Local Security Authority Subsystem Service
|This article needs additional citations for verification. (July 2009)|
||This article's introduction section may not adequately summarize its contents. (October 2013)|
Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens. It also writes to the Windows Security Log.
Forcible termination of lsass.exe will result in the Welcome screen losing its accounts, prompting a restart of the machine. "lsass.exe" is the Local Security Authentication Server. lsass verifies the validity of user logons to your PC or server. it generates the process responsible for authenticating users for the Winlogon service. This is performed by using authentication packages such as the default, Msgina.dll (note: GINA is used in Windows XP, but is replaced with the Credential Provider system in Vista and 7). If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates then inherit this token. http://www.neuber.com/taskmanager/process/lsass.exe.html
Because lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the folder C:\Windows\System32. If it is running from any other location, that lsass.exe is most likely a virus, spyware, trojan or worm.
- MS identity management
- FileInspect detailed lsass.exe information
- User experiences and ratings of lsass.exe
- Version list (with checksums) of lsass.exe
|This Microsoft Windows article is a stub. You can help Wikipedia by expanding it.|