Services Utility: Protected Storage Service
Display Name (?): | Protected Storage | ||||||||||||||
Short Name (?): | ProtectedStorage | ||||||||||||||
Executable (?): | lsass.exe | ||||||||||||||
Library (?): | None. | ||||||||||||||
Depends On (?): | Remote Procedure Call (RPC) | ||||||||||||||
Supports (?): | None. | ||||||||||||||
Description (?): | Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. | ||||||||||||||
OS (?): | NT4 Workstation, 2000 Professional, XP Home/Professional, Vista Home/Business, NT4 Server, 2000 Server, Server 2003, Vista Server | ||||||||||||||
Startup (?): |
| ||||||||||||||
Explanation (?): | The protected storage service is used in providing a means for applications to store information in an encrypted form. This information is encrypted using the Hash-Based Message Authentication Code (HMAC) that encrypts the master key with the SHA1 hash function. This is useful since it provides a common means for applications to store their information so that they don't have to create their own security algorithm since they could make a mistake writing theirs and create a security hole. The data itself is stored in the registry in a common location under HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider. The implementation of the protected storage service itself is hidden from the user and the application as they just pass it information through its outward functions. This service should be kept on automatic unless you have a good reason to alter it. Since this service is used in authenticating passwords any program that makes use of this Windows feature will require it to be running. A common example of a program that uses this service is Outlook (Express and the full version that comes with Office). In fact, if your account is altered it is possible that you may lose access to your protected storage information and you may not be able to store or retrieve data from the registry. This is usually due to either invalid permissions on the registry keys in the protect storage folder. |