Re: lsass.exe in CPU loop when logging in

Am having exactly the same issue, and am trying to resolve it.
Unfortunately removing all the encrypted files does not solve the
problem, lsass.exe just keeps on running (until it stops). Can anyone
give me any advice on solving this? As said, the CHIPER command shows
no encrypted files.

Also (or maybe connected to the above), I don't understand this part of
your post:
<<remove the contents of the Protect directory (on an XP system the
files are in a directory with a GUID for a name under the Protect
directory)>>

Can you elaborate?




Stewart Berman wrote:
Thank you. Moving the files into a Zip archive solved the startup problem.

Please note that before you do this you should run: CHIPHER /H /N /U
This will identify all encrypted files on your local drive. You need to decrypt them before you
remove the contents of the Protect directory (on an XP system the files are in a directory with a
GUID for a name under the Protect directory). Once you remove the contents of the directory you
cannot decrypt files that were encrypted earlier. You can still encrypt files after you empty the
directory and you will be able to decrypt those.

Stu

"Joe Hubele" <Joe Hubele@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Thanks to this posting, I realized I had also copied encrypted files causing
lsass.exe to take over the system for several minutes after logon. The
problem profile was a member of the administrators group and so I did not
suspect a security issue.

I decrypted the local files and disabled EFS but it did not help. After a
lot of searching and head scratching, I finally found a bunch of files under
C:\Documents and Settings\problemuser\Application Data\Microsoft\Protect in
one of the directories. The directory was created at the time the data was
pushed to the problem target system. In my case, it contained over 16,000
files. I moved the new directory out of the Protect directory to eliminate
the CPU hit after logon.

.

Relevant Pages

  • Re: lsass.exe in CPU loop when logging in
    ... If it is all user accounts you most likely have some ... If you can not logon ... Unfortunately removing all the encrypted files does not solve the ... remove the contents of the Protect directory (on an XP system the files ...
    (microsoft.public.windowsxp.security_admin)
  • Re: lsass.exe in CPU loop when logging in
    ... This will identify all encrypted files on your local drive. ... GUID for a name under the Protect directory). ... cannot decrypt files that were encrypted earlier. ... lsass.exe to take over the system for several minutes after logon. ...
    (microsoft.public.windowsxp.security_admin)
  • decrypting files without the sam db
    ... Is there any way to decrypt the encrypted files if I no longer have the same ... Many of the xp bruteforce crackers seem to rely on the key/database file, ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
    (Security-Basics)
  • cant copy encrypted files
    ... Is there any way to copy or decrypt encrypted files if I've got the ... another machine running XP. ... either in ubuntu or through the network from the client machine running XP. ... I can't run the cipher command to decrypt the files since I can't log on to ...
    (microsoft.public.windowsxp.general)
  • Re: Format and Reinstall
    ... Do you have a backup copy of the C: ... may be possible to decrypt the files, based on a KB article on the MS site. ... > access the encrypted files. ...
    (microsoft.public.windowsxp.security_admin)