Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Is Lsass.exe the "heart" of the Active Directory engine?
Is Lsass.exe the "heart" of the Active Directory engine? [message #157286] Sat, 04 July 2009 19:26 Go to next message
Spin  is currently offline Spin
Messages: 37
Registered: July 2009
Member
Gurus,

Is Lsass.exe the "heart" of the Active Directory engine?

--
Spin
Re: Is Lsass.exe the "heart" of the Active Directory engine? [message #157287 is a reply to message #157286] Sat, 04 July 2009 20:04 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"Spin" <Spin@invalid.com> wrote in message
news:7ba6s6F22umqkU1@mid.individual.net...
> Gurus,
>
> Is Lsass.exe the "heart" of the Active Directory engine?
>
> --
> Spin

From security bulletin MS04-11:

Local Security Authority Subsystem Service (LSASS) provides an interface for
managing local security, domain authentication, and Active Directory
processes. It handles authentication for the client and for the server. It
also contains features that are used to support Active Directory utilities.


--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: Is Lsass.exe the "heart" of the Active Directory engine? [message #157288 is a reply to message #157286] Sun, 05 July 2009 03:36 Go to previous messageGo to next message
Syed Khairuddin  is currently offline Syed Khairuddin  Saudi Arabia
Messages: 77
Registered: June 2009
Member
Hello,

Lsass.exe is actually a Core Component for Windows Security
System.

Thanks
Re: Is Lsass.exe the "heart" of the Active Directory engine? [message #157291 is a reply to message #157286] Sun, 05 July 2009 07:07 Go to previous message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Spin,

The heart of security, doesn't matter if local computer or domain member.

"Local Security Authority (LSA)
The LSA Subsystem Service (LSASS) is the security subsystem in Windows that
is responsible for:

User authentication.
Local system security policy, which controls who can log on to the computer,
password policies, privileges that are granted to users and groups, and the
system security auditing settings.
Sending security audit messages to the event log.
User authentication in the LSASS is performed with security packages that
are dynamically loaded at run time. There are two basic types of security
packages; one is an authentication package that is accessed through a set
of APIs, which are referred to as the LSA API. The other is named Security
Support Provider (SSP), which is accessed through the Security Support Provider
Interface (SSPI).

The LSA API is used for local authentication on a workstation or server.
This API is called when you enter a user name and password at the CTRL+ALT+DEL
login prompt, or when you use the Win32 LogonUser function that is available
through the advapi32dll."

From: http://msdn.microsoft.com/en-us/library/aa480609.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Gurus,
>
> Is Lsass.exe the "heart" of the Active Directory engine?
>
Previous Topic:DCPROMO then change IP?
Next Topic:Tool to list group members
Goto Forum:
  


Current Time: Fri Oct 20 02:59:06 EDT 2017

Total time taken to generate the page: 0.03773 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software