How to Fix Local Security Authority Protection Issue in Windows 11

Navigating the Local Security Authority Protection Bug in Windows 11

Microsoft’s latest Windows 11 update introduced an infamous bug affecting the Local Security Authority (LSA) protection feature. Despite multiple user attempts to enable LSA protection, Windows persists in displaying concerning security notifications about the feature being disabled.

This false warning understandably gives users pause, as LSA protection plays a pivotal role in shielding the operating system from malware threats. With Microsoft confirming the bug’s legitimacy, affected Windows 11 users feel caught in limbo between ignoring erroneous notifications and implementing overly drastic workarounds.

By examining this issue through the lens of impacted users and experts across forums, we can map out a clear path forward. In this guide, we’ll explore LSA protection’s function, how this bug specifically manifests, and multiple methods to safely navigate around the issue while awaiting an official fix.

What is local security authority protection?

Protecting the Local Security Authority subsystem is one of the prime things you can do to protect your system and accounts from cybercriminals. Once you’ve enabled the Local Security Authority protection, you will have more control over cleartext password vulnerability and password dumping attacks Using Windows Registry Editor.

What is the difference between LSA and LSASS in Windows 11?

LSA is a security subsystem in Windows that manages security policies and authentication protocols, while LSASS is responsible for authenticating users and enforcing security policies on the system. Whether you are a system administrator or IT professional, it is essential to know how to enable the Local Security Authority process in Windows 11.

What is LSA Protection and Why Does it Matter?

The Local Security Authority (LSA) comprises the set of processes managing local security policies, including user authentication. LSA Protection reinforces the LSA, helping block unauthorized access attempts to sensitive credential data.

With LSA Protection disabled, Windows leaves an open door for malware and bad actors to infiltrate. By intercepting LSA operations, attackers can steal login credentials, impersonate users, and gain extensive reach across the system.

Given Windows 11’s expanded virtualization features enabling quick spin-up of multiple on-demand environments, this escalates the risks of lateral movement post-intrusion. Suffice to say, LSA Protection provides a crucial barrier against compromise.

Investigating the False Warning Bug

In March 2023, Microsoft pushed Windows update KB5007651 to deliver security enhancements for the Microsoft Defender antivirus platform. Unfortunately, this update also unintentionally triggered recurring erroneous notifications about LSA Protection being disabled.

Despite LSA remaining fully functional with protection enabled, Windows persists in prompting users to toggle it on and restart their devices. Many users find themselves stuck in a loop, where turning LSA Protection on and rebooting changes nothing. The false warning returns immediately after logging back in.

What if local security authority protection is not turning on or grayed out?

If the Local Security Authority protection setting is not turning on or grayed out in Windows Security, you can always follow the Registry Editor and Local Group Policy Editor methods to turn it on. You must know that it requires you to sign into your Administrator account in order to modify the respective setting.

How to enable local security authority in Windows 11?

You must be signed in as an administrator to enable the additional protection for Local Security Authority in Windows 11. Before you begin, make sure that you have installed the updates fro your Windows 11 OS and Microsoft Defender. is a built-in tool in Windows that constantly monitors the system for viruses, malware, and other security threats.

How to enable local security authority protection in Windows 10?

Reboot your PC to apply the changes. You can also enable the Local Security Authority protection using Windows Registry. However, make sure to back up your registry create a system restore point before you make any changes to your system through the Registry Editor. Restart your PC to apply the changes.

With no indication of actual compromise from the false notifications, users feel confused and frustrated. The inconvenience of constant prompts to reboot significantly impacts productivity.

Workarounds While Awaiting a Fix

Microsoft confirmed the LSA Protection bug traced definitively to KB5007651. The subsequent and broader March 2023 Patch Tuesday updates (KB5023706 and KB5023698) do NOT exhibit this issue.

Until an official fix emerges, users have multiple options to suppress the false warnings. We’ll cover several highly recommended methods below.

Verify LSA Protection is On and Dismiss Notifications

First and foremost, check Event Viewer to validate LSA Protection remains enabled, regardless of Windows Security’s false claim.

Event ID 1 shows it is on, while Event ID 2 indicates it is disabled.

Once you confirm protection is active, dismiss the recurring security notification prompting you to turn on LSA Protection and restart. Ignore any further prompts as they arise.

Toggle LSA Protection via Windows Security

Access the Windows Security application and navigate to the Device Security tab. Flip the toggle for "Local Security Authority Protection" to enable it.

What is local security authority (LSA) protection?

Read More. Local Security Authority (LSA) protection is an important Windows process that verifies a user’s identity. It manages necessary system credentials like passwords and tokens related to Microsoft accounts and Azure. You must enable the Local Security Authority protection if you want to protect your credentials from attackers.

How do I enable LSA protection in Windows 11?

In this post, we’ll cover three methods for enabling LSA Protection in Windows 11: Using the Windows Registry Editor. Using the Local Group Policy Editor. It’s important to note that you need to have administrator privileges to enable the extra protection for Local Security Authority in Windows 11.

Dismiss the restart notification. Although Windows will still insist you reboot unnecessarily, you’ll stop the bothersome prompt loop.

Enable LSA Protection Through the Registry

For advanced users, enabling LSA Protection via the Registry Editor offers another workaround. This involves creating two new DWORD values, "RunAsPPL" and "AllowRiskyServices," under this Registry path:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Set RunAsPPL to 1 and AllowRiskyServices to 0. Restart your PC afterwards.

Staying Secure Until the Bug is Squashed

With Microsoft working diligently on a proper fix, affected Windows 11 users can breathe easy. By verifying LSA Protection remains active and dismissing the false warnings, you can feel confident your device stays protected.

Periodically checking for Endpoint Security updates from Microsoft will ensure you get the bug-squashing patch as soon as it becomes available. In the meantime, leverage the workarounds to minimize disruption and carry on as usual.

How do I enable local security on Windows 11?

You can use it to manage security features on your Windows 11 device, including the Local Security Authority protection. Click on the Windows search bar and type ‘windows security’. option at the top of the search results. prompt that appears. Reboot your PC to apply the changes.

What is local security policy in Windows 11?

Local Security Authority (LSA) protection helps verify users’ logon and password changes and create access tokens related to Microsoft accounts and Azure, etc. To keep the PC safe, it should be enabled. [6 Ways] How to Open Local Security Policy in Windows 11? What is Local Security Policy? How to open it in the latest Windows 11?

How to fix windows 11 local security authority protection is off?

In addition, you can try to edit Windows Group Policy to solve Windows 11 Local Security Authority protection is off. Note that only Pro and higher support this way and Home Edition doesn’t have Local Group Policy Editor. Step 1: Type group policy in the search box and click Edit group policy.

How to fix “local security authority protection is off” error in Windows 11?

According to Microsoft, newer versions of Microsoft Defender Antivirus—Version 1.0.2306.10002 and later—fix the “Local Security Authority protection is off” error in Windows 11. Hence, installing all pending updates through Windows Update is the best way to deal with the issue.

The LSA Protection bug serves as an important reminder to carefully vet major Windows updates before installation. As eager as users are for the latest security features, unwanted bugs can occasionally slip through to cause headaches.

Patience and thoughtful troubleshooting keep us secure. Stay vigilant and lean on the ample Windows enthusiast forums out there, where helpful souls like us will get you through the rough spots!

For continued insights on navigating Windows, bookmark our site and subscribe to our newsletter below. Let us know in the comments if this guide helped resolve your LSA Protection issues.

References

1. https://www.systweak.com/blogs/fix-local-security-authority-protection-off/
2. https://www.makeuseof.com/local-security-authority-protection-off-security-windows/