This policy setting controls the configuration under which the Local Security AuthoritySubsystem Service (LSASS) will load custom Security Support Provider/Authentication Package (SSP/AP). The recommended state for this setting is: Disabled . Potential Impact: Custom Security Support Provider/Authentication Packages will not be permitted to load this may impact some legitimate third-party packages. Fix: (1) GPO: Computer Configuration\Policies\Administrative Templates\System\Local Security Authority\Allow Custom SSPs and APs to be loaded into LSASS (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa:ConfigureLsaProtectedProcess

[Disable/Enable]

(1) GPO: Computer Configuration\\Policies\\Administrative Templates\\System\\Local Security Authority\\Configures LSASS to run as a protected process (2) REG: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa:ConfigureLsaProtectedProcess