Windows NT system key encryption not enabled

Risk Level: Low risk vulnerability  Low

Check or Attack Name: SysKey
Platforms: Windows NT
Description:

System key encryption is not enabled. Encrypting the system key with strong encryption protects private account information by encrypting the password data using a 128-bit cryptographically random key, known as a password encryption key.

Strong password encryption may be used on both Windows NT Server and Workstation where account information is stored. Using strong encryption of account passwords adds additional protection for the contents of the Security Accounts Manager (SAM) portion of the registry and subsequent backup copies of the registry information in the %systemroot%\repair directory created using the RDISK command and on system backup tapes.
Remedy:

Apply the latest Windows NT 4.0 Service Pack, or apply the Windows NT 4.0 post-SP3 land-fix and the Winsock 2 update.

To apply the latest Windows NT Service Pack, follow these steps:

  1. Open a web browser.
  2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/Where.asp and follow the directions to download the appropriate service pack for your computer.
  3. Find the installation program you downloaded to your computer.
  4. Double-click the program icon to start the installation.
  5. Follow the installation directions.

—OR—

Windows NT 4.0 SP2 users must apply the post-SP2 sec-fix patch available from ftp://ftp.microsoft.com/bussys/winnt-public/fixes/usa/nt4/hotfixes-postSP2/sec-fix.

—AND—

The System Key is defined using the Syskey.exe command. Only members of the Administrators group can run Syskey.exe. The System Key is the master key used to protect the password encryption key.

To use syskey, log on as an administrator and from a command line, type syskey. Encryption on the system key cannot be reversed once encryption is enabled.
References:

Microsoft Knowledge Base Article Q143475, Windows NT System Key Permits Strong Encryption of the SAM, http://support.microsoft.com/support/kb/articles/q143/4/75.asp

Microsoft Knowledge Base Article Q143475, Windows NT System Key Permits Strong Encryption of the SAM, ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP2/sec-fix/Q143475.txt
X-Force Logo
Know Your Risks