Local Security Authority Subsystem Service

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.[1] It also writes to the Windows Security Log.

Forcible termination of lsass.exe will result in the Welcome screen losing its accounts, prompting a restart of the machine.

Because lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the folder C:\Windows\System32. If it is running from any other location, that lsass.exe is most likely a virus, spyware, trojan or worm.

See also[edit]

References[edit]

External links[edit]