How to enable Local Security Authority (LSA) protection in Windows 11

Local Security Authority (LSA) is an important Windows process for verifying user identity. It manages essential system credentials such as passwords and tokens associated with Microsoft and Azure accounts.

You must enable Local Security Authority protection if you want to protect your credentials from attackers. In this article, we will go through 3 different ways to enable Local Security Authority protection on your computer.

How to enable Local Security Authority protection with Windows Security

Windows Security is a comprehensive security hub for protecting your personal data and network settings. You can use it to scan for system viruses, protect accounts, manage device performance, and control apps and browsers.

Windows Security is also one of the places to enable Local Security Authority protection. Here's how to do it:

1. Press the Win key to open the Start menu.

2. In the search bar, type Windows Security and press Enter.

3. Select Device security from the left panel.

4. Select the Core isolation details option in the Core isolation section.

5. Tap the toggle switch in the Local Security Authority protection section .

How to enable Local Security Authority (LSA) protection in Windows 11 Picture 1

6. Click Yes to make UAC pop up.

You will have to restart your computer to see the changes.

How to enable Local Security Authority protection with Registry Editor

How to enable Local Security Authority (LSA) protection in Windows 11 Picture 2

The next way you can enable Local Security Authority protection is to edit the registry. But make sure to back up the registry before doing the procedure below, as any wrong edits can damage your system.

1. Open the Run dialog box by pressing the hotkey Win + R .

2. In the Run dialog box , type regedit and click OK.

3. Navigate to the following location:

ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa

4. Click the Lsa key in the left panel.

5. Right click on the RunAsPPL value on the right.

6. Select Edit from the context menu.

7. Enter 1 in the value data and click OK.

Enable Local Security Authority protection with Local Group Policy Editor

Local Group Policy Editor is a Windows utility with which you can manage group policy settings on your computer. You can also use it to enable Local Security Authority protection. Here's how to do it:

1. In the Run dialog box , type gpedit.msc and click OK.

2. Click the Administrative Templates folder in the Local Computer Policy section .

3. Select System and then open the Local Security Authority folder .

4. Right-click the Configure LSASS policy to run as a protected process and select Edit.

5. In the edit window that appears, select the Enabled option.

6. Click the drop-down icon under Configure LSA to run as a protected process and select Enabled with UEFI Lock .

How to enable Local Security Authority (LSA) protection in Windows 11 Picture 3

7. Click Apply > OK to save the settings.

Restart your computer to see the changes.

Today, attackers have tools with which they can easily steal your credentials. To work around this, Windows provides additional protection that prevents login attempts from unknown identities. You can enable this protection by following one of the methods above.

Good luck!

Samuel Daniel

Update 07 July 2023

« PREV