In this article…
What is the Security Accounts Manager (SamSs) service?
The Security Accounts Manager service administers the database of user and group account information stored on your computer. The service helps to authenticate local and remote users logging on to your PC.
The service’s display name is SamSs and it’s hosted in the LSA process, lsass.exe. By default, the service is set to start automatically when your computer boots:
What happens if I stop SamSs?
The following services depend on SamSs:
KtmRm for Distributed Transaction Coordinator
That means that if you stop SamSs, those services will stop as well. And that may cripple your computer.
For example, if the Server service stops, file and printer sharing won’t work. Are those features important to you?
In any case, you may find it next to impossible to stop the SamSs service!
You will notice that the stop button is disabled in the Services application:
And the SC command informs us that the service is not stoppable, cannot be paused and ignores shutdown requests:
Apparently Microsoft really doesn’t want anyone to disturb the Security Accounts Manager service!
Is it OK to disable the Security Accounts Manager service?
The service’s description states:
Indeed, Microsoft reiterates their recommendation to keep the service enabled on Windows Server 2016 (with Desktop Experience).
What happens if I kill the SamSs process (lsass.exe)?
The Security Accounts Manager service runs inside the lsass.exe process, which multiple services may share.
For example, here you see three services — SamSs, VaultSvc (Credential Manager), and Keyslo (CNG Key Isolation) — all running in the same instance of lsass.exe (with PID 708):
Because all three services are running in the same process, terminating the process will stop all three services.
That’s probably OK for the CNG Key Isolation service but Credential Manager is a building block for another three services. Be sure to understand the implication of terminating the Credential Manager service before killing the shared lsass process.
The SamSs service isn’t starting. Help!
If Security Accounts Manager failed to start, it is likely that the important Remote Procedure Call (RPC) service didn’t start either.
Open Services and check if someone has disabled the RPC service. If so, you should definitely re-enable it.
After that, try to start the RPC service. If that works, you can start SamSs next.
If you would like to know more about the Security Accounts Manager service, or you have a specific problem, please feel free to get in touch. We will do our best to help you!