It is possible to lock down Microsoft Windows 7 with a USB key, so that no one can start Windows 7 without having this USB pen drive or thumb drive. The principle of this tutorial stands on the database security accounts manager (SAM Security Accounts Manager). This database Data is encrypted with a key system and stored locally.
You can use the utility SysKey to further secure the SAM database by storing the encryption key for this database outside of the computer.
If you store this database on a USB key at every system startup, Windows will ask you to insert the USB key, and without this key can not boot into Windows 7.
Warning: Without the USB key, you can not run Windows 7 . It is applicable for all users of that PC
The utility can save the syskey low data account manager on a floppy disk, therefore the USB drive is seen as a floppy disk; you will have to change the letter of the USB drive A: to your desired label.
Insert the USB pen drive or thumb drive.
On the Start menu, right click on Computer then click Manage:
In Computer Management, click Disk Management:
The letter of the USB pen drive is H in our example. Right click on the USB key in the right sided pane, then select Change Drive Letter and paths… :
Click it and assign A as drive letter:
It will give certain security prompts, accept them. It will take a few seconds to minutes, depending on the size, data present on the pen drive to get the drive letter changed.
You will see the pendrive now has changed its letter to A, both in Computer Management Console and My Computer.
Close the Computer Management Console window.
Add Run on the Start menu:
Right-click Start, click Properties; under the Start Menu tab, click Customize, check the Run command box . Click the OK button:
The Run command will be added to start menu.
Working on computer’s database security accounts manager (SAM) on the USB
On the Start menu, click Run; type “Syskey” (without quotation marks) and click OK; Windows account database manager will appear, click the Update button:
The following windows will appear, change the radio button under “System generated password” field from default “Store startup key locally” to “Store startup key on floppy disk” :
Several prompts will appear. Just click OK to them.
Note: If you open your pen drive in Windows explorer, you will see a syskey.key file. Never delete it. Deleting it will leave no other way than to format and use the computer.
When you start the computer, you will see this message:
This computer is configured to use a floppy disk during startup. Please insert the disk and click OK
Insert your USB drive and click ok . Without the USB it is impossible to start Windows 7. If you insert the USB drive you will see the logon screen to enter your normal user password.
If you want to cancel your USB key protection:
Do the same as Step 3, just change the password saving option to “Save the startup key locally” and click OK :Tagged With lock and unlock windows with a usb , usb lock pc windows 7 , unlock user windows 7 , unlock user in windows 7 , use a key pen to start windows , usb key , make your USB stick an security key , lock windows with usb key , create usb security key windows 7 , windows usb key unlock
Nicky Hendriks says
Is it possible to put this file on a floppy, and for back-up on my regular USB flash drive?
Possible. Follow age old method (i.e. Skip the renaming the USB flash drive as A drive in our tutorial).
Keep in mind, Floppy can get easily corrupted than USB drive.
carl desko says
can I copy this to a second usb drive so that I have a spare copy?
can this be use to protect a computer when traveling? I want to
close all programs, exit (shut down) the computer) and then remove the
usb key. At a later date, I want to restart the computer but not have
it usable until I reinsert the usb key.? ( Or posibly I may need to
insert the usb key before powering up the computer.
1. Yes, you can. Make to show all the hidden files and system files before copying or you can use SAM to save the key again.
2. For traveling, if you have very important and sensitive data, use hardware level protection (Similar looking usb key, but works differently at the hardware level).
This method of protection can be broken by high level hackers, this is not fool proof.
3. It will ask you for the usb key to insert (will ask for floppy actually) if you power on without the USB key at the login screen. You can remove after the login and startup. But once you close the session (hibernate, shut down etc) it will ask for the usb key again.
If you have dual boot (two operating systems) then your hard disk can be accessed from other operating system : keep it in mind!
Thank you so much for this fantastic tutorial i have wanted to be able to do this again for so long.
Just a quick question, just want to make sure before I do that with my 32GB key… The key will still be able to contain other files right and used as a regular key right ?
Yes, definitely. Only remember not to delete (or format it) the important file needed for the operation to execute USB key to lock and unlock Windows.
AMIT PAREEK says
Thank you. U are too good.
Jay Patel says
Hello…!!! i had the file on my pendrive and due to virus on it i had to format it plugging it to the other machine…!!! now i cant start my computer…!!! help…!!! Urgent Help needed…!!
What is the type of Operating System ? (i.e. Windows Retail / Windows OEM).
Jay Patel says
Its windows OEM…!! I havent formatted my vaio yet so its the original win 7 home premium 64x…!!
There are two ways to get back your files on that Windows PC (I am taking you have no backup of the Key, if you have the backup of the key, copy on USB and boot, it will work). First way is to use a retail Windows 7 DVD and install Windows without formating it. You will get all the files in a folder named Windows.old ; where windows folder will be (usually at C drive lettered partition).
Second way is to hack it. It is quite easy as Windows has no practical security. The retail DVD will be required. Please search YouTube for it. We can not publish the method as it actually can be applied on any Windows PC.
In future, try to use Ubuntu 12.04 (it is free) alone or in dual boot if you can not afford a Mac. None of them usually get virus. The first one is fully free.
By the way, you can boot from Ubuntu’s Live version or Windows PE USB live OS to move the files. With Ubuntu pen drive version, you can actually burn DVDs.
Jay Patel says
Great…!!! Did the 1st one…!! Installed windows without formatting it…!!!
I will search for hacking thing as i m interested…!! I knew all these ideas as i’m a student of M.Sc IT only…!!! :) then too thanks a lot…!! If can get your E-Mail it wld b great…!!
Nice to know you finally managed the situation somehow. Thank you very much for the feedback.
You will get my email on Google+ : https://plus.google.com/103599283279782477391/about