Fix: Local Security Authority Protection Is Off on Windows 11
If Secure Boot is off, this issue might pop up
- LSA protection is a very important Windows process that helps to protect users' credentials as it keeps attackers off.
- Windows update errors can, however, toggle off this form of protection.
- If you try all the solutions in this guide and the problem persists, you should consider waiting it out, as a future update may fix it.
One of the most important Windows processes that authenticate a user’s identity is the Local Security Authority (LSA) protection.
Some users turn the LSA off due to high CPU, but the PC becomes exposed to several threats. As some of our readers requested, we have provided the methods to enable it.
Why is Local security authority protection off?
For one reason or the other, the LSA protection may wind up disabled and give access to cyber criminals. Below are some of the reasons why local security authority protection is off:
- Faulty Windows updates – Corrupt Windows updates are one of the main issues that may disable this feature.
- Secure Boot is turned off – All the Secure Boot and UEFI-related configurations are reset if you disable Secure Boot. Turning off Secure Boot, in turn, disables the local security authority protection.
- Windows Policy has disabled LSA – The LSA protection policy may be disabled from the configuration. Tweaking the Computer Configuration in the local group policy editor (gpedit.msc) can help to turn it back on.
What happens if Local Security Authority protection is off?
As we outlined above, the LSA protection protects your PC from threats, and if the feature is off, your device is exposed.
Now that you know some factors responsible for disabling the local security authority protection, check out the solutions below to turn it back on.
What can I do if Local Security Protection is off?
Before proceeding to explore any of the advanced steps provided in this article, it is essential to make some preliminary checks which may fix the issue quicker:
- Ensure you are signed in as an administrator to enable the additional protection for Local Security Authority in Windows 11.
- Check your Windows Security app to enable LSA protection.
- Ensure that your CPU virtualization is turned on.
Expert tip:
SPONSORED
Some PC issues are hard to tackle, especially when it comes to missing or corrupted system files and repositories of your Windows.
Be sure to use a dedicated tool, such as Fortect, which will scan and replace your broken files with their fresh versions from its repository.
Having confirmed the above checks, and none permanently fixes the problem, you can work through any advanced solutions below.
1. Use the Windows Security app
- Press the Windows key to open the Start Menu, type Windows Security in the search box, and press Enter.
- From the left pane, choose Device security. Under the Core isolation section, select the Core isolation details option.
- Enable the toggle under the Local Security Authority protection section.
- Then, click Yes in the UAC prompt that appears.
- Restart your PC to apply the changes.
Windows 11 Security is one of the ways you can prevent your system from cyber criminals. Below is another viable alternative if this does not work for you.
2. Use Registry Editor
- Press the Windows + R keys to open the Run dialog box. Type regedit in the dialog box and press Enter.
- In the Registry Editor, navigate to the following path:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Then, double-click on RunAsPPL in the right pane. Change the Value data to 1 (or 2 as some users claim this worked for them) and press Enter.
- Repeat step 3 for the RunAsPPLBoot entry. You may create DWORD entries for RunAsPPLBoot and RunAsPPL if you do not have them.
- Restart your PC to apply the changes.
Before using the Registry Editor, back up your registry files or create a restore point to be safe if it falls apart.
3. Via the Local Group Policy Editor
- Press the Windows + R keys to open the Run dialog box, type gpedit.msc, and press Enter.
- In the Local Group Policy Editor window, navigate to the following path:
Computer Configuration\Administrative Templates\System\Local Security Authority
- On the right pane of the window, right-click the Configure LSASS to run as a protected process.
- Next, click on Enable.
- Under Options, select Enabled with UEFI Lock, then click Apply and OK to save the changes.
- Restart your device.
The Local Group Policy Editor is another option to enable local security authority protection. It is also important to create a system restore point before making any Windows Policy changes.
Some users also claim that signature verification could also be why LSA protection is off. So, if LSA is not signed as expected, you can explore this guide for further assistance.
And that’s how to re-enable Local Security Authority Protection if it is turned off. If you have any questions or suggestions, please use the comments section below.
Still experiencing issues?
SPONSORED
If the above suggestions have not solved your problem, your computer may experience more severe Windows troubles. We suggest choosing an all-in-one solution like Fortect to fix problems efficiently. After installation, just click the View&Fix button and then press Start Repair.