Protected Storage (System Services for the Windows Server 2003 Family and Windows XP Operating Systems)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Service Name: ProtectedStorage
Executable Name: lsass.exe
Log On As: LocalSystem, to allow this service to interact with the desktop
Description: The Protected Storage service protects the storage of sensitive information, such as private keys, and prevents access by unauthorized services, processes, or users. Protected Storage is a set of software libraries that allows applications to retrieve security and other information from a personal storage location, hiding the implementation and details of the storage itself.
The storage location provided by this service is secure and protected from modification. Protected Storage uses the Hash-Based Message Authentication Code (HMAC) and the Secure Hash Algorithm (SHA1) cryptographic hash functions to encrypt the user’s master key. This component requires no configuration.Protected Storage is an outdated service whose functions can now be performed by the Data Protection API (DPAPI), which is currently the preferred method for protected storage. Unlike DPAPI, the interface to Protected Storage is not publicly exposed. Protected Storage is needed to recover keys migrated from earlier versions of the Windows operating system. It is still needed for protecting keys in Internet Explorer and Outlook Express.
If this service is stopped or disabled, some migrations and earlier versions of applications might fail.
Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition.
Installed through: Default operating system installation
Startup type: Automatic
Service status: Started
This service depends on the following system components:
Remote Procedure Call (RPC)
The following system components depend on this service: None