diff --git a/base/system/services/config.c b/base/system/services/config.c
index 4d1f2471c66..a4b809b76f7 100644
--- a/base/system/services/config.c
+++ b/base/system/services/config.c
@@ -29,6 +29,11 @@ SystemFunction005(
     const struct ustring *key,
     struct ustring *out);
 
+NTSTATUS
+WINAPI
+SystemFunction028(
+    IN PVOID ContextHandle,
+    OUT LPBYTE SessionKey);
 
 /* FUNCTIONS *****************************************************************/
 
@@ -699,17 +704,26 @@ ScmDecryptPassword(
     _Out_ PWSTR *pClearTextPassword)
 {
     struct ustring inData, keyData, outData;
-    PCHAR pszKey = "TestEncryptionKey";
+    BYTE SessionKey[16];
     PWSTR pBuffer;
     NTSTATUS Status;
 
+    /* Get the session key */
+    Status = SystemFunction028(NULL,
+                               SessionKey);
+    if (!NT_SUCCESS(Status))
+    {
+        DPRINT1("SystemFunction028 failed (Status 0x%08lx)\n", Status);
+        return RtlNtStatusToDosError(Status);
+    }
+
     inData.Length = dwPasswordSize;
     inData.MaximumLength = inData.Length;
     inData.Buffer = pPassword;
 
-    keyData.Length = strlen(pszKey);
+    keyData.Length = sizeof(SessionKey);
     keyData.MaximumLength = keyData.Length;
-    keyData.Buffer = (unsigned char *)pszKey;
+    keyData.Buffer = SessionKey;
 
     outData.Length = 0;
     outData.MaximumLength = 0;
diff --git a/dll/win32/advapi32/service/scm.c b/dll/win32/advapi32/service/scm.c
index efa19f2b354..b28055a9687 100644
--- a/dll/win32/advapi32/service/scm.c
+++ b/dll/win32/advapi32/service/scm.c
@@ -19,6 +19,12 @@ SystemFunction004(
     const struct ustring *key,
     struct ustring *out);
 
+NTSTATUS
+WINAPI
+SystemFunction028(
+    IN PVOID ContextHandle,
+    OUT LPBYTE SessionKey);
+
 /* FUNCTIONS *****************************************************************/
 
 handle_t __RPC_USER
@@ -169,17 +175,26 @@ ScmEncryptPassword(
     _Out_ PDWORD pEncryptedPasswordSize)
 {
     struct ustring inData, keyData, outData;
-    PCHAR pszKey = "TestEncryptionKey";
+    BYTE SessionKey[16];
     PBYTE pBuffer;
     NTSTATUS Status;
 
+    /* Get the session key */
+    Status = SystemFunction028(NULL,
+                               SessionKey);
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("SystemFunction028 failed (Status 0x%08lx)\n", Status);
+        return RtlNtStatusToDosError(Status);
+    }
+
     inData.Length = (wcslen(pClearTextPassword) + 1) * sizeof(WCHAR);
     inData.MaximumLength = inData.Length;
     inData.Buffer = (unsigned char *)pClearTextPassword;
 
-    keyData.Length = strlen(pszKey);
+    keyData.Length = sizeof(SessionKey);
     keyData.MaximumLength = keyData.Length;
-    keyData.Buffer = (unsigned char *)pszKey;
+    keyData.Buffer = SessionKey;
 
     outData.Length = 0;
     outData.MaximumLength = 0;