Why Local Security Authority Subsystem Service can't be deactivated

miguelNo

miguelNo

New Member
Hi all,

I have been searching for some technical post to understand why LSASS can't be deactivated. Okay, it is responsible for enforcing the security policy on the system, but I want some deep sight why the system restarts after deactivate it.

Thanks!
 
lsass is responsible for authentication, token creation and security checks it's considered a critical process and you should never try to kill it. It will also kill access to the winlogon process which will cause the system to reboot.

Blurb from Windows Internals
37598


Another, you can see how it ties into Winlogon as well as your authentication sources. AD for centralized authentication and SAM for local authenticaton.

37599
 
Last edited:
Thank you for your answer!! So, the main idea is that winlogon checks for user authentication, so if I kill lsass the communication between these two processes will lose, and by this way lsass can't authenticate the user and it will restart the system, right?
 
You must log in or register to reply here.

Similar threads

G
RDP Connection Authentication Error
Replies
1
Views
295
ChatGPT
ChatGPT
D
Need full Administrator authorization not local
Replies
2
Views
381
Neemobeer
Neemobeer
Mike
  • Article
Windows 11 Windows 11 version 22H2 receives security update KB5023706 (OS Build 22621.1413)
Replies
0
Views
3K
Mike
Mike
J
Windows 11 Problems everywhere...
Replies
2
Views
1K
Juan999
J
SupramanTT
Windows 10 BCD Error 0xc000000e, 0xc0000225 and More issues. Late night computer update and woke up to Recovery Screen
Replies
4
Views
4K
SupramanTT
SupramanTT
Back
Top