Syskey? Really enabled without shutting down? -1- After activating the syskey, the new key value / 'secureboot /' is saved in the registry hklm // system // // lsa. Setting: 1 - Key Save in the Registry 2 - Key This password entered by the user is logged in to generate 3 - Key Save in the floppy disk but deletes the primary key or set the value to 0 and does not turn syskey. There are other places ...
-2- hklm // sam // Domains // Account // F is a binary structure, typically saved SID and other description information of the computer. When Syskey is activated, the content is larger (size is about twice the original two times) increased partial estimates are encrypted key some tags and other values, and some of these tags and values have some part of the same content. . So, in NT4 (installed SP6 patch package), you can turn off SysKey. When changing these settings, the system gives an error prompt that SAM and system settings conflict, but after restarting the computer, the system has no longer uses Syskey.
-3- Then Win2000 also has another place to store information about syskey hklm // security // policy // polsecretencryptionKey // This is also a binary structure, which is also used in the same storage mode, which will be the same 0, syskey has been removed from Win2000. (If the three parts modify the error (inconsistent), the system will automatically restore the default value in the next time.
-4- Then the password information section. The old password information is a length of 16 bytes, but the length after using Syskey is increased to 20 bytes. Among them, four bytes seem to be a counter, which may be a history using a record counter. Surprisingly, when Syskey is activated, he does not record immediately, but is recorded when the system is started next time. Moreover, when the key is changed, the password information does not do not update.
