In Windows 11, you can use this article to learn how to turn on or off Local Security Authority (LSA) protection for all users.
Microsoft Windows has a security feature called core isolation that isolates the core programmes in memory to shield them from malicious applications. It accomplishes this by performing those fundamental operations in a virtualized setting.
For the Local Security Authority (LSA) process, enhanced security is supported in Windows 11, version 22H2, to guard against code injection that might compromise credentials.
Windows includes a number of vital procedures that it uses to confirm a user’s identity. One of such procedures, the LSA, is in charge of user authentication and Windows login verification. It is in charge of managing user login information, including passwords and tokens, for Azure services and Microsoft accounts. In order to take advantage of this procedure and steal passwords, attackers have created tools and abused Microsoft tools. Future new Windows 11 machines that are enterprise-joined will come standard with improved LSA protection, which will make it much harder for hackers to steal credentials by ensuring LSA loads only trusted, signed code.
You must be signed in as an administrator to enable or disable Local Security Authority (LSA) protection.
LSA requires CPU virtualization turned on.
OPTION ONE
Turn On or Off Local Security Authority (LSA) Protection in Windows Security
- Open Windows Security.
- Tap on Device security on the left side, and on the right side click on the Core isolation details link.
- Turn ON (default) or OFF Local Security Authority protection for what you want.
- Click on Yes to approve if prompted by UAC,
- Restart the computer to apply.
OPTION TWO
Turn On or Off Local Security Authority (LSA) Protection using command
- Open Windows Terminal (Admin), select Command Prompt.
- Copy and paste the command below you want to use into Windows Terminal (Admin), and press ENTER.
Turn On Local Security Authority (LSA) Protection without UEFI Lock
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f & reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f
OR
Turn On Local Security Authority (LSA) Protection with UEFI Lock
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 1 /f & reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f
OR
Turn Off Local Security Authority (LSA) Protection
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 0 /f & reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 0 /f
- Restart the computer to apply.
