Local Security Authority (LSA) protection is a security feature that verifies a user’s credentials to protect their Windows computer from unauthorized access. Unfortunately, some Windows users have reported seeing an error that says the “Local Security Authority protection is off. Your device may be vulnerable.” If you’re in this situation too and unable to turn it back on from Windows Security, learn how to turn it on again.
Good to know: Windows Security app not opening? Try applying these fixes.
Basic Troubleshooting
Before discussing alternative ways of enabling the Local Authority Security feature to stop the error from showing up, we’re laying out of a few basic troubleshooting solutions to fix it, before having to take more drastic steps:
- Perform a malware scan: it could be that you’re seeing the error because malware changed settings on your computer. Try scanning your computer with Windows Security or a third-party antivirus, and make sure you’ve updated Windows and your antivirus before you proceed.
- Run an SFC scan: the error can also pop up if you have corrupted or damaged system files on your computer. If that’s the case, performing an SFC scan will find and fix those files.
- Use a system restore point: if you are in the habit of creating system restore points regularly, you’re in luck. You can resolve the problem by using one of them to restore your computer to the condition it was in before the error message.
1. Turn On LSA Protection in PowerShell
You only need to run one command in PowerShell to enable LSA protection.
- Press Win + X, then select “Terminal (Admin)” in the menu.
- Copy and paste the command below into the PowerShell tab, then press the Enter key to run it.
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f;reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f
- Restart your computer for the changes to take effect, then check whether the error message is still there.
Tip: if you’re a Windows Home user, you will need to enable the Local Group Policy Editor first.
2. Turn On LSA Protection in the Local Group Policy Editor
You can also turn on LSA protection using the Local Group Policy Editor (LGPE).
- Click on Search in the taskbar, type
group policy
in the Search box, then click on “Edit group policy” in the results.
- In the LGPE, navigate to “Computer Configuration -> Administrative Templates -> System -> Local Security Authority,” and double-click the “Configure LSASS to run as a protected process” policy.
- If the radio button in the top right has a “Disabled” setting, click “Not Configured” instead.
- Click “OK” to apply and save the changes, then restart your computer to see whether the error message persists.
FYI: learn how to clean your Windows Registry to avoid seeing any error messages.
3. Turn On LSA Protection in the Registry Editor
The last way to turn on LSA protection is through the Registry Editor. However, since this method involves editing the Windows Registry, we highly recommend creating a backup of the Registry before proceeding. The last thing you want is to make a mistake in the Registry Editor and have no way to revert the changes. This can make your Windows computer unusable.
- Click on Search in the taskbar, type
registry editor
in the Search box, then click on “Registry Editor” in the results.
- Click “Yes” on the UAC warning.
- In the Registry Editor, navigate to:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
and double-click on the “RunAsPPL” value.
- If you don’t find the “RunAssPPL” value, you’ll need to create it. Right-click the “Lsa” key in the navigation pane on the left, and select “New -> DWORD (32-bit) Value.”
- Once you’ve created the value, double-click to open it, then set “Value data” to “2,” and click “OK.”
- Restart your PC to see whether the issue has been fixed.
Tip: become a pro Windows Registry user with these hacks that optimize the overall experience.
Frequently Asked Questions
How can I verify that I’ve turned on LSA protection?
If you can’t verify that you’ve turned on Local Security Authority protection in Windows Security because the option is missing, do so via the Event Viewer. Once you open the Event Viewer, head to “Windows Logs -> System,” and look for an event with an ID of 12. It will state, “LSASS.exe was started as a protected process with level: 4,” when you double-click on it.
How do I check which plug-ins and drivers failed to run as LSA-protected processes?
Find this information in Event Viewer when Windows is running in audit mode. In the Event Viewer, head to “Applications and Services Logs -> Microsoft -> Windows -> CodeIntegrity,” and look for events with the ID of 3065 or 3066.
How do I enable audit mode on Windows?
If your PC computer is running Windows 11 22H2, then you already have audit mode enabled. Otherwise, open the Registry Editor, and head to the Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe
key. Double-click the “AuditLevel” value, set “Value data” to “8,” and click “OK.”
Image credit: DepositPhotos. All screenshots by Chifundo Kasiya.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox