Notices in Windows 11 regarding disabling the Local Security Authority (LSA), a process that enforces security policy in the operating system. LSA performs verification of users connecting to a Windows computer or server and handles password changes and creation of access tokens.
The use of LSA serves to prevent the theft of sensitive user information, such as login passwords. The feature is capable of blocking process memory dump and untrusted code injection. In this way, the tool ensures that only authorized users can gain access to critical data for user authentication and system security.
Windows 11 displays warning saying LSA is disabled
You can see recent reports of users complaining regarding the March Update (KB5023706) for Windows 11 22H2 being to blame for the warning bug regarding LSA being disabled. However, this problem occurs since the middle of January this year. When the warning appears, there are the following words:
Local security authority protection is disabled. Your device may be vulnerable.
The Microsoft technical support representative told one of the users:
There is a technical glitch with this feature, if you have successfully enabled this feature and are being asked to restart it, please note that the feature is enabled regardless of the message as this is a technical glitch that we are aware of and are working to resolve this issue. problem as soon as possible.
To find out if LSA was opened on your computer in protected mode, just look for the “WinInit” application and look in the operating system logs:
12: LSASS.exe was started as a protected process with level: 4
How to remove LSA protection alerts
Until a fix is available from Microsoft for the LSA failure warning in Windows 11, the user can add two new entries in the operating system registry and set them to “2”. With this, the LSA will be activated automatically following the next reboot and the warnings will no longer be displayed. Follow the step by step below:
Step 01: Open the “Registry Editor” application and go to the following address:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
Step 02: Add the following new DWORD entries by right-clicking:
RunAsPPL
RunAsPPLBoot
Step 03: Set the inputs to “2”.
Step 04: Restart the computer.