How to Enable LSA Protection in Windows 11

Local Security Authority (LSA) Protection helps keep your Windows 11 computer safe. It works with Core Isolation and Memory Integrity to stop malicious software from using low-level drivers to take control of your PC. By turning this on, you prevent hackers from injecting bad code that could steal your login information. It ensures that only trusted, signed code is allowed to run.

Why do this? Enabling this feature makes it much harder for attackers to steal your credentials.

What happens when done? Your system will be more secure against credential theft, but you must restart your computer for the settings to take effect.

Enable or Disable LSA via Windows Security

This is the easiest way to manage your security settings.

1. Click the Start menu and type Windows Security. Select Windows Security from the results.

2. Click Device security on the left menu or the main dashboard.

3. Click the Core isolation details link.

4. Find Local Security Authority protection. Toggle the switch to On to enable it, or Off to disable it.

Note: This action requires admin privileges. You must restart your computer to finish.

Enable or Disable LSA via Registry Editor

If you prefer using the registry, follow these steps. Warning: This requires admin privileges and should be done carefully.

1. Open the Windows Registry.
2. Go to this path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

3. If the Lsa folder is missing, right-click Control and create a new key named Lsa.
4. Right-click in the empty space on the right, select New > DWORD (32-bit) Value, and name it RunAsPPL. Create another one named RunAsPPLBoot.
5. Double-click both values. Set the Value data to 1 to turn LSA on, or 0 to turn it off.

Restart your computer to apply the changes.

Enable or Disable LSA via Group Policy

For advanced users, you can use the Local Group Policy editor.

1. Open the Local Group Policy editor.
2. Go to: Computer Configuration > Administrative Templates > System > Local Security Authority.
3. Double-click Configure LSASS to run as protected process.

4. Select Enabled or Disabled based on your preference.

Restart your computer to apply the changes.

Reference: Microsoft.com

Summary

LSA Protection is a vital security layer that blocks unauthorized code from accessing your login credentials. You can enable it through the Windows Security app, the Registry Editor, or the Group Policy editor. By turning this feature on, you significantly improve your system’s resistance to cyberattacks.