Local Security Authority Subsystem Service

From Wikipedia, the free encyclopedia - View original article

 
Jump to: navigation, search

Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.[1] It also writes to the Windows Security Log.

Forcible termination of lsass.exe will result in the Welcome screen losing its accounts, prompting a restart of the machine. "lsass.exe" is the Local Security Authentication Server. lsass verifies the validity of user logons to your PC or server. it generates the process responsible for authenticating users for the Winlogon service. This is performed by using authentication packages such as the default, Msgina.dll (note: GINA is used in Windows XP, but is replaced with the Credential Provider system in Vista and 7). If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates then inherit this token. http://www.neuber.com/taskmanager/process/lsass.exe.html

Because lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the folder C:\Windows\System32. If it is running from any other location, that lsass.exe is most likely a virus, spyware, trojan or worm.

See also[edit]

References[edit]

External links[edit]