Local Security Authority Subsystem Service

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.[1] It also writes to the Windows Security Log.

Forcible termination of lsass.exe will result in the Welcome screen losing its accounts, prompting a restart of the machine.

Because lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the directory %WINDIR%\System32. If it is running from any other location, that lsass.exe is most likely a virus, spyware, trojan or worm. Due to the way some systems display fonts, malicious developers may name the file something like Isass.exe (capital "I" instead of a lowercase "i") in efforts to trick users into installing or executing a malicious file instead of the trusted system file.[2]


  1. ^ "Windows 7 Services | Windows CMD". SS64.com. Retrieved 2016-05-24.
  2. ^ "The Best Way To Remove Lsass.exe Virus - Fix Lsass Process". Errorboss.com. Retrieved 2016-05-24.

External links

  • Security Subsystem Architecture
  • LSA Authentication
  • MS identity management
Retrieved from "https://en.wikipedia.org/w/index.php?title=Local_Security_Authority_Subsystem_Service&oldid=874587516"
This content was retrieved from Wikipedia : http://en.wikipedia.org/wiki/Local_Security_Authority_Subsystem_Service
This page is based on the copyrighted Wikipedia article "Local Security Authority Subsystem Service"; it is used under the Creative Commons Attribution-ShareAlike 3.0 Unported License (CC-BY-SA). You may redistribute it, verbatim or modified, providing that you comply with the terms of the CC-BY-SA