Local Security Authority Protection Is Off: How to Enable It

If Secure Boot is off, this issue might pop up

by Vladimir Popescu
Vladimir Popescu
Vladimir Popescu
Managing Editor
Being an artist his entire life while also playing handball at a professional level, Vladimir has also developed a passion for all things computer-related. With an innate fascination... read more
Reviewed by Alex Serban
Alex Serban
Alex Serban
Windows Server & Networking Expert
After moving away from the corporate work-style, Alex has found rewards in a lifestyle of constant analysis, team coordination and pestering his colleagues. Holding an MCSA Windows Server... read more
Affiliate Disclosure
  • LSA protection is a very important Windows process that helps to protect users' credentials as it keeps attackers off.
  • Windows update errors can however toggle off this form of protection.
  • The Windows built-in Security app can easily help you turn the feature back on.
local security authority protection is off

To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

One of the most important Windows processes that authenticate a user’s identity is the Local Security Authority (LSA) protection.

Some users turn the LSA off due to high CPU, but the PC becomes exposed to several threats. As requested by some of our readers, we have provided the methods to enable it.

Why is Local security authority protection off?

For one reason or the other, the LSA protection may wind up disabled and end up giving access to cyber criminals. Below are some of the reasons why local security authority protection is off:

  • Faulty Windows updates – Corrupt Windows updates are one of the main issues that may disable this feature.
  • Secure Boot is turned off – All the Secure Boot and UEFI-related configurations are reset if you disable Secure Boot. Turning off Secure Boot, in turn, disables the local security authority protection.
  • Windows Policy has disabled LSA – The LSA protection policy may be disabled from the configuration. Tweaking the Computer Configuration in the local group policy editor (gpedit.msc) can help to turn it back on.

Now that you know some of the factors responsible for disabling the local security authority protection, check out the solutions provided below to turn it back on.

What can I do if Local Security Protection is off?

Before proceeding to explore any of the advanced steps provided in this article, it is important to make some preliminary checks which may fix the issue quicker:

  • Ensure that you are signed in as an administrator to enable the additional protection for Local Security Authority in Windows 11.
  • Check your Windows Security app to enable LSA protection.
  • Ensure that your CPU virtualization is turned on.

Having confirmed the above checks, and none of them permanently fixes the problem, you can work through any advanced solutions below.

1. Use the Windows Security app

  1. Press the Windows key to open the Start Menu, type Windows Security in the search box, and press Enter.
  2. From the left pane, choose Device security. Under the Core isolation section, select the Core isolation details option.
  3. Enable the toggle under the Local Security Authority protection section.
  4. Then, click Yes in the UAC prompt that appears.
  5. Restart your PC to apply the changes.

Windows 11 Security is one of the ways you can prevent your system from cyber criminals. Below is another viable alternative if this does not work for you.

2. Use Registry Editor

  1. Press the Windows + R keys to open the Run dialog box. Type regedit in the dialog box and press Enter.
  2. In the Registry Editor, navigate to the following path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Then, double-click on RunAsPPL in the right pane. Change the Value data to 1 (or 2 as some users claim this worked for them) and press Enter.
  4. Restart your PC to apply the changes.

Before using the Registry Editor, make sure you back up your registry files or create a restore point to be safe in case it falls apart.

3. Via the Local Group Policy Editor

  1. Press the Windows + R keys to open the Run dialog box, type gpedit.msc, and press Enter.
  2. In the Local Group Policy Editor window, navigate to the following path: Computer Configuration\Administrative Templates\System\Local Security Authority
  3. On the right pane of the window, right-click the Configure LSASS to run as a protected process.
  4. Next, click on Enable.
  5. Under Options, select Enabled with UEFI Lock, then click Apply and OK to save the changes.
  6. Restart your device.

The Local Group Policy Editor is another option to enable local security authority protection. It is also important to create a system restore point before making any Windows Policy changes.

Some users also claim that signature verification could also be why LSA protection is off. So, if LSA is not signed as expected, you can explore this guide for further assistance.

And that’s how to re-enable Local Security Authority Protection if it is turned off. If you have any questions or suggestions, do not hesitate to use the comments section below.

Still having issues? Fix them with this tool:


If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: