Local Security Authority Subsystem Service
Local Security Authority Subsystem Service (LSASS)[1] is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.[2] It also writes to the Windows Security Log.
Forcible termination of lsass.exe will result in the system losing access to any account, including NT AUTHORITY, prompting a restart of the machine. Because, lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the directory %WINDIR%\System32, and the description of the file is Local Security Authority Process. If it is running from any other location, that lsass.exe is most likely a virus, spyware, trojan or worm. Due to the way some systems display fonts, malicious developers may name the file something like Isass.exe (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file.[3] The Sasser worm spreads by exploiting a buffer overflow in the LSASS on Windows XP and Windows 2000 operating systems.
References
External links
- Security Subsystem Architecture
- LSA Authentication
- MS identity management
- v
- t
- e
tools
- App Installer
- Command Prompt
- Control Panel
- Device Manager
- Disk Cleanup
- Drive Optimizer
- Driver Verifier
- DirectX Diagnostic Tool
- Event Viewer
- IExpress
- Management Console
- Netsh
- Performance Monitor
- Recovery Console
- Resource Monitor
- Settings
- Sysprep
- System Configuration
- System File Checker
- System Information
- System Policy Editor
- System Restore
- Task Manager
- Windows Error Reporting
- Windows Ink
- Windows Installer
- PowerShell
- Windows Update
- WinRE
- WMI
- 3D Viewer
- Clock
- Calculator
- Calendar
- Camera
- Character Map
- Clipchamp
- Cortana
- Edge
- Fax and Scan
- Feedback Hub
- Get Help
- Magnifier
- Maps
- Messaging
- Media Player
- 2022
- Movies & TV
- Mobility Center
- Money
- Narrator
- Notepad
- OneDrive
- OneNote
- Paint
- Paint 3D
- People
- Phone Link
- Photos
- Quick Assist
- Snipping Tool
- Speech Recognition
- Skype
- Sports
- Start
- Sticky Notes
- Store
- Tips
- Voice Recorder
- Weather
- WordPad
- Xbox
- Active Directory
- Domains
- DNS
- Group Policy
- Roaming user profiles
- Folder redirection
- Distributed Transaction Coordinator
- MSMQ
- Windows Media Services
- Active DRM Services
- IIS
- WSUS
- SharePoint
- Network Access Protection
- PWS
- DFS Replication
- Print Services for UNIX
- Remote Desktop Services
- Remote Differential Compression
- Remote Installation Services
- Windows Deployment Services
- System Resource Manager
- Hyper-V
- Server Core
- Boot Manager
- Console
- CSRSS
- Desktop Window Manager
- Portable Executable
- Enhanced Write Filter
- Graphics Device Interface
- Hardware Abstraction Layer
- I/O request packet
- Imaging Format
- Kernel Transaction Manager
- Library files
- Logical Disk Manager
- LSASS
- MinWin
- NTLDR
- Ntoskrnl.exe
- Object Manager
- Open XML Paper Specification
- Registry
- Resource Protection
- Security Account Manager
- Server Message Block
- Shadow Copy
- SMSS
- System Idle Process
- USER
- WHEA
- Winlogon
- WinUSB
- Solitaire Collection
- Surf
Microsoft Store
- DVD Player
- File Manager
- Hover!
- Mahjong
- Minesweeper
- Category
- List