1. Technical Field
The present invention relates to computer security in general, and, in particular, to a method for providing security management in computer systems. Still more particularly, the present invention relates to a method for protecting Security Accounts Manager (SAM) files within Windows® operating systems.
2. Description of Related Art
Within the family of Windows® operating systems manufactured by the Microsoft® Corporation, such as Windows® NT/2000/XP, a Security Accounts Manager (SAM) file is utilized to store various passwords to be applied to different user accounts within a local computer system and/or other computer systems on a computer network. If an unauthorized user can retrieve password information from a SAM file by hacking the SAM file within a computer system, the unauthorized user can access sensitive data on the computer system.
The Windows® operating system does provide a syskey utility for the encryption of SAM files, which somewhat strengthens the protection of SAM files by making them more difficult for a hacker to break. The syskey utility generates an encryption key by encrypting sensitive areas of a SAM file. The encryption key generated by the syskey utility can be either stored on a floppy disk (which is required when the Windows® operating system is being loaded during system startup) or stored in a hard drive using a “complex obfuscation algorithm” (as described by Microsoft®).
While the storage of an encryption key in a floppy disk provides additional security over the storage of the encryption key in a hard drive of a computer system, it is also less convenient because all users that share the computer system are required to have a floppy disk that contains the encryption key in order to access the computer system. In addition, multiple copies of floppy disks can increase the likelihood of the floppy disk being lost, and without the floppy disk, the owner of the floppy disk cannot access the computer system.
Consequently, it would be desirable to provide an improved method for protecting SAM files within Windows® operating systems.