Closed

syskey removal - when set to prompt for password

Archived from groups: microsoft.public.win2000.security (More info?)

Syskey enabled with "Password Startup" - how to disable syskey when don't
have password.

Syskey is enabled by default in Windows 2000 with "System Generated
Password" with "Store Startup Key Locally". Just found a few servers that
had the syskey option changed to "password startup" which prompts for a
password which we don't have at startup. There's already one server that we
had to repair the O/S inorder to remove the feature. Is there a new virus
that does this?

Question: how can we disable this syskey prompt?

I have found a few tools to decrypt syskey files store on the system, but
have not found a way to disable this syskey feature.

Help!!
3 answers Last reply
More about syskey removal prompt password
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    I have never heard of a virus doing such. It could be the work of a
    malicious user who has or obtained admin credentials and wanted to lock out
    legitimate administrators. The popular free tool to reset admin passwords
    can also defeat syskey though once you do that it can never be enabled again
    according to the documentation. The link below explains more. --- Steve

    http://www.petri.co.il/forgot_administrator_password.htm

    "Tran Van Phat" <pvtran@net2consulting.com> wrote in message
    news:unoZlfvJFHA.3788@tk2msftngp13.phx.gbl...
    > Syskey enabled with "Password Startup" - how to disable syskey when don't
    > have password.
    >
    > Syskey is enabled by default in Windows 2000 with "System Generated
    > Password" with "Store Startup Key Locally". Just found a few servers that
    > had the syskey option changed to "password startup" which prompts for a
    > password which we don't have at startup. There's already one server that
    > we had to repair the O/S inorder to remove the feature. Is there a new
    > virus that does this?
    >
    > Question: how can we disable this syskey prompt?
    >
    > I have found a few tools to decrypt syskey files store on the system, but
    > have not found a way to disable this syskey feature.
    >
    > Help!!
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Yes, we believe it's a malicious act by an individual as well. We were
    hoping it wasn't. Anyway, we checked with MS who said that there's no safe
    way to remove the already installed key. We are planning our reinstalling.
    If anyone has any success with hacking SAM, please assist. Thx Steven!!

    "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    news:udLWYr$JFHA.1308@TK2MSFTNGP15.phx.gbl...
    >I have never heard of a virus doing such. It could be the work of a
    >malicious user who has or obtained admin credentials and wanted to lock out
    >legitimate administrators. The popular free tool to reset admin passwords
    >can also defeat syskey though once you do that it can never be enabled
    >again according to the documentation. The link below explains more. ---
    >Steve
    >
    > http://www.petri.co.il/forgot_administrator_password.htm
    >
    > "Tran Van Phat" <pvtran@net2consulting.com> wrote in message
    > news:unoZlfvJFHA.3788@tk2msftngp13.phx.gbl...
    >> Syskey enabled with "Password Startup" - how to disable syskey when don't
    >> have password.
    >>
    >> Syskey is enabled by default in Windows 2000 with "System Generated
    >> Password" with "Store Startup Key Locally". Just found a few servers
    >> that had the syskey option changed to "password startup" which prompts
    >> for a password which we don't have at startup. There's already one
    >> server that we had to repair the O/S inorder to remove the feature. Is
    >> there a new virus that does this?
    >>
    >> Question: how can we disable this syskey prompt?
    >>
    >> I have found a few tools to decrypt syskey files store on the system, but
    >> have not found a way to disable this syskey feature.
    >>
    >> Help!!
    >>
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Reinstalling would probably be your best option because if it was a
    malicious user you don't know what else that user might have done to the
    installation. Hopefully you can take steps to prevent such from happening
    again. Preventing physical access to the computer would be a great start or
    at the very least have locked cases for the computers, configure them to not
    boot from anything from the system drive, and password protect cmos
    settings. --- Steve


    "Tran Van Phat" <pvtran@net2consulting.com> wrote in message
    news:urwWMXIKFHA.2212@TK2MSFTNGP12.phx.gbl...
    > Yes, we believe it's a malicious act by an individual as well. We were
    > hoping it wasn't. Anyway, we checked with MS who said that there's no
    > safe way to remove the already installed key. We are planning our
    > reinstalling. If anyone has any success with hacking SAM, please assist.
    > Thx Steven!!
    >
    > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    > news:udLWYr$JFHA.1308@TK2MSFTNGP15.phx.gbl...
    >>I have never heard of a virus doing such. It could be the work of a
    >>malicious user who has or obtained admin credentials and wanted to lock
    >>out legitimate administrators. The popular free tool to reset admin
    >>passwords can also defeat syskey though once you do that it can never be
    >>enabled again according to the documentation. The link below explains
    >>more. --- Steve
    >>
    >> http://www.petri.co.il/forgot_administrator_password.htm
    >>
    >> "Tran Van Phat" <pvtran@net2consulting.com> wrote in message
    >> news:unoZlfvJFHA.3788@tk2msftngp13.phx.gbl...
    >>> Syskey enabled with "Password Startup" - how to disable syskey when
    >>> don't have password.
    >>>
    >>> Syskey is enabled by default in Windows 2000 with "System Generated
    >>> Password" with "Store Startup Key Locally". Just found a few servers
    >>> that had the syskey option changed to "password startup" which prompts
    >>> for a password which we don't have at startup. There's already one
    >>> server that we had to repair the O/S inorder to remove the feature. Is
    >>> there a new virus that does this?
    >>>
    >>> Question: how can we disable this syskey prompt?
    >>>
    >>> I have found a few tools to decrypt syskey files store on the system,
    >>> but have not found a way to disable this syskey feature.
    >>>
    >>> Help!!
    >>>
    >>
    >>
    >
    >
Ask a new question

Read More

Windows