Local Security Authority Subsystem Service - Wikipedia

Jump to content

Contents

move to sidebar hide

• (Top)
• 1 References
• 2 External links

• Article
• Talk

English

• Read
• Edit
• View history

Tools Tools move to sidebar hide Actions

• Read
• Edit
• View history

General

• What links here
• Related changes
• Upload file
• Permanent link
• Page information
• Cite this page
• Get shortened URL
• Download QR code

Print/export

• Download as PDF
• Printable version

In other projects

• Wikidata item

Appearance move to sidebar hide From Wikipedia, the free encyclopedia Computer operating system component

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: "Local Security Authority Subsystem Service" – news · newspapers · books · scholar · JSTOR (July 2009) (Learn how and when to remove this message)

Local Security Authority Subsystem Service (LSASS)[1] is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.[2] It also writes to the Windows Security Log.

Forcible termination of lsass.exe will result in the system losing access to any account, including NT AUTHORITY, starting a one minute timer that after it runs out the system restarts. Under Windows XP the shutdown timer can be stopped with "shutdown -a" which will result in many features of the system that use the RPC server (user profile (management), sysdm.cpl, etc.) being unusable, often permission errors occur even when logged in with an account that has administrative permissions, when logging off, clicking switch user, or locking the machine, either a black screen appears or logging in is not possible again, or logging off is impossible at all, the machine often needs to be reset as a normal shutdown is not possible anymore after lsass.exe has been terminated. Because lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the directory %WINDIR%\System32, and the description of the file is Local Security Authority Process. If it is running from any other location, that lsass.exe is most likely a virus, spyware, trojan or worm. Due to the way some systems display fonts, malicious developers may name the file something like Isass.exe (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file.[3] The Sasser worm spreads by exploiting a buffer overflow in the LSASS on Windows XP and Windows 2000 operating systems.

References

[edit]

1. ^ "Configuring Additional LSA Protection". Microsoft. Retrieved 2022-02-04.
2. ^ "Windows 7 Services | Windows CMD". SS64.com. Retrieved 2016-05-24.
3. ^ "The Best Way To Remove Lsass.exe Virus - Fix Lsass Process". Errorboss.com. 23 December 2014. Archived from the original on 2015-09-24. Retrieved 2016-05-24.

External links

[edit]

• Security Subsystem Architecture
• LSA Authentication
• MS identity management

v t e Microsoft Windows components
APIs Architecture 9x NT Booting process Games
Managementtools	App Installer Command Prompt Control Panel Device Manager DirectX Diagnostic Tool Disk Cleanup Drive Optimizer Driver Verifier Event Viewer IExpress Management Console Netsh Performance Monitor PowerShell Recovery Console Resource Monitor Settings Sysprep System Configuration System File Checker System Information System Policy Editor System Restore Task Manager Windows Backup Windows Error Reporting Windows Ink Windows Installer Windows Update Windows Insider WinRE WMI
Apps	3D Viewer Calculator Calendar Camera Character Map City Art Search Clipchamp Clock Company Portal Copilot Edge Fax and Scan Feedback Hub Get Help Magnifier Mail Media Player 2022 Mesh Messaging Mobility Center Money Movies & TV Narrator News Notepad OneDrive OneNote Paint PC Manager People Phone Link Photos Quick Assist Remote Desktop Connection Snipping Tool Sound Recorder Speech Recognition Sticky Notes Store Terminal To Do Weather Whiteboard Windows App Xbox
Shell	Action Center Aero AutoPlay AutoRun ClearType Explorer Search IFilter Indexing Service Namespace Saved search Special folder Start menu Task View Taskbar Windows Spotlight Windows XP visual styles
Services	BITS CLFS Error Reporting Multimedia Class Scheduler Service Control Manager Shadow Copy Task Scheduler Wireless Zero Configuration
File systems	CDFS DFS exFAT FAT IFS NTFS EFS Hard link links Mount Point Reparse point TxF ReFS UDF
Server	Active Directory Active DRM Services DFS Replication Distributed Transaction Coordinator DNS Domains Folder redirection Group Policy Hyper-V IIS MSMQ Network Access Protection Print Services for UNIX PWS Remote Desktop Services Remote Differential Compression Remote Installation Services Roaming user profiles Server Core SharePoint System Resource Manager Windows Deployment Services Windows Media Services WSUS
Architecture	Boot Manager Console CSRSS Desktop Window Manager Enhanced Write Filter Graphics Device Interface Hardware Abstraction Layer I/O request packet Imaging Format Kernel Transaction Manager Library files Logical Disk Manager LSASS MinWin NTLDR Ntoskrnl.exe Object Manager Open XML Paper Specification Portable Executable DLL EXE Registry Resource Protection Security Account Manager Server Message Block Shadow Copy SMSS System Idle Process USER WHEA Winlogon WinUSB
Security	Security and Maintenance AppLocker BitLocker Credential Guard Data Execution Prevention Defender Family features Kernel Patch Protection Mandatory Integrity Control Protected Media Path User Account Control User Interface Privilege Isolation Windows Firewall
Compatibility	COMMAND.COM Windows Subsystem for Linux WoW64
API	Active Scripting JScript VBScript WSH COM ActiveX ActiveX Document COM Structured storage DCOM OLE OLE Automation Transaction Server DirectX Native .NET Universal Windows Platform WinAPI Windows Mixed Reality Windows Runtime WinUSB
Games	Solitaire Collection Surf
Discontinued	Games 3D Pinball Chess Titans FreeCell Hearts Hold 'Em InkBall Purble Place Solitaire Spider Solitaire Tinker Apps ActiveMovie Address Book Anytime Upgrade Backup and Restore Cardfile CardSpace CD Player Chat Contacts Cortana Desktop Gadgets Diagnostics DriveSpace DVD Maker Easy Transfer Edge Legacy Fax Food & Drink Groove Music Health & Fitness Help and Support Center HyperTerminal Imaging Internet Explorer Journal Make Compatible Maps Media Center Meeting Space Messaging Messenger Mobile Device Center Movie Maker MSN Dial-Up NetMeeting NTBackup Outlook Express Paint 3D Pay Phone Companion Photo Gallery Photo Viewer Program Manager Skype Sports Start Steps Recorder Syskey Tips Travel WinHelp WordPad Write Others Desktop Cleanup Wizard File Protection Games for Windows HPFS Interix Media Control Interface MS-DOS 7 Next-Generation Secure Computing Base POSIX subsystem ScanDisk Video for Windows Virtual DOS machine Windows on Windows Windows Services for UNIX Windows SideShow Windows System Assessment Tool Windows To Go WinFS
Spun off toMicrosoft Store	DVD Player File Manager Hover! Mahjong Minesweeper
Category  List

Retrieved from "https://en.wikipedia.org/w/index.php?title=Local_Security_Authority_Subsystem_Service&oldid=1309473589" Categories:

• Microsoft Windows security technology
• Windows NT architecture
• Access control software
• Windows components

Hidden categories:

• Articles with short description
• Short description is different from Wikidata
• Articles needing additional references from July 2009
• All articles needing additional references

Search Search Toggle the table of contents Local Security Authority Subsystem Service 9 languages Add topic