When you set the Remember Password toggle:
the password is saved in this file (default install, Administrator account):
C:\Documents and Settings\Administrator\Application Data\Microsoft\Microsoft SQL Server\90\Tools\Shell\mru.dat
Convert it to hex:
(all the protected DPAPI data blobs I’ve seen start with byte sequence 01 00 00 00 D0 8C 9D…)
Let’s decode this with CryptUnprotectData (all optional parameters set to NULL):
We get no error, proving that it’s indeed data protected by DPAPI on this machine for this user. The content is just the password in UNICODE.
The nice thing for a software developer, is that DPAPI allows him to encrypt/decrypt data without having to worry about encryption keys. For details on all the keys used by DPAPI, read this MSDN article.