How to Enable LSA Protection in Windows 11
Local Security Authority (LSA) Protection is a security feature that guards the LSASS.exe process. This process handles your login information and security tokens. By using Protected Process Light (PPL), Windows prevents unauthorized code injection from reading or tampering with your credentials. This is a key part of Windows security hardening to stop credential theft prevention.
Why use LSA Protection?
Hackers often try to steal login data from memory. LSA Protection makes it much harder for them to access this sensitive information.
What happens when done?
Your system becomes more secure. You must restart your computer for these changes to take effect.
Hardware Prerequisites
Before enabling this, ensure your PC meets these requirements:
- UEFI and Secure Boot: Your computer must be set to UEFI mode with Secure Boot enabled in your BIOS settings.
- Windows 11 22H2 or newer: This feature is fully integrated into recent versions of Windows 11.
How to Verify if LSA Protection is Active
You can check if the protection is running in Task Manager:
- Press Ctrl + Shift + Esc to open Task Manager.
- Go to the Details tab.
- Right-click the column headers and select Select columns.
- Check the box for Elevated or Protected Process.
- Find lsass.exe in the list. If it shows as a protected process, the feature is active.
Troubleshooting and Compatibility
Warning: Enabling LSA Protection may cause issues with older, unsigned third-party drivers. If you experience system instability, you may need to disable the feature or update your drivers.
Enable or Disable LSA via Windows Security
This is the easiest way to manage your settings. Requires admin privileges.
- Click the Start menu and type Windows Security. Select the app.
- Click Device security on the left menu.
- Click the Core isolation details link.
- Find Local Security Authority protection. Toggle the switch to On.
Enable or Disable LSA via Registry Editor
Requires admin privileges. Use caution when editing the registry.
- Open the Registry Editor.
- Go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Right-click in the empty space, select New > DWORD (32-bit) Value, and name it
RunAsPPL. - Set the Value data to
1to enable or0to disable.
Enable or Disable LSA via Group Policy
Requires admin privileges.
- Open the Local Group Policy editor.
- Go to: Computer Configuration > Administrative Templates > System > Local Security Authority.
- Double-click Configure LSASS to run as protected process and set it to Enabled.
For advanced technical details, visit the official Microsoft Learn documentation.
Summary
LSA Protection is a vital security layer that blocks unauthorized code from accessing your login credentials. By ensuring your hardware supports UEFI and Secure Boot, you can enable this feature via Windows Security, the Registry, or Group Policy. This simple step significantly improves your system’s resistance to credential theft and malicious code injection.
Why is LSA Protection missing from my Windows Security settings?
If the option is missing, your hardware might not support it. Ensure your BIOS has UEFI and Secure Boot enabled. Additionally, if you are running an older version of Windows 11, you may need to update your system to version 22H2 or later to see the toggle in the security dashboard.
What is the difference between LSA protection and Credential Guard?
LSA Protection uses PPL to stop unauthorized processes from accessing the LSASS process. Credential Guard goes further by using virtualization-based security to isolate secrets in a separate container that even the operating system kernel cannot access. Both work together to provide a layered defense against credential theft.
Was this guide helpful?
Leave a Reply Cancel reply