How to enable Windows Local Security Authority Protection

116

The Local Security Authority is an important part of the Windows security system. It checks a user’s identity when they sign into a local computer. You can easily enable Windows Local Security Authority Protection. It checks password changes and login attempts, makes access tokens for single sign-in sessions, and does other authentication and authorization tasks in Windows.

One of the most important things you can do to protect your system and accounts from cyber threats is to make sure the Local Security Authority subsystem is secure. By turning on Local Security Authority protection, you’ll have more control over possible cleartext password vulnerabilities and password dumping attacks. This will give your system an extra layer of security. Windows has a number of important ways to check a user’s identity.

One of these processes is the LSA, which is in charge of authenticating users and making sure Windows logins are correct. It is in charge of handling user credentials, such as passwords, and tokens, which are used to let users sign in once to their Microsoft accounts and Azure services. Attackers have made tools and used Microsoft tools to take advantage of this process to steal credentials. We mentioned below are the ways to enable Windows “Local Security Authority Protection”.

Ways to enable Windows “Local Security Authority Protection”

Using the Local Group Policy Editor

The Local Group Policy Editor is a Windows programme that lets you change the settings for your desktop computer’s group policy. You can also use it to turn on protection from the Local Security Authority. This is how:

1. In the Run dialog box, type gpedit.msc and click OK.
2. Click on the Administrative Templates folder under the Local Computer Policies section.
3. Select System and open the Local Security Authority folder.
4. Right click on the “Configure LSASS to run as a protected process” policy and select “Edit“.
5. In the edit window that appears, select the “Enable” option.
6. Click the drop-down icon under Configure LSA to run as a protected process and select Enabled with UEFI Lock.
7. Click Apply > OK to save your settings.
8. Restart your computer and you will see the changes.

Using the Registry Editor

You can also turn on Local Security Authority protection by making changes to the registry. But make sure you have a copy of the registry before you start the steps below, because making a mistake can cause your system to crash.

1. Open the “Run” dialog box with the Win + R hotkey.
2. In the Run dialog box, type regedit and click OK.
3. Navigate to the following location:
   1. Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4. Click the Lsa key in the left pane.
5. Right-click on the RunAsPPL value in the right pane.
6. Select Edit from the context menu.
7. Enter 1 for the value data and click OK.

Using Windows Security

Windows Security is a place where you can protect your personal information and network settings all in one place. You can use it to check systems for viruses, protect accounts, manage device performance, and control apps and browsers. Windows Security is also one of the places where you can turn on the protection feature for the Local Security Authority. Here’s what you need to do:

1. Press the Win key to open the “Start Menu“.
2. Type “Windows Security” in the search bar and press Enter.
3. Select “Device Security” from the left panel.
4. Select the Core isolation details option in the Core isolation section.
5. Enable the toggle in the “Protect Local Security Authority” section.
6. Click “Yes” to the UAC that pops up.

Final Words

That’s it with our article on how to enable Windows “Local Security Authority Protection”. The LSA, which is made up of the Local Security Authority Server Service (LSASS) process, verifies users when they sign in locally or remotely and makes sure that local security policies are followed.

The Windows operating system and later versions give the LSA more protection so that unprotected processes can’t read memory or add code. This feature makes the credentials that LSA stores and manages even safer. For further information regarding Local Security Authority Protection, you can also visit official Microsoft support website.

FAQ

Why You Should Enable LSA Protection

The Local Security Authority (LSA) Subsystem Service is a process in Microsoft Windows that checks logon attempts, password changes, creates access tokens, and does other important tasks related to Windows authentication and authorization protocols. Cybercriminals have always been most interested in getting into Microsoft Windows.

The most popular operating system is the most likely reason for this. Cybercriminals will try many different ways to get into a Windows system. Once they do, they will try to use the privileges they have to get into other systems and accounts. As a result, protecting the Local Security Authority Subsystem is one of the most important things you can do to keep your Windows 11 systems and accounts safe.

Attackers use tools like Mimikatz and LSAdump to get clear-text passwords or password hashes from memory. By turning on LSA Protection on Windows, you will have more control over how information stored in memory can be accessed and should be able to stop data from being accessed by processes that are not protected.

What can the local security authority do in Windows?

Local Security Authority Server Service (LSASS) is a process in Microsoft Windows that is in charge of enforcing the system’s security policy. It checks who is using a Windows computer or server, changes passwords, and makes access tokens.

What is the impact of enabling LSA protection?

By turning on LSA Protection on Windows, you will have more control over how information stored in memory can be accessed and may be able to stop data from being accessed by processes that are not protected.

Can Windows security get hacked?

Hackers found a way to get around a security feature on Windows devices. They did this by using JavaScript files on their own to exploit CVE-2022-44698 zero-day, also known as SmartScreen.

How I know if my PC is hacked?

If someone breaks into your computer, you might notice some of the following: There are a lot of pop-up windows, especially ones that tell you to go to strange sites or download antivirus or other software. Make adjustments to your home page. Your email account is being used to send out a lot of emails.