SysKey - Create USB Key to Lock or Unlock Windows

Page 4 of 4 FirstFirst ... 234

  1. Posts : 1
    windows 8.1
       #30

    Startup key.key lost


    Hi Sir,
    I have created the "USB KEY" to lock my computer by using my pendrive. But now i have lost my Startup key.key file and now i am unable to open my laptop. Please help me " How to open my Laptop ? " or "how to recover my Startup key.key file ?". That pendrive was formated my friend unknowingly.
      My Computer


  2. Posts : 71,978
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #31

    Hello,

    I'm afraid that if you don't have a backup of this StartKey.Key file to restore on a USB to unlock your PC, then you'll need to reinstall Windows.

    If you have another computer, then you could connect the hard drive to it to backup any files that you may want first.
      My Computer


  3. Posts : 17,545
    Windows 10 Pro x64 EN-GB
       #32

    Brink said:
    If you have another computer, then you could connect the hard drive to it to backup any files that you may want first.
    Noob question: I have always assumed that the process encrypts the disk, too, making it unusable if the key is lost even when the HDD is removed from the computer in question. So this process only protects your data as long as the HDD is not removed and connected to another computer? Protecting the computer instead of protecting the HDD?
      My Computer


  4. Posts : 71,978
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #33

    Hey Kari,

    No problem. SysKey was meant to encrypt SAM to protect against offline password cracking attacks by preventing the possessor of an unauthorised copy of the SAM from extracting information from it.

    https://en.wikipedia.org/wiki/Syskey

    Today, it would be better to use BitLocker to encrypt the Windows disk to prevent any unauthorized access at all.
      My Computer


  5. Posts : 17,545
    Windows 10 Pro x64 EN-GB
       #34

    Thanks for clearing this for an encryption noob :)
      My Computer


  6. Posts : 71,978
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #35

    De nada mate. :)
      My Computer


  7. Posts : 1
    Multi
       #36

    A Couple of Questions


    G'day!!

    Thank you very much for the easy to read and follow tutorials!!

    I just have a couple of questions:

    Is there any advantage using a USB with the SYSKEY key on it to boot along with BitLocker or Truecrypt FDE? Just to store SAM access remotely; especially is the computer is left on and unattended in Windows 'Locked' mode for long periods (it runs services for the network).

    How to you reissue the SYSKEY key on a regular basis; in order to maintain security in case of compromised USB key? I'm assuming anyone who has access to that USB for more than a few seconds will be able to copy it and decrypt the SAM db at leisure?

    Also is there a windows (and/or Linux) USB solution where on removal of a USB with an encryption key on it the entire system is paralysed? So no CD, USB, BIOS, internal or external ports/slots/sockets (including RAM) can be modified? Some systems and services can be selected to continue while most can not and Firewall rules are modified to a Key In or Key Out rule sets? This would allow a computer to run however if physical control wasn't maintained there would still be a level of security from Evil Maid type attacks.

    Once again, love your work and simple step by step instructions!

    Cheers

    Rustee
      My Computer


  8. Posts : 71,978
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #37

    Hello Rustee, and welcome to Ten Forums. :)

    For what you're wanting, using BitLocker on all drives should work well. SysKey could be used for additional security, and used on the same USB for BitLocker. Yeah, you don't want anyone to have access to the USB except yourself since it'll whomever has it access.

    You might also setup a BIOS/UEFI password. This way the PC will not boot until you enter the BIOS/UEFI password first.

    You could also keep the computer in a locked secure room if you're concerned about a maid or someone in the house having physical access to it.
      My Computer


  9. Posts : 1
    Win7x64 plus many more
       #38

    I know this is a SUPER old post, but it's the closest to what I'm looking for that I've found so far. We distribute PC's with games on them. I have seen that some gaming PC's will have USB keys in them that can't seem to be read on any computer except the one they were created on. Does the approach described here work like that? If I would turn on BitLocker and use a USB key with the Syskey info on it, can the person purchasing the game duplicate the drive and duplicate the USB key and use them in another PC with the same hardware?

    We are trying to prevent them from just building extra PC's and dropping cloned hard drives in them with cloned usb keys. And don't want to force them to have the games online.

    Thanks!
      My Computer


  10. Posts : 71,978
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #39

    Hello Mike, and welcome to Seven Forums. :)

    That's correct. The SysKey USB can only be used on the computer it was created on.

    While the StartKey.Key file on the USB can be copied to any USB to be able to use that USB to unlock the computer with.

    I'm not sure if the USB will still work on a cloned PC though.
      My Computer


 
Page 4 of 4 FirstFirst ... 234

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:49.
Find Us