cc
Mon May 02 04:21:29 CDT 2005
But there are tools readily downloadable from the Internet that can that
allow a theft to access a disk protected
by syskey.So EFS is a better method of preventing information being stolen?
"cc" <anonymous@disscussion.microsoft.com> дÈëÏûÏ¢ÐÂÎÅ:uD1coUvTFHA.3952@TK2MSFTNGP15.phx.gbl...
Thank you, Byron. I still have more questions about the syskey.
1. "The startup key also protects the local SAM database on each computer
and the administrator account password used for system recovery in safe
mode."
(Qouted from Steve's article.)
>>You don't use the utility for your desktop. Why isn't it necessary for
>>the security of standalone *destop*? Is it really just a bothersome thing
>>for non-laptop?
2. "Changing SysKey to password mode can help protect stolen laptops from
information theft." (Also qouted from Steve's article)
>>Do you mean having syskey active on laptops can prevent the theft
>>accessing to the original system/ accounts/ hard drive *by running
>>specific software*, such as ERD Commander/ O&O BlueCon, or by *reinstall
>>the OS*?
Thank you again.
"Byron Hynes [MVP]" <nospam@byronetta.com>
??????:130447632505923968765000@msnews.microsoft.com...
See below.
> For the Syskey, please refer to
>
http://support.microsoft.com/kb/310105/
> Do I need to use the utility?
Well, "need" is always a relative term. Simply put, security is always a
balance -- between usability (convenience), security (protection), and cost
(sometimes including effort, not just money). This balance is different for
different people and different applications. To find your balance, you need
to do some risk analysis and risk management: what threats are you
protecting
against, what is the consequence if you fail, how much effort will it take
to eliminate or reduce the threat.
To give you a more useful answer: *I* have syskey active on my laptop,
because
it is mobile and not a member of a domain. I don't bother with syskey on
the machine in my home office.
> What is the difference between Startup Password & Account Password &
> the password of BIOS?
Short answer:
The BIOS password prevents people from starting your computer without the
password, this would include booting from a cd or floppy. On the other hand,
it is usually fairly easy to bypass the BIOS password (by removing the hard
drive, or clearing the cmos).
By startup password, you mean the "System Startup Key", sometimes just
called
the "syskey" or system key (syskey is also the name of the executable
utility
that controls how the system startup key is generated and stored and if it
has to be entered manually). The syskey protects all of the system secrets.
Think of it as a "grand master password". The sytem uses it to encrypt all
sorts of things, but probably the most important is the representations of
user's passwords that are stored on the system (note: I said
"representation",
not "password", and I know this is a bit simplistic as there are more
details
and various configurations). If the syskey is compromised, very bad things
could happen. The good news is that it is fairly hard to compromise.
The account password allows individual users to authenticate to the system,
so that each user can be authorized for specific access to specific
resources.
Longer answer:
Read Steve's article at
http://www.microsoft.com/technet/community/columns/secmgmt/sm0205.mspx
Hope that helps.
- Byron Hynes