Why Local Security Authority Subsystem Service can't be deactivated


New Member
Hi all,

I have been searching for some technical post to understand why LSASS can't be deactivated. Okay, it is responsible for enforcing the security policy on the system, but I want some deep sight why the system restarts after deactivate it.



Cloud Security Engineer
Staff member
lsass is responsible for authentication, token creation and security checks it's considered a critical process and you should never try to kill it. It will also kill access to the winlogon process which will cause the system to reboot.

Blurb from Windows Internals

Another, you can see how it ties into Winlogon as well as your authentication sources. AD for centralized authentication and SAM for local authenticaton.

Last edited:


New Member
Thank you for your answer!! So, the main idea is that winlogon checks for user authentication, so if I kill lsass the communication between these two processes will lose, and by this way lsass can't authenticate the user and it will restart the system, right?