Local Security Authority Subsystem Service

Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.^[1] It also writes to the Windows Security Log.

Forcible termination of lsass.exe will result in the Welcome screen losing its accounts, prompting a restart of the machine. "lsass.exe" is the Local Security Authentication Server. lsass verifies the validity of user logons to your PC or server. it generates the process responsible for authenticating users for the Winlogon service. This is performed by using authentication packages such as the default, Msgina.dll (note: GINA is used in Windows XP, but is replaced with the Credential Provider system in Vista and 7). If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates then inherit this token. http://www.neuber.com/taskmanager/process/lsass.exe.html

Note: The lsass.exe file is located in the folder C:\Windows\System32. In other cases, lsass.exe is a virus, spyware, trojan or worm.

See also

• Pass the hash
• Sasser (computer worm)

References

External links

• MS identity management
• FileInspect detailed lsass.exe information
• User experiences and ratings of lsass.exe
• Version list (with checksums) of lsass.exe