(888) 881-CORE
In this article…
What is the Security Accounts Manager (SamSs) service?
The Security Accounts Manager service administers the database of user and group account information stored on your computer. The service helps to authenticate local and remote users logging on to your PC.
The service’s display name is SamSs and it’s hosted in the LSA process, lsass.exe. By default, the service is set to start automatically when your computer boots:
What happens if I stop SamSs?
The following services depend on SamSs:
KtmRm for Distributed Transaction Coordinator
That means that if you stop SamSs, those services will stop as well. And that may cripple your computer.
For example, if the Server service stops, file and printer sharing won’t work. Are those features important to you?
In any case, you may find it next to impossible to stop the SamSs service!
You will notice that the stop button is disabled in the Services application:
And the SC command informs us that the service is not stoppable, cannot be paused and ignores shutdown requests:
Apparently Microsoft really doesn’t want anyone to disturb the Security Accounts Manager service!
Is it OK to disable the Security Accounts Manager service?
The service’s description states:
Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.Indeed, Microsoft reiterates their recommendation to keep the service enabled on Windows Server 2016 (with Desktop Experience).
What happens if I kill the SamSs process (lsass.exe)?
The Security Accounts Manager service runs inside the lsass.exe process, which multiple services may share.
For example, here you see three services — SamSs, VaultSvc (Credential Manager), and Keyslo (CNG Key Isolation) — all running in the same instance of lsass.exe (with PID 708):
Because all three services are running in the same process, terminating the process will stop all three services.
That’s probably OK for the CNG Key Isolation service but Credential Manager is a building block for another three services. Be sure to understand the implication of terminating the Credential Manager service before killing the shared lsass process.
The SamSs service isn’t starting. Help!
If Security Accounts Manager failed to start, it is likely that the important Remote Procedure Call (RPC) service didn’t start either.
Open Services and check if someone has disabled the RPC service. If so, you should definitely re-enable it.
After that, try to start the RPC service. If that works, you can start SamSs next.
Questions? Problems?
If you would like to know more about the Security Accounts Manager service, or you have a specific problem, please feel free to get in touch. We will do our best to help you!
This article asks important, practical questions. Yet it does nothing to answer any of those questions. The text of this article repeats the services descriptions given by Windows. It also repeats that if the Security Accounts Manager is disabled, then the services dependent upon SamSs will fail to start. None of this goes beyond what I myself can see by looking at the information in Windows services. The information here is all redundant. What the article ought to describe is the actual result of stopping and disabling the SamSs service. The question is not: What does Windows say will happen? The question is: What will happen?
Thanks for your note, Joaquin.
Please be sure to let us and our know what happens as you answer the question you posed, to add to what we all know about the SamSs service!