
close
close
Windows Server 2012 R2 and Windows 8.1 include updates to the Local Security Authority (LSA), which is responsible for processing local and remote user logins, to help mitigate Pass the Hash (PtH) attacks, in which hackers attempt to capture user password hashes from memory to log in without knowing plaintext passwords.
In Windows 8.1 and Server 2012 R2, lsass.exe can be made a protected process, and hashes are no longer stored in memory to make it much harder for hackers to compromise user credentials. With the exception of Windows 8.1 RT, this new functionality is disabled by default and must be enabled in the registry or using Group Policy. Lsass.exe does not run as a protected process out-of-the-box, because it might cause compatibility problems with some applications, so you must test thoroughly before enabling LSA protection.
advertisment
If computers in your organizations have Secure Boot enabled, i.e. they are running Windows 8.1 or Server 2012 R2 with Secure Boot enabled in the UEFI firmware, you should be aware that when the registry key for LSA protection is set, either using a registry editing tool or Group Policy, the LSA protection setting is also stored in the UEFI firmware and cannot later be modified in Windows. At the time of writing this article, there is no tool to modify this setting in the UEFI firmware, so once set in Windows, there is no means to disable LSA protection if Secure Boot is enabled.
To enable LSA protection in Windows 8.1 or Windows Server 2012 R2, log on to the device as a local administrator:
If you want to be sure that lsass.exe is running as a protected process, follow the steps below.
advertisment
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft's New Security Experts Service Protects Businesses Against Ransomware Attacks
May 9, 2022 | Rabia Noureen
Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms
May 5, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group