steveo69 0 Posted June 11, 2002 Hi can anyone tell me what LSASS.exe is and why it always accesses the web when I connect? thanks Steveo Share this post Link to post
Sampson 0 Posted June 12, 2002 Short answer Local Security Authority SubSystem. It performs the authentication of log-on credentials passed from the WinLogon process against the Security Account Manager or other authentication packages. In other words it is responsible for the local system security policy (such as which users are allowed to log on to the machine, password policies, privileges granted to users and groups, and the system security auditing settings), user authentication, and sending security audit messages to the Event Log. Lsas has a database that contains the local system security policy settings. This database is stored in the registry under HKLM\SECURITY. It includes such information as what domains are entrusted to authenticate logon attempts, who has permission to access the system and how (interactive, network, and service logons), who is assigned which privileges, and what kind of security auditing is to be performed. The Lsass policy database also stores "secrets" that include logon information used for cached domain logons and Win32 service user-account logons. It also checks TCP/IP connections It is also known to be the site of some hacker attacks utilizing pwdump2.exe which injects samdump.dll into the LSAS process to steal passwords. Share this post Link to post