batcmd.com Windows Vista Services

CNG Key Isolation - Windows Vista Service

The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.

This service also exists in Windows 10, 7 and 8.

Startup Type

Windows Vista edition without SP SP1 SP2
Starter Manual Manual Manual
Home Basic Manual Manual Manual
Home Premium Manual Manual Manual
Business Manual Manual Manual
Ultimate Manual Manual Manual

Default Properties

Display name:CNG Key Isolation
Service name:KeyIso
Type:share
Path:%WinDir%\system32\lsass.exe
Error control:normal
Object:LocalSystem

Default Behavior

CNG Key Isolation logs on as LocalSystem and runs in a shared process of lsass.exe. If CNG Key Isolation fails to start, the error is recorded into the Event Log. Windows Vista startup proceeds, but a message box is displayed informing you that the KeyIso service has failed to start. At least one service depends on CNG Key Isolation. Therefore I do not recommend you to disable it.

Dependencies

CNG Key Isolation will not start, if the Remote Procedure Call (RPC) service is stopped or disabled.

If CNG Key Isolation is stopped, the Extensible Authentication Protocol fails to start and initialize.

Restore Default Startup Type for CNG Key Isolation

Automated Restore

1. Select your Windows Vista edition and Service Pack, and then click on the Download button below.

2. Save the RestoreCNGKeyIsolationWindowsVista.bat file to any folder on your hard drive.

3. Right-click the downloaded batch file and select Run as administrator.

4. Restart the computer to save changes.

Note. Make sure that the lsass.exe file exists in the %WinDir%\system32 folder. If this file is missing you can try to restore it from your Windows Vista installation media.