To totally unlock this section you need to Log-in
Login
Very few netbook computers support BitLocker, which means that they are vulnerable to utilities that allow you to boot from a USB device and reset the local administrator password. The way to ensure that this type of attack doesn’t work is to use SYSKEY to encrypt the SAM database.
Obviously this solution can be used even on laptops and desktop computers.
SYSKEY is a tool that has been around for some time on Windows client operating systems, but most administrators don’t bother using it because it makes recovering a computer difficult in the event that a user forgets their password. In some cases you want to do all that you can do to protect the data on a netbook computer. To do this, you should use SYSKEY to encrypt the SAM database and use EFS to encrypt any locally stored files and folders. To accomplish this, perform the following steps:
From now on the Startup Password must be entered to unlock the SAM database before local logon will be allowed.
You can see these steps in the following video:
Check if SysKey is enabled
The easiest way to find out whether an NT machine has Syskey enabled is to type...
syskey
...at the command prompt (cmd.exe). This command brings up the Securing the Windows NT Account Database dialog box that Figure 1 shows, which indicates whether Syskey encryption is enabled.
Alternatively, you can check for the registry value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl-Set\Control\Lsa\Secureboot
If the Secureboot value (of type REG_DWORD) exists and is set to a value of 0x1, 0x2, or 0x3, Syskey is enabled on the system.