This error has been circulating on the internet but users cannot find a prompt solution. This is why we are writing this post to guide you through fixing the error once and for all, so you won’t keep seeing the notification every few seconds, even after restarting the device! Before we get into the troubleshooting phase, let’s see what this error message means.
What is Local Security Authority Protection
The Local Security Authority (LSA) is Microsoft’s feature for the Windows operating system, responsible for, but not limited to, managing and authorizing interactive logons to the computer. This feature was first introduced in Windows 8.1 and has been included in all the following Windows operating systems, and is enabled by default. LSA is also responsible for managing and enforcing local security policies on the computer, such as the maximum number of allowed attempts, lockout timing, etc. It also manages the audit policies and logs the events. With this, one of the important responsibilities of the Local Security Authority is to generate and grant access tokens. In simpler words, LSA protection secures the system by allowing authorized access and fends off credential theft by blocking unauthorized code injection into the “LSASS.exe” process – which is the process responsible for running the Local Security Authority protection feature inside the Windows OS.
How Local Security Authority Works
When a user enters their credentials on the Windows lock screen, the information is passed using the LSA to the Security Accounts Manager (SAM). SAM manages the SAM database, which stores the actual and correct user credentials for cross-referencing. SAM compares the provided credentials with those stored in the SAM database, and if the credentials match, SAM creates a logon session and returns a Security Identifier (SID) against the user account to the LSA. The LSA, in turn, grants an Access Token containing information about the user account, including the group(s) they are part of, and its rights and permissions. This is the level of involvement of the Local Security Authority while logging into the system.
Why is my Local Security Authority Protection Off?
As mentioned earlier, the Local Security Authority Protection feature is enabled by default on Windows OS. However, an error can disable it, even when it is showing as “enabled” in the Windows Security application. As per Microsoft documentation, a security update “KB5007651” released in March 2023 introduced the error to Windows 11 v22H2. At the time, the only workaround for this issue was to restart the computer and ignore the notification prompts if they still occurred. However, the issue was later fixed, for which we have provided a solution below. But that is not the only reason for this error to occur. Other issues like corrupted system files or malware can also cause the Local Security Authority protection to be disabled. Let us now continue to see how to fix the “Local Security Authority protection is off” error message from appearing and enabling the feature to protect your device.
Fix “Local Security Authority Protection is Off. Your Device may be Vulnerable” Error
Install Windows Security Update KB5007651
When Microsoft first released KB5007651 in March 2023, it introduced the aforementioned issue and Windows continued to show the “Local Security Authority protection is off” notification without mercy. However, this issue is now fixed when Microsoft republished KB5007651 for Windows 11 on 3rd May 2023. Note: Since this is a mandatory security update, the only way to install it is through Windows Update. Use the following steps to install KB5007651 and resolve the “Local Security Authority protection is off. Your device may be vulnerable” error once and for all: Since it is a small update, it should be installed almost instantly without the need for a system restart. However, to get rid of the “Local Security Authority protection is off” prompt, we advise that you restart your computer. The issue should likely be resolved by installing KB5007651. However, if the problem remains, continue to perform the remaining fixes below.
Restart Local Security Authority Protection
One solution is to disable the Local Security Authority Protection feature and then re-enable it. There are several ways to do this. Use any of the following methods to restart the Local Security Authority Protection feature.
Restart Local Security Authority Protection from Windows Security
Note: Microsoft has temporarily removed the Local Security Authority UI from the Windows Security app, but the feature is supported on Windows 11. Therefore, the ability to disable or enable Local Security Authority Protection from Windows Security is currently not available. However, you can still do it from the Group Policy or the Windows Registry (discussed below).
Restart Local Security Authority Protection using Group Policy
You can also disable and then re-enable LSA protection from the Group Policy Editor. Here is how: When the computer reboots, check if the error message has gone away and the issue has been resolved. If the issue persists, then you can restart the Local Security Authority protection feature from the Windows Registry.
Restart Local Security Authority Protection from Windows Registry
Follow the steps below to disable and then re-enable the LSA protection feature from the Windows Registry. This process has proven to work for many users and eliminates the repeated notification prompt of “Local Security Authority protection is off.” You can also use our top selection of disk imaging and backup software so you never lose your data or operating system again. Note: To avoid performing all of these steps manually, skip to the next section and use the command line or the .REG files to restart the LSA protection feature.
Restart Local Security Authority Protection using Command Line
Alternative to the steps in the section above, you can also restart the LSA protection feature using the Command Line. This includes Windows PowerShell, Command Prompt, and the Run Command box. This will disable the Local Security Authority protection feature.
Restart Local Security Authority Protection using .REG Files
You can also start the LSA protection feature by simply executing only 2 .REG files. Here is how: This should restart the LSA protection feature on your Windows PC. Now, check to see if the issue has been resolved. Turn off Local Security Authority Protection (362 bytes, 50 hits) Turn on Local Security Authority Protection (364 bytes, 60 hits) If you still see the same error message even when LSA protection is enabled, then there are a few other things you can do to fix it.
Repair Windows
Windows comes with preinstalled tools to help fix the OS. Apart from the built-in troubleshooter, you can find in the Settings app, Windows also comes with a Deployment Image Servicing and Management (DISM) tool, System File Checker (SFC), and a Check Disk (CHKDSK) utility, where each performs a different scan and attempts to automatically fix any glitches in the OS. Since the issue might be with a corrupted or missing system file, let us try repairing it. Run the following cmdlets in the given order in an elevated Command Prompt to attempt and repair the Windows operating system and fix corrupted files:
Final Thoughts
This article lists all of the methods to fix the “Local Security Authority protection is off. Your device may be vulnerable” error notification you keep seeing, or a prompt inside the Windows Security application. Additionally, Microsoft has removed the UI to enable or disable the Local Security Authority protection feature from inside the Windows Security app, but we have covered all the alternatives to restart it or enable it if already disabled. It is advisable to keep the LSA protection feature enabled, as it prevents unauthorized code injection into the LSASS.exe process and keeps your login credentials safe from being compromised. Let us know which solution worked for you in the comments below and let other readers get a head start on applying the same fix and resolving the problem.
