Follow
Windows

How to Enable LSA Protection in Windows 11

Richard
Written by
Richard
Dec 12, 2022 Updated Apr 30, 2026 3 min read

Enabling LSA (Local Security Authority) Protection in Windows 11 adds a crucial layer of security to safeguard your login credentials.

LSA Protection is a security feature that protects the LSASS.exe process, which handles your login information and security tokens, from unauthorized access.

It uses Protected Process Light (PPL) technology to prevent malicious code from injecting itself and stealing or altering your sensitive data, significantly enhancing your PC’s defense against credential theft.

By turning on LSA Protection, you make it much harder for attackers to access your system’s memory and steal your usernames and passwords.

This advanced security measure is available in Windows 11 builds starting from 21H2 and requires a system restart to activate fully.

Hardware Prerequisites

Before enabling this, ensure your PC meets these requirements:

  • UEFI and Secure Boot: Your computer must be set to UEFI mode with Secure Boot enabled in your BIOS settings.
  • Windows 11 22H2 or newer: This feature is fully integrated into recent versions of Windows 11.

How to Verify if LSA Protection is Active

You can check if the protection is running in Task Manager:

  1. Press Ctrl+Shift+Esc to open Task Manager.
  2. Go to the Details tab.
  3. Right-click the column headers and select Select columns.
  4. Check the box for Elevated or Protected Process.
  5. Find lsass.exe in the list. If it shows as a protected process, the feature is active.

Troubleshooting and Compatibility

Warning: Enabling LSA Protection may cause issues with older, unsigned third-party drivers. If you experience system instability, you may need to disable the feature or update your drivers.

Enable or Disable LSA via Windows Security

This is the easiest way to manage your settings. Requires admin privileges.

  1. Click the Start menu and type Windows Security. Select the app.
    windows security app search on start menu
  2. Click Device security on the left menu.
    windows 11 security app device security option
  3. Click the Core isolation details link.
    windows 11 core isolation details link
  4. Find Local Security Authority protection. Toggle the switch to On.
    windows local security authority protection button

Enable or Disable LSA via Registry Editor

Requires admin privileges. Use caution when editing the registry.

  1. Open the Registry Editor.
  2. Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    windows local security authority protection windows registry
  3. Right-click in the empty space, select New > DWORD (32-bit) Value, and name it RunAsPPL.
  4. Set the Value data to 1 to enable or 0 to disable.
    windows local security authority protection windows registry value data

Enable or Disable LSA via Group Policy

Requires admin privileges.

  1. Open the Local Group Policy editor.
  2. Go to: Computer Configuration > Administrative Templates > System > Local Security Authority.
    windows local security authority protection local group policy editor
  3. Double-click Configure LSASS to run as protected process and set it to Enabled.
    windows local security authority protection local group policy editor options

For advanced technical details, visit the official Microsoft Learn documentation.

Summary

LSA Protection is a vital security layer that blocks unauthorized code from accessing your login credentials. By ensuring your hardware supports UEFI and Secure Boot, you can enable this feature via Windows Security, the Registry, or Group Policy. This simple step significantly improves your system’s resistance to credential theft and malicious code injection.

Why is LSA Protection missing from my Windows Security settings?

If the option is missing, your hardware might not support it. Ensure your BIOS has UEFI and Secure Boot enabled. Additionally, if you are running an older version of Windows 11, you may need to update your system to version 22H2 or later to see the toggle in the security dashboard.

What is the difference between LSA protection and Credential Guard?

LSA Protection uses PPL to stop unauthorized processes from accessing the LSASS process. Credential Guard goes further by using virtualization-based security to isolate secrets in a separate container that even the operating system kernel cannot access. Both work together to provide a layered defense against credential theft.

Was this guide helpful?

Tags: #Windows 11
Was this helpful?
Richard

About the Author

Richard

Tech Writer, IT Professional

Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.

2568 articles → Twitter

📚 Related Tutorials

How to Enable Core Isolation Memory Integrity in Windows 11
Windows How to Enable Core Isolation Memory Integrity in Windows 11
Protect Your Windows 11 with Microsoft Security
Windows Protect Your Windows 11 with Microsoft Security
How to Hide the Device Security Section in the Windows Security app on Windows 11
Windows How to Hide the Device Security Section in the Windows Security app on Windows 11
How to Change Columns in Windows 11 Task Manager
Windows How to Change Columns in Windows 11 Task Manager

No comments yet — be the first to share your thoughts!

Leave a Comment

Your email address will not be published. Required fields are marked *

Exit mobile version