Share via

What is CNG KEY ISOLATION hosted by LSA process ?

Anonymous
2013-02-04T15:06:38+00:00

* Original Title: Windows for dummies :^)

What is CNG KEY ISOLATION hosted by LSA process ?

 I get a brief explanation that leaves more ? .. in the services in windows 7

  I need dummie talk to understand the tech that is mentioned in the description tag of services. The acronims mean what? the sevice does what "exactly" in laymans terms?

   Thx in advance for any enlightenment .

           Sincerely, Designation-Prototype.

Windows for home | Previous Windows versions | Windows update

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

  1. Anonymous
    2013-02-05T04:24:46+00:00

    Hi,

    Thank you for reaching out to the Microsoft Community!

    Based on the description, it appears that you want to know about CNG KEY ISOLATION.

    I will be glad to assist you with this.

    The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.

    Default Behavior

    The CNG Key Isolation service runs as LocalSystem in a shared process. It shares an executable file with other services. If the CNG Key Isolation fails to load or initialize, the error is recorded into the Event Log. Windows 7 startup should proceed, but a message box is displayed informing you that the Key Iso service has failed to start.

    Dependencies

    CNG Key Isolation will not start, if the Remote Procedure Call (RPC) service is stopped or disabled.

    If the CNG Key Isolation is stopped, the Extensible Authentication Protocol fails to start and initialize.

    If you have further questions on Windows, do not hesitate to let us know. It is our pleasure to be of assistance.

    20+ people found this answer helpful.
    0 comments

Answer accepted by question author

  1. Anonymous
    2013-04-09T14:13:57+00:00

    So, leave it stopped until we have an issue with it? Look for Key ISO errors, if you really have a problem with it

    9 people found this answer helpful.
    0 comments

20 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2013-08-07T13:01:50+00:00

    CNG stands for "Cryptography Application Programming Interface - Next Generation".

    A "Key" is a cryptographic token, for example, one generated from a wireless networking passphrase. "Isolation" is to do with Public Key Cryptography. Inside the Windows 7 operating system, public keys have to be kept separate from private keys and that is what the service is for.

    The most obvious use is wireless networking in Windows 7. Most wireless networks are encrypted. Due to a quirk in Windows 7, CNG Key Isolation is still needed to connect to open (ie unencrypted, no password/passphrase required) wireless networks. If CNG Key Isolation is stopped, you will just get a red X on the wireless connection icon in the System Tray.

    It is a Microsoft standard service, it comes with Windows 7 and it is safe to leave it started. To explain the rest of the answer:

    LSA stands for Local Security Authority Service. It is the part of Windows 7 that deals with Windows user accounts and file sharing server logons. "Common Criteria" refers to the International Standards Organisation's standard number 15408, known as "Common Criteria for Information Technology Security Evaluation". For those who are really interested, Microsoft's description of the "Cryptography Next Generation - Application Programming Interface" is here:

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa376210(v=vs.85).aspx

    100+ people found this answer helpful.
    0 comments
  2. Anonymous
    2013-10-27T12:03:11+00:00

    Your answer is too complicated.  He said he needed 'dummie talk', as most of us do.  I have no idea what any of that means and after reading it, I still have no clue what the process is for.

    Very uncomplicated version:    When you have a wireless system and your equipment and router has no cables, the wireless signals can be picked up by local people who are in range of you.   This means they could potentially use your ISP connection wirelessly too.   CNG, however, puts a secret encrypted password on the line which means that even tho they can access the internet wireless transmission, they couldn't read any text you type or send as it is encrypted.

    60+ people found this answer helpful.
    0 comments
  3. Anonymous
    2013-07-07T17:54:42+00:00

    Your answer is too complicated.  He said he needed 'dummie talk', as most of us do.  I have no idea what any of that means and after reading it, I still have no clue what the process is for.

    40+ people found this answer helpful.
    0 comments