Talk:Local Security Authority Subsystem Service

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Microsoft Windows / Computing  (Rated Start-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Microsoft Windows, a collaborative effort to improve the coverage of Microsoft Windows on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 

LSA-Shell[edit]

According to Sysinternals (=Microsoft) Process Explorer, lsass.exe is called the LSA-Shell! Who came up with "subsystem", when microsoft itself calls it a shell(-service)? This needs to be fixed. Unfortunately i can't find the functiont rename this page. Anyone? -- 62.143.90.14 (talk) 10:02, 17 December 2007 (UTC)

Where on Sysinternals does it say that? I searched all over the Sysinternals blogs/site, and the one place[1] I can find that mentions Lsass, it says it stands for LSA subsystem service. There are also these pages [2] [3] published by Microsoft which reaffirm that LSASS stands for local authority subsystem service (that technical bulletin in particular looks quite authoritative and reliable). The "ss" suffix is a pattern that Microsoft seem to enjoy applying with their system processes (eg. csrss is the Win32 subsystem service, psxss is the POSIX subsystem service, smss is the Session manager subsystem service). --Oshah (talk) 23:18, 6 January 2008 (UTC)
Oh, I get it. You must have run Process Explorer yourself, looked in the Description column and saw that it said "LSA Shell (Export version)" (which is the string embedded in the lsass.exe file).
I generally wouldn't read too much into process image file names (example: the win32 subsystem for reasons known only to Microsoft called csrss). The entire LSA subsystem consists of more than just the process executable, it also consists of the DLLs lsasrv.dll, samsrv.dll, a bit of advapi32.dll, and the relevant registry keys, and that's what this article is about. --Oshah (talk) 23:30, 6 January 2008 (UTC)
FYI, "csrss" stands for "client/server runtime subsystem". I forget the details, but the name dates back to when the NT kernel was seen more as platform abstraction layer for a variety of OSes, and less as part of Microsoft Windows. —DragonHawk (talk|hist) 22:19, 29 March 2011 (UTC)

The article would be of more use to the general user if it said which parts of it refer to good aspects and which to bad ones. For example, if my virus checker says that a remote user has started an lsass process, should that be manually blocked? In general, what Microsoft might describe as "software improvements" begs the question of whom the "improvements" are meant to benefit - the user or Microsoft? —Preceding unsigned comment added by 62.30.56.43 (talk) 20:01, 8 February 2008 (UTC)