syskey removal - when set to prompt for password

Archived from groups: microsoft.public.win2000.security (More info?)

I have never heard of a virus doing such. It could be the work of a
malicious user who has or obtained admin credentials and wanted to lock out
legitimate administrators. The popular free tool to reset admin passwords
can also defeat syskey though once you do that it can never be enabled again
according to the documentation. The link below explains more. --- Steve

http://www.petri.co.il/forgot_admi [...] ssword.htm

"Tran Van Phat" <pvtran@net2consulting.com> wrote in message
news:unoZlfvJFHA.3788@tk2msftngp13.phx.gbl...
> Syskey enabled with "Password Startup" - how to disable syskey when don't
> have password.
>
> Syskey is enabled by default in Windows 2000 with "System Generated
> Password" with "Store Startup Key Locally". Just found a few servers that
> had the syskey option changed to "password startup" which prompts for a
> password which we don't have at startup. There's already one server that
> we had to repair the O/S inorder to remove the feature. Is there a new
> virus that does this?
>
> Question: how can we disable this syskey prompt?
>
> I have found a few tools to decrypt syskey files store on the system, but
> have not found a way to disable this syskey feature.
>
> Help!!
>

Archived from groups: microsoft.public.win2000.security (More info?)

Reinstalling would probably be your best option because if it was a
malicious user you don't know what else that user might have done to the
installation. Hopefully you can take steps to prevent such from happening
again. Preventing physical access to the computer would be a great start or
at the very least have locked cases for the computers, configure them to not
boot from anything from the system drive, and password protect cmos
settings. --- Steve


"Tran Van Phat" <pvtran@net2consulting.com> wrote in message
news:urwWMXIKFHA.2212@TK2MSFTNGP12.phx.gbl...
> Yes, we believe it's a malicious act by an individual as well. We were
> hoping it wasn't. Anyway, we checked with MS who said that there's no
> safe way to remove the already installed key. We are planning our
> reinstalling. If anyone has any success with hacking SAM, please assist.
> Thx Steven!!
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:udLWYr$JFHA.1308@TK2MSFTNGP15.phx.gbl...
>>I have never heard of a virus doing such. It could be the work of a
>>malicious user who has or obtained admin credentials and wanted to lock
>>out legitimate administrators. The popular free tool to reset admin
>>passwords can also defeat syskey though once you do that it can never be
>>enabled again according to the documentation. The link below explains
>>more. --- Steve
>>
>> http://www.petri.co.il/forgot_admi [...] ssword.htm
>>
>> "Tran Van Phat" <pvtran@net2consulting.com> wrote in message
>> news:unoZlfvJFHA.3788@tk2msftngp13.phx.gbl...
>>> Syskey enabled with "Password Startup" - how to disable syskey when
>>> don't have password.
>>>
>>> Syskey is enabled by default in Windows 2000 with "System Generated
>>> Password" with "Store Startup Key Locally". Just found a few servers
>>> that had the syskey option changed to "password startup" which prompts
>>> for a password which we don't have at startup. There's already one
>>> server that we had to repair the O/S inorder to remove the feature. Is
>>> there a new virus that does this?
>>>
>>> Question: how can we disable this syskey prompt?
>>>
>>> I have found a few tools to decrypt syskey files store on the system,
>>> but have not found a way to disable this syskey feature.
>>>
>>> Help!!
>>>
>>
>>
>
>