Fixed: Local Security Authority Protection Off – Your Device May Be Vulnerable


The Local Security Authority protection on your Windows 11 PC is a crucial process that keeps your credentials secure. The idea behind LSA is to ensure that no loopholes in your security allow a third party to intercept your personal information. It is a process that authenticates the genuineness of your credentials before allowing you access to the system. 

While the effectiveness of the process is proven, there are times when a user finds the feature toggled off on the system. Sometimes, it is manually turned off because of the heavy nature of the process, while other times, it is toggled off after Windows or system updates. 

Turning on manually turned off LSA is easy, provided you know how to do it. On the other hand, if the process is closed by the system and it is done after every update, you may require serious actions to fix the error. 

Without this process, your PC may be vulnerable to interception and data theft. Hence, it is important to keep it ON. 

But how? Well, that is what we will share with you in this post. 

Ensure you read this until the end, as we will explain how to enable Local Security Authority Protection on your PC. You can enable these steps even when the system cannot do so. 

Let’s begin!

What is the LSA problem in Windows

The Local Security Authority feature keeps your PC protected from code-injecting malware and reduces the chances of credentials being compromised. It is a crucial error that this service is always running and makes sure that the PC is safe. The real problem that appears is that the Windows Defender incorrectly gives a notification that the LSA is not running or has stopped working. 

You may be thinking if the notification is incorrect and the service is still running, where is the issue? Well, the fake warnings often catch a user off-guard which leads to them making harmful decisions. These notifications are often a work of phishing attacks meaning as soon as users click on them, the script is injected, failing the purpose of LSA. 

Not to mention, the curiosity of a user about “What if the LSA is actually off?” is also a troublesome thought. Hence you should take things into your own hands and try to relaunch the Local Security Authority feature on your PC. 

If it is ON it will remain the same, and if it is OFF you will be able to turn it back on. EASY!

Local Security Authority Protection Off Warning on Windows – Why Does it Occur?

If that yellow exclamation mark in your security settings has appeared recently, chances are that the LSA process was affected by the recent turn of events on your PC.

Usually, the user turns off the Local Security Authority protection from the Task Manager as it appears to be a heavy process. However, if it is not manually disabled and is not running, there can be three reasons behind it – 

  1. A corrupt Windows Update was installed on your PC, which caused the LSA to go off.
  2. The Secure Boot settings have been accidentally reset on Windows. It is the basic security feature that, when disabled, affects other programs, including LSA.
  3. Due to unnecessary changes in Group Policy Editor, LSA is disabled.

These 3 are the most probable causes of Local Security Authority Protection not running on your Windows PC. As you can realize, all of these require a power user to understand and move ahead to fix. 

Check out our easy-to-execute fixes curated, especially for normal users below!

Ways to Resolve Local Security Authority Protection Off on Windows 11

Way #1 – Turn LSA ON Using Windows Security Application

The first and foremost way to enable LSA on your Windows PC is to follow the traditional path and toggle it ON manually via the security application. 

Here’s what you need to do – 

Step 1 – Open the Start Menu & Search for Security Application in Windows called “Windows Security.”

Search for Windows Security Application

Step 2 – In Windows Security, you will come across an option that says “Device Security” in the left panel of the screen. Device Security Option

Step 3 – From Device Security, click “Core Isolation details.”

Click on Core Isolation details

Step 4 – In Core Isolation, you will see the “LSA toggle.” Turn it ON, and you should be good to go. 

This is the basic method to enable LSA on your PC. If you cannot find the Local Security Authority Protection on the shared locations, do not worry. There are other ways explained below to turn it on. 

Read Also: Minecraft Error – ‘An Existing Connection Was Forcibly Closed by the Remote Host’ Fixed!

Way #2 – Enable LSA Protection Via Policy Editor on Windows

The Local Group Policy Editor is another way you can spot the LSA protection settings and enable them. Simply follow the steps given below – 

Step 1 – Press Windows+R on your keyboard to open the Run Search.
Step 2 – In the Run Search, use the command “GPEDIT.msc.”

GPEDIT command

Step 3 – After opening the local group policy editor, navigate to the following path – 

Computer Configuration\Administrative Templates\System\Local Security Authority

Step 4 – Following the above path, you can find the configured LSASS to run as a protected process.
Step 5 – Select the option mentioned above and right-click on it. You will find the enable option. Just click on it and restart your PC for changes to take effect. 

Way #3 – Use Registry Editor to Enable LSA

If the above method does not work, you can use the registry editor to sort your Local Security Authority Protection off situation. Many users say that after editing the RunAsPPL registry entry, their problem was fixed.

However, before you make any changes to the registry, we suggest taking a backup.

To do so, open the Registry Editor > click File > Export. Once the backup is created, follow the instructions below to enable LSA via Windows Registry.

Step 1 – Press Windows + R to open the run search.
Step 2 – In the run search, use the command “regedit.”

use command regedit in run search bar

Step 3 – This will open the registry editor for you.
Step 4 – In the registry editor, navigate to the following path – 


and look for the RunAsPPl entry as shown in the below image.


Step 5 – Double-click the RunAsPPL entry and change its Value Data to 2. Click Ok to save the changes.

Note : If you cannot find the RunAsPPL entry, create one by clicking New > select Dword (32-bit) Value. Name the entry as RunAsPPL. Double-click on it, and under the Value Data field, enter 2 and click Ok to save.

Step 6 – Next, click on the empty area, click New > select DWORD (32-bit) Value.

Dword value
Step 7 – Name the new registry as RunAsPPLBoot and click Ok.
Step 8 – Double click RunAsPPLBoot and change the Value Data to 2 > click Ok to apply changes.

create new DWORD entries with value 2 for both

Step 9 – Restart the PC. The Local Security Authority Protection is Off should be fixed.

However, if this does not help, we suggest changing the Value Data of RunAsPPLBoot to 1.

Now restart your PC and check the error must be fixed.

In case this does not work, there are chances that the Windows registry requires optimization. The best way to do that is to use a PC Optimization tool like Advanced System Optimizer. Instead of making unnecessary changes that may worsen the situation, the tool cleans only the invalid registry entries and helps optimize the registry for better performance. 

Check out this thorough guide on how and why you should consider optimizing your registries to learn more about it!

How do I Know if LSA is Enabled on PC

After trying all these fixes, if you want to verify if the Local Security Authority feature was successfully enabled on your PC or not, you can do the same by using the Event Viewer application on your Windows 11 PC. 

Everything you do is noted in the logs of Windows. Hence, the enablement of LSA is also recorded. After trying a fix, restart your PC, and after restarting it, go to the start menu to find Event Viewer. Here is a step-by-step guide – 

Step 1 – Go to the Start Menu and search – Event Viewer.

Search Event Viewer in Start Menu

Step 2 – In the Event Viewer, check the left pane and click on Windows logs to expand it.

Expanded Windows logs

Step 3 – In the Windows Logs, click on System to find all the recent system-related logs.

all recent system-related logs

Step 4 – In the System Logs, look for – wininit process with the following description –

12: LSASS.exe was started as a protected process with level: 4

After you have found the log, it can be confirmed that the LSA service was started. If you want to check first whether the service is enabled or not, you can use the same method and find the winnint process. 

Enable LSA Protection Instantly & Fix Your PC’s Security!

The 3 ways mentioned above are your best chances of enabling the Local Security Authority Protection on Windows 11. This is crucial as it keeps your private data confidential and safe from cyber-attacks. However, if they do not help, try uninstalling the latest Windows update, as sometimes it causes the issue. Press Windows + I to open Windows settings > click on Windows Update > scroll down to find Uninstall updates option > look for “KB5023706” update and click “Uninstall.” Restart the PC to apply the change and check the problem should now be fixed.

You can use any of the mentioned ways and enable LSA. Also, to keep the PC optimized and avoid any issues caused due to invalid registry, junk files, duplicates, viruses, etc, give Advanced System Optimizer a try.

That’ll be all for this post. Thanks for reading. Good luck!

FAQs –

Should You Disable Local Security Authority Protection?

No! Disabling the LSA on your Windows PC means leaving the door open for infectious scripts and malware to take over system files and properties. It can be difficult for the PC to protect itself from unwanted interaction, especially if you use the internet regularly on your PC.

Did Microsoft remove LSA protection?

Not yet. The LSA protection is still available on Windows 11. However, there was a bit of confusion when “local security authority protection is off” notifications appeared out of nowhere. To fix it, an update was rolled out where the settings in the KB5007651 Defender update were removed to ensure the confusing alerts would no longer be displayed in the Windows Settings app.

Recommended :

Is Microsoft Edge Running Slow? These Fixes Will Help Speed it up!
ChatGPT Not Working on PC – Here’s What You Can Do!

Share On :

About The Author

Dishank Sharma
Dishank Sharma

A creative tech-writer who loves to explore latest tech-trends & convey them to his readers in the simplest way possible. He loves to blend the crispness of technology with a pinch of creativity while curating best practices for the readers. In his free time, he likes to scribble poetry, listen to rap & travel.

Related Posts

2 thoughts on “Fixed: Local Security Authority Protection Off – Your Device May Be Vulnerable

  1. Avatar for Daz Daz says:

    Thanks for this! The only option that worked for me was to create the RunAsPPL/Boot entries. does this turn off the error and my PC is still at risk or does it indeed enable Local Security Authority Protection again?

    Many thanks

  2. Avatar for Preeti Seth Preeti Seth says:

    Dear Daz,

    Glad to know that your problem is resolved.

    If the value for RunAsPPL is set to 1, Local Security Authority Protection is enabled, and there is nothing to worry about.

    However, you can use an antivirus program to add an extra layer of protection.

    Thanks and Regards

Leave a comment

Your email address will not be published. Required fields are marked *

Seen on

View All