Ralph Bryce
ralph at inweb.co.uk
Sun Dec 14 06:49:24 CST 2003
John At 15:50 13/12/2003, you wrote: >But I wanted to know is what specific functions it performed that someone >could be attempting to use it to break into my computer. > >So by "local" security authentication server does it mean that it is used >only for my internal network or does it have some bearing on internet >communications also? Just thinking that my firewall should be completely >masking any internal functions and if it isn't used by internet >communications I have a hole. I have a dialup connection to the internet. I'm no expert, but I think it refers to the local machine here's a bit more on the subject... LSASS.EXE is the Local Security Administration Subsystem and it does a lot more. As the Local Security Authority component of the Windows NT Security Subsystem, it handles all aspects of security administration on the local computer, including access and permissions, and also works with the domain controllers for validation when and if needed. Validation in Windows is performed by a protected subsystem called the Local Security Authority (LSA) which maintains information about all aspects of local operating system security. In addition to providing interactive user authentication services, the LSA does the following: * Manages local security policy. * Manages audit policy and settings. * Generates tokens that contain user and group information as well as information about the security permissions for the user. The LSA validates your identity based on which entity issued your account. If it was issued by: * LSA. The LSA can validate your information by checking its own Security Accounts Manager (SAM) database. Any workstation or member server can store local user accounts and information about local groups. However, these accounts can only be used for accessing that workstation or computer. * Security authority for the local domain </technet/prodtechnol/winxppro/reskit/gloss_rk_pro.asp?frame=true> or for a trusted domain. The LSA contacts the entity that issued your account and asks it to verify that the account is valid and that you are the account holder. From KB Article 308356: The Lsass.exe process is responsible for management of local security authority domain authentication and Active Directory management. This process handles authentication for both the client and the server, and it also governs the Active Directory engine. The Lsass.exe process is responsible for the following components: Local Security Authority Net Logon service Security Accounts Manager service LSA Server service Secure Sockets Layer (SSL) Kerberos v5 authentication protocol NTLM authentication protocol Hope this is of some help. Perhaps someone more knowledgeable might chip in... Regards, Ralph Bryce