Hi Sexy System

Can You Know Your System keys

Using the System Key

You can provide another level of protection for master keys and various other secrets through use of the system key. The system key protects the following sensitive information:

• Master keys that are used to protect private keys
• Protection keys for user account passwords stored in Active Directory
• Protection keys for passwords stored in the registry in the local Security Accounts Manager (SAM) registry key
• Protection keys for LSA secrets
• The protection key for the administrator account password that is used for system recovery startup in safe mode

For all computers in a domain, the secret key is enabled by default and all master keys and protection keys stored on a computer are encrypted with the unique 128-bit symmetric random system key. The system key must be in volatile memory on the operating system during system startup to unlock the password protection key. There are three ways to configure the system key for computers:

• Use a computer-generated random key as the system key and store it on the local system by using a complex obfuscation algorithm that scatters the system key throughout the registry. This option allows you to restart the computer without having to enter the system key. This is the default configuration for the system key.
• Use a computer-generated random key, but store it on a floppy disk. The system key is not stored anywhere on the local computer, and the floppy disk must be inserted for the system to start. It is inserted when prompted after Windows 2000 begins the startup sequence, but before it is available for users to log on to the system.
• Use a password chosen by the administrator to derive the system key. The password is not stored anywhere on the computer. Windows 2000 prompts the administrator for the password when the system is in the initial startup sequence, but before the system is available for users to log on.

The system key configuration options are available from the system key dialog boxes that appear when you run syskey . For computers in a domain, you must be a member of the Domain Admin group to run syskey . For stand-alone computers, you must be logged on as the local Administrator to run syskey . You can configure the system key differently for each computer in the domain.

System key protection is enabled by default in each domain, but you might want to change the default system key option for various computers in a domain. You also might need to enable system key protection for stand-alone computers.