Hi,
A local account security problem affects Windows 11 following a faulty update
To solve see here:
For info:
Windows 11, version 22H2 supports additional protection for the Local Security Authority (LSA) process to prevent code injection that could compromise credentials.
Windows has several critical processes to verify a user’s identity. The LSA is one of those processes, responsible for authenticating users and verifying Windows logins. It is responsible for handling user credentials, like passwords, and tokens used to provide single sign-on to Microsoft accounts and Azure services. Attackers have developed tools and have abused Microsoft tools to take advantage of this process to steal credentials. To combat this, additional LSA protection will be enabled by default in the future for new, enterprise-joined Windows 11 devices making it significantly more difficult for attackers to steal credentials by ensuring LSA loads only trusted, signed code.
I personally had to manually enable LSA with the registry tweak.
The RunAsPPL entry was there in the registry but not the RunAsPPLBoot. Adding this entry fixed the issue.
Registry entries from your Enable/Disable link:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“RunAsPPL”=dword:00000002
“RunAsPPLBoot”=dword:00000002
Eric
1 Like
If messing around with the registry is too tricky, you can run the following PowerShell script in administrator mode.
It will make the necessary changes to the registry.
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f;reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f;
1 Like