Local Security Authority (LSA)

Definition of Local Security Authority (LSA) in The Network Encyclopedia.

What is LSA (Local Security Authority)?

The central component of the security subsystem in the Microsoft Windows NT operating system. The Local Security Authority (LSA) is responsible for managing interactive logons to the system.

When a user attempts to log on locally to the system by entering a username and password in the logon dialog box, the logon process invokes the LSA, which passes the user’s credentials to the Security Accounts Manager (SAM), which manages the account information stored in the local SAM database.

The SAM compares the user’s credentials with the account information in the SAM database to determine whether the user is authorized to access the system. If it finds the user account information in the SAM database, the SAM authenticates the user by creating a logon session and returning the security identifier (SID) of the user and the SIDs of global groups of which the user is a member to the LSA.

The LSA then grants the user an access token that contains the user’s individual and group SIDs and their rights; these enable the user to access resources for which he or she has permissions.

The LSA is also responsible for other security-related functions, including the following:

  • Managing the local security policy on the computer, such as maximum number of logon attempts allowed and account lockout settings
  • Managing the audit policy on the computer and logging any events generated by the Security Reference Monitor
NOTE

In Windows 2000, Active Directory is functionally located within the LSA in the form of a module called the Directory Service module.