Local Security Authority Subsystem Service: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 20:26, 29 June 2016 edit Tom.Reding (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, Template editors 4,364,437 edits m →External links: Rem stub tag(s) (class = non-stub & non-list) using AWB ← Previous edit		Latest revision as of 13:51, 24 June 2025 edit undo 176.126.231.52 (talk) grammatical error fix
(37 intermediate revisions by 30 users not shown)
Line 1: {{Short description\|Computer operating system component}} {{Refimprove\|date=July 2009}} '''Local Security Authority Subsystem Service''' ('''LSASS''')<ref>{{cite web\|url=https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection \|title=Configuring Additional LSA Protection \|publisher=Microsoft \|access-date=2022-02-04}}</ref> is a [[Process (computing)\|process]] in [[Microsoft Windows]] [[operating system]]s that is responsible for enforcing the [[security policy]] on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates [[access token]]s.<ref>{{cite web\|url=~~http~~https://ss64.com/nt/syntax-services.html \|title=Windows 7 Services \| Windows CMD \|publisher=SS64.com \|access-date~~= \|accessdate~~=2016-05-24}}</ref> It also writes to the [[Windows Security Log]]. Forcible termination of {{mono\|lsass.exe}} will result in the system losing access to any account, including NT AUTHORITY, prompting a restart of the machine. Because {{mono\|lsass.exe}} is a crucial system file, its name is often faked by malware. The {{mono\|lsass.exe}} file used by Windows is located in the [[Directory (computing)\|directory]] ~~Windows~~{{mono\|%WINDIR%\System32}}, and the description of the file is '''Local Security Authority Process'''. If it is running from any other ___location, that {{mono\|lsass.exe}} is most likely a [[Computer virus\|virus]], [[spyware]], [[Trojan horse (computing)\|trojan]] or [[Worm (computing)\|worm]]. Due to the way some systems display fonts, malicious developers may name the file something like {{mono\|Isass.exe}} (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file. <ref>{{cite web \|url=http://www.errorboss.com/exe-files/lsass-exe/ \|title=The Best Way To Remove Lsass.exe Virus - Fix Lsass Process \|date=23 December 2014 \|publisher=Errorboss.com \|access-date=2016-05-24 \|~~accessdate~~archive-date=~~2016~~2015-0509-24 \|archive-url=https://web.archive.org/web/20150924001856/http://www.errorboss.com/exe-files/lsass-exe/ \|url-status=dead }}</ref> The [[Sasser (computer worm)\|Sasser worm]] spreads by exploiting a [[buffer overflow]] in the LSASS on [[Windows XP]] and [[Windows 2000]] operating systems.▼ ~~Forcible termination of <tt>lsass.exe</tt> will result in the Welcome screen losing its account/s, prompting a restart of the machine.~~ ▲Because lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the [[Directory (computing)\|directory]] Windows\System32. If it is running from any other ___location, that lsass.exe is most likely a virus, spyware, trojan or [[Worm (computing)\|worm]]. Due to the way some systems display fonts, malicious developers may name the file something like Isass.exe (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file. <ref>{{cite web\|url=http://www.errorboss.com/exe-files/lsass-exe/ \|title=The Best Way To Remove Lsass.exe Virus - Fix Lsass Process \|publisher=Errorboss.com \|date= \|accessdate=2016-05-24}}</ref> ~~==See also==~~ [[Pass the hash]] [[Stuxnet]] [[Sasser (computer worm)]] [[LAN Manager]] [[NT LAN Manager]] [[Active Directory]] [[Windows startup process]] ==References== Line 19 ⟶ 9: ==External links== [~~http~~https://technet.microsoft.com/en-us/library/cc961760.aspx Security Subsystem Architecture] [http://msdn.microsoft.com/en-us/library/windows/desktop/aa378326%28v=vs.85%29.aspx LSA Authentication] [http://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/p2pass_1.mspx MS identity management]