What is lsass.exe?
The process lsass.exe is the Local Security Authentication Server. It is a safe file from Microsoft and is responsible for security policy enforcement within the operating system, verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens. It also writes to the Windows Security Log.
Whenever a user tries to access the computer, lsass checks if the user's identification is valid or not. The system uses lsass.exe to prevent unwanted users from accessing any private information. Also the file lsass handles user password modifications. If authentication is successful, lsass generates the user's access token, which is used to launch the initial shell. This token includes the file's security descriptor, which contains the necessary information to process user authentication.
Forcible termination of this windows process will result in the Welcome Screen losing its accounts and you will be prompted to restart your computer.
This might happen if the Authenticated Users group doesn't have the Read permission and the Apply Policy permission to access at least one GPO that is applied to domain computers. To fix this problem, you will need to grant the Authenticated Users group the Read permission and the Apply Policy permission to the default domain policy.
In most cases, lsass.exe system error and lsass.exe application error make the computer unusable, because the user authentication token cannot be obtained from the server.
In some cases, the error may be caused by a trojan, that camouflages itself as the lsass process. If the system is not infected, the error is caused by missing or corrupt configuration file and Registry entries. You can fix the Registry using the free Auslogics Registry Cleaner.
Lsass Virus
Malware often pretends to be lsass.exe. For example, the Sasser worm found a vulnerability in LSASS and spreads via a remote buffer overflow in Windows XP and Windows 2000 computers. This worm can spread without any interaction with humans, nor does it 'travel by email' like many other worms. Scan your computer with Auslogics Antivirus to make sure it's not infected.
If your computer enters a reboot loop because of an lsass.exe error, you get an lsass.exe error when trying to change your password, or the errors are caused by an infections, do the following:
- After booting into Windows quickly click Start and then Run
- Type in shutdown -a and press Enter.
This will prevent your computer from restarting continuously.
Now try scanning your PC with an up-to-date anti-virus program in Safe Mode (tap F8 repeatedly during startup). Also make sure that you have all Windows updates installed. If this doesn't help, you might need to do a Windows repair or a clean Windows install.
Fix the "lsass.exe unable to locate component" Error
Sometimes Windows XP Home Edition computers get this error after a reboot: lsass.exe unable to locate component. Usually this error pops up after a very lengthy boot, then the screen turns dark and only the cursor is visible. This problem occurs because the Ntdsapi.dll file cannot be found.
Here's how you can solve this problem:
1. Insert the Windows XP disk in the CD drive or DVD drive on the computer. Press and hold down the SHIFT key as you insert the disk to prevent the Windows XP installation from automatically starting.
2. Click Start, click Run, type in expand CD drive:\i386\ntdsapi.dl_ %SystemRoot%\windows\system32\ntdsapi.dll, then click OK
CD drive represents the drive letter of the CD drive or DVD drive that contains the Windows XP disk. For example, if the letter of the CD drive or DVD drive is E, type the following, and then click OK: expand E:\i386\ntdsapi.dl_ %SystemRoot%\windows\system32\ntdsapi.dll
Make sure that there is a character space between "ntdsapi.dl_" and "%SystemRoot%."
3. Click Start, click Run, type in cmd, click OK.
4. At the command prompt, type in xcopy c:\windows\servicepackfiles\i386\ntdsapi.dll c:\windows\system32 and then press ENTER
Important: The lsass.exe file should be in the C:\Windows\System32 folder. If you find it anywhere else, then lsass.exe could be a virus, trojan, worm, or spyware! Scan your computer with Auslogics Antivirus to make sure it's not infected.