Why Local Security Authority Subsystem Service can't be deactivated

miguelNo

New Member
Hi all,

I have been searching for some technical post to understand why LSASS can't be deactivated. Okay, it is responsible for enforcing the security policy on the system, but I want some deep sight why the system restarts after deactivate it.

Thanks!
 

Neemobeer

Windows Forum Team
Staff member
lsass is responsible for authentication, token creation and security checks it's considered a critical process and you should never try to kill it. It will also kill access to the winlogon process which will cause the system to reboot.

Blurb from Windows Internals
37598


Another, you can see how it ties into Winlogon as well as your authentication sources. AD for centralized authentication and SAM for local authenticaton.

37599
 
Last edited:

miguelNo

New Member
Thank you for your answer!! So, the main idea is that winlogon checks for user authentication, so if I kill lsass the communication between these two processes will lose, and by this way lsass can't authenticate the user and it will restart the system, right?
 
Top