Each time you boot your computer, Windows uses the Startup Key to decrypt the private keys. The Startup Key is a unique key generated for each Windows installation that encrypts and decrypts local password hashes, private keys (e.g. EFS), information stored in active directory on domain controllers and the administrator password.
Windows lets you configure a system Startup password using the Syskey utility. This password must be entered during the boot time to decrypt the system key so that Windows can access the SAM database and other private keys. A Startup password can range from 1 to 128 characters.
To configure a Startup Password, open the command prompt, type syskey, and then press enter. In the dialog box, click the Update button. Click Password Startup to require a password to start Windows. Enter the desired password and press OK. Microsoft recommends the password length to be at least 12 characters long.
Now, the next time you boot your computer, you will see the following screen:
A Startup Password definitely adds an extra layer of security to your confidential information. Yet, it is possible to crack the Startup Password with physical access to your computer.