Talk:Local Security Authority Subsystem Service

LSA-Shell
According to Sysinternals (=Microsoft) Process Explorer, lsass.exe is called the LSA-Shell! Who came up with "subsystem", when microsoft itself calls it a shell(-service)? This needs to be fixed. Unfortunately i can't find the functiont rename this page. Anyone? -- 62.143.90.14 (talk) 10:02, 17 December 2007 (UTC)
 * Where on Sysinternals does it say that? I searched all over the Sysinternals blogs/site, and the one place I can find that mentions Lsass, it says it stands for LSA subsystem service. There are also these pages  published by Microsoft which reaffirm that LSASS stands for local authority subsystem service (that technical bulletin in particular looks quite authoritative and reliable). The "ss" suffix is a pattern that Microsoft seem to enjoy applying with their system processes (eg. csrss is the Win32 subsystem service, psxss is the POSIX subsystem service, smss is the Session manager subsystem service). --Oshah (talk) 23:18, 6 January 2008 (UTC)
 * Oh, I get it. You must have run Process Explorer yourself, looked in the Description column and saw that it said "LSA Shell (Export version)" (which is the string embedded in the lsass.exe file).
 * I generally wouldn't read too much into process image file names (example: the win32 subsystem for reasons known only to Microsoft called csrss). The entire LSA subsystem consists of more than just the process executable, it also consists of the DLLs lsasrv.dll, samsrv.dll, a bit of advapi32.dll, and the relevant registry keys, and that's what this article is about. --Oshah (talk) 23:30, 6 January 2008 (UTC)


 * FYI, "csrss" stands for "client/server runtime subsystem". I forget the details, but the name dates back to when the NT kernel was seen more as platform abstraction layer for a variety of OSes, and less as part of Microsoft Windows. — DragonHawk (talk|hist) 22:19, 29 March 2011 (UTC)

The article would be of more use to the general user if it said which parts of it refer to good aspects and which to bad ones. For example, if my virus checker says that a remote user has started an lsass process, should that be manually blocked? In general, what Microsoft might describe as "software improvements" begs the question of whom the "improvements" are meant to benefit - the user or Microsoft? —Preceding unsigned comment added by 62.30.56.43 (talk) 20:01, 8 February 2008 (UTC)

"If it is running from any other location, that lsass.exe is most likely a virus, spyware, trojan or worm" should be written "If it is running from any other location, then lsass.exe is most likely a virus, spyware, trojan or worm" (replace "that" with "then"). — Preceding unsigned comment added by 98.218.83.240 (talk) 18:49, 25 June 2018 (UTC)