It is possible to lock down Microsoft Windows 7 with a USB key, so that no one can start Windows 7 without having this USB pen drive or thumb drive. The principle of this tutorial stands on the database security accounts manager (SAM Security Accounts Manager). This database Data is encrypted with a key system and stored locally.
You can use the utility SysKey to further secure the SAM database by storing the encryption key for this database outside of the computer.
If you store this database on a USB key at every system startup, Windows will ask you to insert the USB key, and without this key can not boot into Windows 7.
Warning: Without the USB key, you can not run Windows 7 . It is applicable for all users of that PC
The utility can save the syskey low data account manager on a floppy disk, therefore the USB drive is seen as a floppy disk; you will have to change the letter of the USB drive A: to your desired label.
Insert the USB pen drive or thumb drive.
On the Start menu, right click on Computer then click Manage:
In Computer Management, click Disk Management:
The letter of the USB pen drive is H in our example. Right click on the USB key in the right sided pane, then select Change Drive Letter and paths… :
Click it and assign A as drive letter:
It will give certain security prompts, accept them. It will take a few seconds to minutes, depending on the size, data present on the pen drive to get the drive letter changed.
You will see the pendrive now has changed its letter to A, both in Computer Management Console and My Computer.
Close the Computer Management Console window.
Add Run on the Start menu:
Right-click Start, click Properties; under the Start Menu tab, click Customize, check the Run command box . Click the OK button:
The Run command will be added to start menu.
Working on computer’s database security accounts manager (SAM) on the USB
On the Start menu, click Run; type “Syskey” (without quotation marks) and click OK; Windows account database manager will appear, click the Update button:
The following windows will appear, change the radio button under “System generated password” field from default “Store startup key locally” to “Store startup key on floppy disk” :
Several prompts will appear. Just click OK to them.
Note: If you open your pen drive in Windows explorer, you will see a syskey.key file. Never delete it. Deleting it will leave no other way than to format and use the computer.
When you start the computer, you will see this message:
This computer is configured to use a floppy disk during startup. Please insert the disk and click OK
Insert your USB drive and click ok . Without the USB it is impossible to start Windows 7. If you insert the USB drive you will see the logon screen to enter your normal user password.
If you want to cancel your USB key protection:
Do the same as Step 3, just change the password saving option to “Save the startup key locally” and click OK :