Topics Map > Services > Security > Protect Yourself and Others

Safe Computing - Run LSA as a Protected Process

LSA or Local Security Authority on Windows computers validates users for local and remote sign ins and enforces Local Security Policy, by default this does not run as a "protected service," meaning other services or applications may be injected in to the LSASS (Local Security Authority Server Service) potentially exposing passwords to those other services or applications.

By enabeling running LSASS as a protected service, however, non-Microsoft signed drivers and plugins may not work. 

To Enable LSA Protection follow the directions below: 

  1. Click the Start Button 
  2. Type "regedit" (No Quotes) hit enter 
  3. Navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Lsa 
  4. If there is a registry key call "RunAsPPL" change the setting to 00000001 
  5. If there is no RunAsPPL 
    1. Right Click on Lsa 
    2. Select New 
    3. Select DWORD (32-bit) Value 
    4. Name the New DWORD RunAsPPL 
    5. Double click on the RunAsPPL 
      1. Keep hexadecimal checked 
    6. Change the setting to 00000001 
  6. Close the Registry Editor 
  7. Reboot Computer




Keywords:lsa, protected, process, lsass   Doc ID:106816
Owner:Carson S.Group:IT Knowledge Base
Created:2020-10-23 16:21 CSTUpdated:2020-11-10 14:21 CST
Sites:IT Knowledge Base
Feedback:  0   0