How to Fix Local Security Authority Protection is Off on Windows 

Is your Windows 11 or 10 PC displaying the alarming message "Local Security Authority Protection is off. Your device may be vulnerable"? Don‘t panic! In this in-depth guide, I‘ll walk you through exactly what this error means and provide simple steps to get your PC‘s security back on track.

As an IT security professional with over a decade of experience, I‘ve helped countless Windows users resolve the "LSA Protection is off" issue and implement essential security best practices. My goal is to give you all the knowledge you need to not only fix this error but keep your device safe from ever-evolving cyber threats. Let‘s dive in!

What is Local Security Authority (LSA) Protection?

Before we get into troubleshooting, it‘s important to understand what Local Security Authority (LSA) Protection is and why you want it enabled on your Windows device.

LSA is a critical Windows process that handles authentication of users signing into the device. It maintains information on all aspects of the local security policy, user logons, and any security tokens. Crucially, it also holds your logon credentials in memory.

This makes LSA a prime target for hackers and malware. If breached, an attacker could steal your username and password to gain unauthorized access to your device and data. This is known as a "pass the hash" attack.

This is where LSA Protection comes in. When enabled, it isolates the LSA process in a virtualized, secure container. This "virtual secure mode" makes the LSA process and credential information invisible to all other processes running on the device. Even if malware infiltrates your system, it would not be able to access or steal your credentials from memory.

So in a nutshell, LSA Protection is an important additional layer of security that protects your Windows sign-in credentials from hacking and malware. It‘s a defense-in-depth measure that Microsoft first introduced in Windows 8.1 and is a recommended security setting.

What does "Local Security Authority Protection is off" mean?

Now that you know the importance of LSA Protection, the "Local Security Authority Protection is off" error message probably makes more sense. It‘s Windows Security alerting you that your device is in a vulnerable state.

There are a few potential causes for LSA Protection being disabled:

  1. It was manually disabled by a user
  2. A program or Windows update turned it off
  3. Your antivirus software is not compatible with LSA Protection
  4. System file corruption

Whatever the reason, without LSA Protection on, the LSA process on your PC is at risk of being breached by malware, leaving your sign-in credentials vulnerable to being stolen. Hackers could use them to gain access to your device and accounts. Not good!

Some indications you may have been victim of a pass-the-hash attack include:

  • Unknown or suspicious log-in activity on your accounts
  • Your email sending spam without your knowledge
  • Files disappearing or being encrypted (which could mean ransomware)

The good news is that in most cases, you can re-enable LSA Protection to mitigate your risk. It‘s important you do this as soon as possible to secure your device. I‘ll show you how.

How to enable LSA Protection and fix "Local Security Authority Protection is off"

Turning LSA Protection back on is usually a straightforward process. I recommend starting with the simplest method and then moving on to the more advanced fixes if needed.

Method 1: Enable LSA Protection from Windows Security

1. Open the Start menu and type in "Windows Security"
2. Select the Windows Security app
3. Click "Device security" on the left sidebar
4. Under "Core isolation" click "Core isolation details"
5. Enable the "Memory integrity" slider

LSA Protection should now be enabled! Restart your PC for it to take full effect.

If LSA Protection won‘t turn on or you still see the error after restarting, continue to method 2.

Method 2: Repair Windows Security

1. Right-click the Start button
2. Click "Apps and Features"
3. Select "App execution aliases"
4. Scroll to find "Windows Security" and click "Modify"
5. Click "Repair" and wait for the process to complete

Once done, go back and try enabling LSA Protection through Windows Security as shown in method 1. If still no success, it‘s time to move on to method 3.

Method 3: Modify Registry Values

Important: Making incorrect changes to the Windows Registry can cause serious issues with your device. Only follow these steps if you are comfortable editing the registry and have your device backed up.

  1. Press Windows Key + R to open the Run box
  2. Type in "regedit" and press Enter
  3. Navigate to:
    HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Lsa
  4. Find the "RunAsPPL" key
  5. If it‘s not there, right-click in the blank space, select New > DWORD (32-bit) Value and name it "RunAsPPL"
  6. Double-click the "RunAsPPL" entry and set the Value Data to "00000001"
  7. Click OK
  8. Find the "RunAsPPLBoot" key
  9. If it doesn‘t exist, create it the same way as "RunAsPPL"
  10. Set the "RunAsPPLBoot" Value Data to "00000001"
  11. Restart your PC

Check that LSA Protection is now enabled in Windows Security. If not or the "Local Security Authority Protection is off" error persists, the final option is to uninstall any recently installed Windows updates or software that may be conflicting with LSA Protection.

If none of the above methods work, I recommend consulting with an IT professional who can perform a deeper analysis and troubleshooting of your specific device and setup. There may be other underlying issues at play.

Additional Ways to Secure Your Windows PC

Enabling LSA Protection is an important step in securing your Windows sign-in credentials. But cyber criminals are constantly finding new ways to hack devices and steal sensitive data. It‘s crucial to take a multi-layered approach to security.

Here are some additional best practices I recommend to all my clients for keeping their Windows PCs secure:

  1. Keep your operating system and software up to date. Always install the latest Windows and application updates as soon as they become available, as they often contain important security patches.

  2. Use a strong, unique password for your Windows sign-in and all your accounts. I‘m talking at least 12 characters including a mix of upper and lowercase letters, numbers, and symbols. And never reuse passwords! Consider using a password manager to help you generate and securely store strong, unique passwords.

  3. Enable multi-factor authentication (MFA) wherever possible. MFA adds an extra layer of protection by requiring a second form of verification, such as a code from your phone, in addition to your password.

  4. Install and keep your antivirus software up to date. While Windows has built-in virus and threat protection, I still recommend using a reputable third-party antivirus for the best real-time scanning and removal of malware.

  5. Back up your data regularly, both to an external drive and to the cloud. This ensures you don‘t lose important files if your device is ever compromised or damaged. The 3-2-1 rule is a good one to follow – 3 copies of your data, 2 on different storage media, and 1 stored offsite.

  6. Enable BitLocker drive encryption. This built-in Windows feature encrypts your entire hard drive, protecting your data from being accessed if your device is lost or stolen.

  7. Be cautious clicking on links and downloading attachments, even if they seem to be from a legitimate source. Phishing scams are very common and can trick you into giving away sensitive info or installing malware. When in doubt, contact the supposed sender through a trusted means to verify before clicking or downloading.

  8. Secure your home Wi-Fi with a strong password and WPA2 encryption. Make sure to change the default admin password on your router. Avoid connecting to public Wi-Fi networks, but if you must, use a VPN to encrypt your traffic.

  9. Consider using a hardware security key for an even higher level of sign-in and account security. These physical devices plug into your PC‘s USB port and use cryptography to verify your identity, making it virtually impossible for remote hackers to breach your accounts.

  10. Regularly review your Windows Security settings, account activity, and installed programs. Remove any unused accounts and uninstall software you no longer need to minimize potential entry points for attackers.

In our rapidly evolving digital world, securing our devices and data must be an ongoing commitment. But by enabling important features like LSA Protection and following cybersecurity best practices, you can significantly reduce your risk and surf with greater peace of mind. Stay safe out there!

Did you like this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.