Quote:
In Windows NT and Windows 2000, passwords are stored in the Security Account Manager (SAM) database. The password values themselves aren't stored in the SAM - instead, the hashed values of the passwords are stored there. If an attacker could obtain a copy of the SAM through some means, he could conduct a brute-force attack, in which he would generate the hash of every possible password and compare each to the hashes in the SAM database. When he found a match, he would know the password for the account.
Syskey thwarts this attack by encrypting the SAM database using strong encryption. Even if an attacker did manage to obtain a copy of the Syskey-protected SAM, he would first need to conduct a brute-force attack to determine the Syskey, then conduct a brute-force attack against the hashes themselves. This dramatically increases the work factor associated with the attack, to the point where it's considered to be computationally infeasible.
which can be found