also be used to configure a start-up password that\r\nmust be entered to decrypt the system key so that Windows can access the SAM database. This article describes\r\nhow to use the SysKey utility to secure the Windows SAM database.\r\nMore Information\r\nConfigure Windows System Key Protection\r\nTo Configure Windows System Key Protection, follow these steps:\r\n1. At a command prompt, type syskey, and then press ENTER.\r\n2. In the Securing the Windows Account Database dialog box, note that the Encryption Enabled option is\r\nselected and is the only option available. When this option is selected, Windows will always encrypt the\r\nSAM database.\r\n3. Click Update.\r\n4. Click Password Startup if you want to require a password to start Windows. Use a complex password that\r\ncontains a combination of upper case and lower case letters, numbers, and symbols. The startup password\r\nmust be at least 12 characters long and can be up to 128 characters long.\r\nNote If you must remotely restart a computer that requires a password (if you use the Password Startup\r\noption), a person must be at the local console during the restart. Use this option only if a trusted security\r\nadministrator will be available to type the Startup password.\r\n5. Click System Generated Password if you do not want to require a startup password.\r\nSelect either of the following options:\r\nhttps://support.microsoft.com/en-us/kb/310105\r\nPage 1 of 2\n\nClick Store Startup Key on Floppy Disk to store the system startup password on a floppy disk.\r\nThis requires that someone insert the floppy disk to start the operating system.\r\nClick Store Startup Key Locally to store the encryption key on the hard disk of the local computer.\r\nThis is the default option.\r\nClick OK two times to complete the procedure.\r\nRemove the SAM encryption key from the local hard disk by using the Store Startup Key on Floppy\r\nDisk option for optimum security. This provides the highest level of protection for the SAM database.\r\nAlways create a back-up floppy disk if you use the Store Startup Key on Floppy Disk option. You can\r\nrestart the system remotely if someone is available to insert the floppy disk into the computer when it\r\nrestarts.\r\nNote The Microsoft Windows NT 4.0 SAM database was not encrypted by default. You can encrypt the Windows\r\nNT 4.0 SAM database by using the SysKey utility.\r\nNeed more help?\r\nWant more options?\r\nExplore subscription benefits, browse training courses, learn how to secure your device, and more.\r\nSource: https://support.microsoft.com/en-us/kb/310105\r\nhttps://support.microsoft.com/en-us/kb/310105\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://support.microsoft.com/en-us/kb/310105"
	],
	"report_names": [
		"310105"
	],
	"threat_actors": [],
	"ts_created_at": 1775433993,
	"ts_updated_at": 1775791259,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c79b6b13ef483711373a4b282d951dd4fe7e20d5.pdf",
		"text": "https://archive.orkl.eu/c79b6b13ef483711373a4b282d951dd4fe7e20d5.txt",
		"img": "https://archive.orkl.eu/c79b6b13ef483711373a4b282d951dd4fe7e20d5.jpg"
	}
}