Very few netbook computers support BitLocker, which means that they are vulnerable to utilities that allow you to boot from a USB device and reset the local administrator password. The way to ensure that this type of attack doesn’t work is to use SYSKEY to encrypt the SAM database.

SYSKEY is a tool that has been around for some time on Windows client operating systems, but most administrators don’t bother using it because it makes recovering a computer difficult in the event that a user forgets their password. In some cases you want to do all that you can do to protect the data on a netbook computer. To do this, you should use SYSKEY to encrypt the SAM database and use EFS to encrypt any locally stored files and folders. To accomplish this, perform the following steps:

  1. Log on to Windows 7 with an account that has local administrator access
  2. Type SYSKEY into the textbox on the start menu. Click OK at the UAC prompt.
  3. Select the Encryption Enabled Option.
  4. Select the Password Startup Option. Enter the Startup Password that must be entered each time.
  5. Reboot the computer.

From now on the Startup Password must be entered to unlock the SAM database before local logon will be allowed.

You can see these steps in the following video: