The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
|Windows Vista edition||without SP||SP1||SP2|
|Display name:||CNG Key Isolation|
CNG Key Isolation logs on as LocalSystem and runs in a shared process of lsass.exe. If CNG Key Isolation fails to start, the error is recorded into the Event Log. Windows Vista startup proceeds, but a message box is displayed informing you that the KeyIso service has failed to start. At least one service depends on CNG Key Isolation. Therefore I do not recommend you to disable it.
CNG Key Isolation will not start, if the Remote Procedure Call (RPC) service is stopped or disabled.
If CNG Key Isolation is stopped, the Extensible Authentication Protocol fails to start and initialize.
1. Select your Windows Vista edition and Service Pack, and then click on the Download button below.
2. Save the RestoreCNGKeyIsolationWindowsVista.bat file to any folder on your hard drive.
3. Right-click the downloaded batch file and select Run as administrator.
4. Restart the computer to save changes.
Note. Make sure that the
lsass.exe file exists in the
%WinDir%\system32 folder. If this file is missing you can try to restore it from your Windows Vista installation media.