How to Remove Syskey in Windows Explained with Examples

This tutorial explains how to reset or remove the Syskey startup password from the Windows 10, 8.1 and 7 without using any third party CD, software or tools.

Advertisements

Before we learn how to remove or reset the Syskey startup password, let’s quickly understand what the Syskey is and how it works.

Basic concepts of Syskey

In Windows system, user passwords are stored in SAM (Security Accounts Management) database. This database is encrypted with a key known as System Key. To add an additional layer of security, this key is further encrypted with a key known as Syskey.

what is syskey

In easy language, think there are two lockers. In second locker user database is kept while in first locker the key which opens second locker is kept. In order to open the second locker, we have to open the first locker. Syskey is the key of first locker.

syskey example

Syskey is a double edge sword. In positive side, it provides an additional layer of security. In negative side, the same security can be used to lock down the system completely. Sadly, it is mostly used in negative side. For example, scammers use this utility to cheat the Windows user.

Syskey scam

Usually a scammer calls victim pretending himself as a Microsoft support person and makes victim to believe that his computer need to be repaired immediately. Once victim is convinced, scammer offers online support to fix the problem. Believing that help is offered from the Microsoft, victim allows scammer to access his computer remotely.

In remote access session, scammer sets a Syskey startup password which only he knows. Once this password is set, Windows will not boot until the correct startup password is supplied.

Now scammer asks victim to pay the ransom money. Since Syskey startup password cannot be changed, updated or removed unless the original password is obtained from the scammer, victim usually pays ransom money to unlock the Windows.

Syskey is the history now

To protect Windows users from scammers, starting from the Windows 10 and Windows Server 2016 Fall Creators Update, Microsoft removed the Syskey feature from the Windows. So if you are using these or higher versions, just update the Windows and forget about the Syskey.

But if you are using any lower version of Windows or cannot update Windows right now or already stuck in Syskey startup password lockdown situation, use the methods explained below to deal with Syskey scam in the best possible way.

Removing or Resetting Syskey password

Advertisements

There are two ways to remove or reset the Syskey startup password: -

  1. Using Windows default backup to restore the original Syskey configuration
  2. Using registry key to disable the Syskey startup password

Let’s understand both methods in detail.

Using Windows default backup to remove the Syskey password

Windows automatically takes the backup of critical system files including registry hives. During the backup, configuration files and registry hives which control the boot process and authenticate the login process are copied in Windows\System32\config\RegBack folder from the Windows\System32\config folder.

Following image shows the RegBack folder without backup.

regbackup folder without files

Following image shows the same folder with backup.

regbackup folder with files

Have you noticed any difference between both images?

In first image, which shows the RegBack folder without backup, files are empty. In second image, which shows the same folder with backup, files are not empty.

By looking at file size, we can easily figure out whether the backup is taken or not. If files are empty (0 kb in size) or no files are available in this folder then backup has not been taken. But if the files are present in this folder and they are not empty then the backup has been taken.

If backup has been taken, Syskey can be removed easily without using any third party tool or harming any Windows files. To remove Syskey, we have to restore the original files back from the RegBack folder.

We can restore original files back in two ways.

  • Through Windows installation disk
  • Through Ubuntu installation disk

Let’s understand both methods.

Through Windows installation disk

Advertisements

Boot the system from the Windows installation disk and click the Next button on the Language and preferences screen.

boot system from windows folder

On the next screen, click the Repair your computer option.

repair your computer

On the next screen, choose the Troubleshoot option and on the Troubleshoot option screen the click the Advanced Options to launch the command prompt.

recovery options

Now, figure out the partition in which Windows is installed. If you know the partition in which Windows is installed, switch to that partition otherwise check all available partitions.

To list all partitions of the hard disk, you can use the logicaldisk get caption command. This command prints drive letters of all partitions from the partition table.

Once you know the drive letters of partitions, use the dir command to list the contents of each partition.

remove syskey from windows command prompt

After locating Windows partition, change current directory to it and copy all files from the RegBack folder to the config folder.

remove syskey from windows

Now remove the installation disk and restart the system. If the Windows boots normally and presents the login screen, Syskey startup password has removed.

Removing Sykey startup password from Ubuntu

Boot the system from the Ubuntu installation disk and select the Try Ubuntu option. This option runs Ubuntu from the installation disk without installing anything in hard disk.

boot from ubuntu disk

Once Ubuntu is loaded, click the Files icon

file explorer

Select the Windows partition from left pane. In right pane, navigate to the config folder. In config folder, select the RegBack folder and do right click. From the opened right click context menu, click the Open in New Tab option.

open files new tab

Depending on settings, failed boot process may trigger Windows default backup. If you have made several failed attempts to boot the Windows, you may see additional log files here. Remove all additional log files from this folder.

remove additional files

Once additional files are removed, copy the original backup files.

copy backup file

Paste the copied files in the config folder

paste copied files

Confirm the replacement.

confirm replacement

Once all files are replaced, remove the installation disk and restart the system.

After restart if Windows boots normally and presents login screen, then the Syskey startup password has removed.

login screen

If default backup is not available or this method does not work, you can try the following method to remove the Syskey.

Changing registry key to remove the Syskey

In boot process, Windows reads the following registry keys to determine the Syskey state.

Key Configuration Default Value
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa SecureBoot 0
HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account F 0000

When Syskey is implemented, default values of above keys change. If we reset the default values of these keys again, this will remove the Syskey. Let’s understand it practically.

Boot the system from the Windows installation disk and click the Next option on the language preference screen. On the next screen, click the Repair your computer option.

boot system from windows disk

This will scan all attached hard disks for Windows partition. If any partition with Windows installation is found, it will be listed in the System Recovery options wizard option at next screen.

Select the Restore your computer using a system image that you created earlier option and click the Next button.

restore option

Since we did not provide any system image, wizard will fail to locate to it. Click the Cancel button two times to close the wizard.

cancel option

This brings the System Recovery Options wizard again. But this time, it presents more options to recover the Windows. Click the Command Prompt option.

open command prompt

Now locate the Windows partition and set it as the current partition. In Windows partition, switch to the Windows directory and run the regedit.exe command to open the registry editor.

The regedit.exe command works only if it is executed from the Windows folder of the Windows partition. Windows partition is the partition of hard disk in which Windows is installed. To know the Windows partition, you can use the logicaldisk get caption command as explained in above section.

regedit command

The regedit.exe command opens the Registry Editor in new window. This window has two panes; left pane and right pane. Left pane displays registry keys and the right pane displays the values of selected key from the left pane.

Navigate to the following key in left pane.

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

In right pane, select the SecureBoot option and double click to open it.

lsa key

Change value data to 0 and click the OK button.

lsa update

Now navigate to the following key in left pane.

Computer\HKEY_LOCAL_MACHINE\SAM\SAM\Account

In right pane, select the F key and double click to open it.

domain key

Change value data to 0000 and click the OK button.

regkey update

Now remove the installation disk and close the Registry editor and click the Restart button.

restart window

Since Syskey has been removed, Windows will boot normally and will present the login screen.

windows login screen

That’s all for this tutorial. If you like this tutorial, please don’t forget to share it with friends through your favorite social network.

ComputerNetworkingNotes Windows Tutorials How to Remove Syskey in Windows Explained with Examples