* '''LSASS (Local Security Authority Subsystem Service)''': The process that enforces the security policy and handles authentication and logon requests. * '''Security Packages''': Modules that extend LSA capabilities, such as Kerberos, NTLM, and Negotiate. * '''Security Tokens''': Objects that contain user credentials and group memberships, used for access control.
* '''Authentication''': Verifies user credentials during the logon process. * '''Authorization''': Determines user permissions and access rights to resources. * '''Security Policy Management''': Enforces policies for password complexity, account lockout, and auditing. * '''Single Sign-On (SSO)''': Facilitates seamless access to multiple resources without requiring re-authentication. * '''Auditing and Logging''': Tracks security-related events for monitoring and compliance.
* Use Task Manager or Process Explorer to monitor the `lsass.exe` process.
* Open the Local Security Policy editor (`secpol.msc`). * Navigate to `Account Policies` > `Password Policy` or `Account Lockout Policy` to set desired security policies.
* Configure Kerberos or NTLM settings via Group Policy to manage how LSA handles authentication protocols. * Open the Group Policy Management Console (`gpmc.msc`) and navigate to `Computer Configuration` > `Policies` > `Windows Settings` > `Security Settings` > `Account Policies`.
* Open the Local Security Policy editor (`secpol.msc`). * Navigate to `Local Policies` > `Audit Policy` to enable auditing for logon events, account management, and other security-related activities.