Walker News

Can SysKey Prevents TRK Resets Windows 7 Administrator Password To Blank?

While I appreciate a rescue tool to reset Windows 7 administrator password in case I forgot the passkey after coming back from a long holiday, I hate to know someone using it to break into my Windows 7 machine and put my valuable data at risk. So, I rather hope there is no way to reset the forgotten password and let the data remain unrecoverable.

You probably know that how easy it is to use such tool, like Trinity Rescue Kit (TRK), to reset Windows account password of a vanilla installation. So, I am eagerly looking for best Windows security practice to prevent TRK or similar tool from breaking into Windows 7.

The BitLocker Drive Encryption could be one of the most promising Windows security features to prevent TRK crack the Windows 7 Administrator account. No one can sure it is bulletproof at now and forever. Besides, enabling BitLocker Drive Encryption might introduce significant performance issue on certain system or certain application.

For my aging Dell Latitude D410, it is going slower than expected after turning on the BitLocker. However, I cannot afford to leave data exposed when the mobile computer goes to the wrong hand. So, I turn to try Windows System Key Protection (Syskey) introduced since Windows NT (and should have been enhanced over the time).

Secure Windows 7 account password by turning on the Windows System Key Protection or Syskey feature.

1) At an elevated privilege Windows Command Prompt, type syskey and press ENTER. Warning: Once the Syskey is enabled, this encryption cannot be disabled.

2) Click Update button to bring up Startup Key dialog box, select “Password Startup”, give it a “complicated” password, and click OK.

3) Click OK button again to enable the good old Syskey in the hope it could really secure the SAM file (Windows Account Database).

Next, I tried to boot up TRK from USB flash drive. Surprisingly, the winpass shell scripts that execute the chntpw program stills capable to reset the Windows administrator account password to blank in no time! I guess that chntpw simply remove the encrypted password of the specified Windows account.

After rebooting from Trinity Rescue Kit, Windows 7 boots up and then Syskey prompts for the passkey as I expected, before the system proceeds to the GINA (Graphical Interface for Network Authentication).

Windows 7 prompt for Syskey password before presenting the normal GINA or Graphical Interface for Network Authentication screen.

After entering the “complicated” password I set for the Syskey, Windows 7 continues loading and then present the Desktop without asking me for the Windows account password.


Enabling Syskey could NOT prevent TRK from resetting Windows account password to blank / empty.

However, you still have to provide a correct Syskey password in order to gain access to Windows 7 Desktop. Unless the bad guy can also crack the Syskey protection, Windows 7 reboots after a number of wrong passkey entered for the Syskey prompt. Again, no one sure the Syskey cannot be crack at now and forever.

To make it harder for bad guy, use Encrypting File System (EFS) to encrypt sensitive data files!

Optionally, turn on BIOS password so that your semi-hacker colleague couldn’t break into your Windows 7 as easy as he wish :-)

Custom Search

2017  •  Privacy Policy