security

How to Fix "Local Security Authority Protection Is Off" on Windows – Make Tech Easier


Local Security Authority (LSA) protection is a security feature that verifies a user’s credentials to protect their Windows computer from unauthorized access. Unfortunately, some Windows users have reported seeing an error that says the “Local Security Authority protection is off. Your device may be vulnerable.” If you’re in this situation too and unable to turn it back on from Windows Security, learn how to turn it on again.

Good to know: Windows Security app not opening? Try applying these fixes.

Basic Troubleshooting

Before discussing alternative ways of enabling the Local Authority Security feature to stop the error from showing up, we’re laying out of a few basic troubleshooting solutions to fix it, before having to take more drastic steps:

  • Perform a malware scan: it could be that you’re seeing the error because malware changed settings on your computer. Try scanning your computer with Windows Security or a third-party antivirus, and make sure you’ve updated Windows and your antivirus before you proceed.
  • Run an SFC scan: the error can also pop up if you have corrupted or damaged system files on your computer. If that’s the case, performing an SFC scan will find and fix those files.
  • Use a system restore point: if you are in the habit of creating system restore points regularly, you’re in luck. You can resolve the problem by using one of them to restore your computer to the condition it was in before the error message.

1. Turn On LSA Protection in PowerShell

You only need to run one command in PowerShell to enable LSA protection.

  1. Press Win + X, then select “Terminal (Admin)” in the menu.
Clicking on Terminal (Admin) option WinX menu.
  1. Copy and paste the command below into the PowerShell tab, then press the Enter key to run it.
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f;reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f
Typing command in Powershell.
  1. Restart your computer for the changes to take effect, then check whether the error message is still there.
Readers Also Like:  55% of Surveyed Healthcare Workers Believe Security Policies ... - HealthITSecurity

Tip: if you’re a Windows Home user, you will need to enable the Local Group Policy Editor first.

2. Turn On LSA Protection in the Local Group Policy Editor

You can also turn on LSA protection using the Local Group Policy Editor (LGPE).

  1. Click on Search in the taskbar, type group policy in the Search box, then click on “Edit group policy” in the results.
Launching Group Policy Editor from search.
  1. In the LGPE, navigate to “Computer Configuration -> Administrative Templates -> System -> Local Security Authority,” and double-click the “Configure LSASS to run as a protected process” policy.
Navigating to location in Group Policy Editor.
  1. If the radio button in the top right has a “Disabled” setting, click “Not Configured” instead.
Configuring LSASS in Group Policy Editor.
  1. Click “OK” to apply and save the changes, then restart your computer to see whether the error message persists.

FYI: learn how to clean your Windows Registry to avoid seeing any error messages.

3. Turn On LSA Protection in the Registry Editor

The last way to turn on LSA protection is through the Registry Editor. However, since this method involves editing the Windows Registry, we highly recommend creating a backup of the Registry before proceeding. The last thing you want is to make a mistake in the Registry Editor and have no way to revert the changes. This can make your Windows computer unusable.

  1. Click on Search in the taskbar, type registry editor in the Search box, then click on “Registry Editor” in the results.
Launching Registry Editor from Windows Search.
  1. Click “Yes” on the UAC warning.
  2. In the Registry Editor, navigate to:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

and double-click on the “RunAsPPL” value.

Double-clicking the "RunasPPL" key in Registry Editor.
  1. If you don’t find the “RunAssPPL” value, you’ll need to create it. Right-click the “Lsa” key in the navigation pane on the left, and select “New -> DWORD (32-bit) Value.”
Creating a new key (DWORD (32-bit) Value) in Registry editor.
  1. Once you’ve created the value, double-click to open it, then set “Value data” to “2,” and click “OK.”
Editing Runaspplboot Value Registry Editor
  1. Restart your PC to see whether the issue has been fixed.
Readers Also Like:  Fujitsu and Hexagon digital twin tech aids predictive disaster and ... - Fujitsu

Tip: become a pro Windows Registry user with these hacks that optimize the overall experience.

Frequently Asked Questions

How can I verify that I’ve turned on LSA protection?

If you can’t verify that you’ve turned on Local Security Authority protection in Windows Security because the option is missing, do so via the Event Viewer. Once you open the Event Viewer, head to “Windows Logs -> System,” and look for an event with an ID of 12. It will state, “LSASS.exe was started as a protected process with level: 4,” when you double-click on it.

How do I check which plug-ins and drivers failed to run as LSA-protected processes?

Find this information in Event Viewer when Windows is running in audit mode. In the Event Viewer, head to “Applications and Services Logs -> Microsoft -> Windows -> CodeIntegrity,” and look for events with the ID of 3065 or 3066.

How do I enable audit mode on Windows?

If your PC computer is running Windows 11 22H2, then you already have audit mode enabled. Otherwise, open the Registry Editor, and head to the Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe key. Double-click the “AuditLevel” value, set “Value data” to “8,” and click “OK.”

Image credit: DepositPhotos. All screenshots by Chifundo Kasiya.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.