Local Security Authority (LSA) protection is a crucial feature on Windows 11 that helps protect users’ credentials and keep attackers at bay. However, there are instances when this protection may be turned off, leaving your PC vulnerable to security threats. In this comprehensive guide, we will explore various methods to enable LSA protection on Windows 11 and ensure the security of your device.
There are several reasons why LSA protection may be disabled on your Windows 11 device. Understanding these factors can help you pinpoint the cause and apply the appropriate solution. Here are some common reasons:
Faulty Windows Updates: Corrupt or incomplete Windows updates can sometimes disable LSA protection.
Secure Boot is Turned Off: Disabling Secure Boot resets all Secure Boot and UEFI-related configurations, including LSA protection.
Windows Policy: It’s possible that LSA protection has been disabled through Windows Policy settings. Tweaking the Computer Configuration in the local group policy editor (gpedit.msc) can help re-enable it.
Now that we have identified why LSA protection may be turned off, let’s explore the solutions to enable it.
Preliminary Checks
Before diving into advanced solutions, it’s important to perform some preliminary checks that may resolve the issue quickly. Follow these steps:
Ensure Administrator Privileges: Make sure you are signed in as an administrator to enable additional protection for LSA.
Windows Security App: Check your Windows Security app to ensure LSA protection is enabled.
CPU Virtualization: Verify that CPU virtualization is turned on.
If these checks do not permanently fix the problem, proceed with the advanced solutions outlined below.
Solution 1: Use the Windows Security App
The Windows Security app provides a user-friendly interface to manage various security settings on your Windows 11 device. Here’s how you can use it to enable LSA protection:
- Press the Windows key to open the Start Menu, type “Windows Security” in the search box, and press Enter.
- In the left pane of the Windows Security app, select “Device security.”
- Under the “Core isolation” section, choose “Core isolation details.”
- Enable the toggle under the “Local Security Authority protection” section.
- Click “Yes” in the User Account Control (UAC) prompt that appears.
- Restart your PC to apply the changes.
The Windows Security app offers a convenient way to safeguard your system from cyber threats. If this solution doesn’t work for you, there’s an alternative method we’ll explore next.
Solution 2: Use Registry Editor
Registry Editor is a powerful tool that allows you to modify various settings in the Windows registry. Here’s how you can use it to enable LSA protection:
Press the Windows + R keys to open the Run dialog box. Type “regedit” in the dialog box and press Enter.
In the Registry Editor, navigate to the following path:ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
Locate the “RunAsPPL” entry in the right pane and double-click on it. Change the “Value data” to 1 (or 2, as some users claim this worked for them) and press Enter.
Repeat step 3 for the “RunAsPPLBoot” entry. If you don’t have these entries, you can create DWORD entries for “RunAsPPLBoot” and “RunAsPPL.”
Restart your PC to apply the changes.
Before making any changes in the Registry Editor, it’s crucial to back up your registry files or create a restore point to ensure the safety of your system.
Solution 3: Via the Local Group Policy Editor
The Local Group Policy Editor provides advanced configuration options for Windows settings. Here’s how you can use it to enable LSA protection:
Press the Windows + R keys to open the Run dialog box. Type “gpedit.msc” and press Enter.
In the Local Group Policy Editor window, navigate to the following path:Computer ConfigurationAdministrative TemplatesSystemLocal Security Authority
On the right pane of the window, right-click on “Configure LSASS to run as a protected process.”
Click on “Enable.”
Under “Options,” select “Enabled with UEFI Lock.” Click “Apply” and “OK” to save the changes.
Restart your device to apply the changes.
It’s important to create a system restore point before making any changes in the Windows Policy using the Local Group Policy Editor.
Additional Tips and Considerations
Once you have successfully enabled Local Security Authority (LSA) protection and restarted your device, you may dismiss warning notifications and disregard any further notifications requesting a restart. Some users have also reported that issues with signature verification could be the reason LSA protection is turned off. If LSA is not signed as expected, consult further guides for assistance.
Remember, maintaining the security and integrity of your Windows 11 device is an ongoing process. Regularly updating your system, following best security practices, and being cautious while browsing or downloading files are essential to safeguarding your data and privacy.
Conclusion
Enabling Local Security Authority (LSA) protection on your Windows 11 device is crucial for maintaining the security of your credentials and protecting against potential threats. In this guide, we explored various methods to enable LSA protection, including using the Windows Security app, Registry Editor, and the Local Group Policy Editor. By following these steps, you can ensure that your device remains secure and protected from cybercriminals.
If you have any questions or suggestions, please feel free to share them in the comments section below. Stay safe and secure in your tech journey!