batcmd.com Windows 10 Services

CNG Key Isolation - Windows 10 Service

The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.

This service also exists in Windows 11, 8 and Vista.

Startup Type

Windows 10 version Home Pro Education Enterprise
1507 Manual Manual Manual Manual
1511 Manual Manual Manual Manual
1607 Manual Manual Manual Manual
1703 Manual Manual Manual Manual
1709 Manual Manual Manual Manual
1803 Manual Manual Manual Manual
1809 Manual Manual Manual Manual
1903 Manual Manual Manual Manual
1909 Manual Manual Manual Manual
2004 Manual Manual Manual Manual
20H2 Manual Manual Manual Manual
21H1 Manual Manual Manual Manual
21H2 Manual Manual Manual Manual
22H2 Manual Manual Manual Manual

Default Properties

Display name:CNG Key Isolation
Service name:KeyIso
Type:share
Path:%WinDir%\system32\lsass.exe
File:%WinDir%\system32\keyiso.dll
Error control:normal
Object:LocalSystem

Default Behavior

The CNG Key Isolation service is running as LocalSystem in a shared process of lsass.exe. Other services might run in the same process. If CNG Key Isolation fails to start, the error is logged. Windows 10 startup proceeds, but a message box is displayed informing you that the KeyIso service has failed to start.

Dependencies

CNG Key Isolation is unable to start, if the Remote Procedure Call (RPC) service is stopped or disabled.

If CNG Key Isolation is stopped, the Extensible Authentication Protocol service fails to start and initialize.

Restore Default Startup Type of CNG Key Isolation

Automated Restore

1. Select your Windows 10 edition and release, and then click on the Download button below.

2. Save the RestoreCNGKeyIsolationWindows10.bat file to any folder on your hard drive.

3. Right-click the downloaded batch file and select Run as administrator.

4. Restart the computer to save changes.

Note. Make sure that the keyiso.dll file exists in the %WinDir%\system32 folder. If this file is missing you can try to restore it from your Windows 10 installation media.

Yea, though I walk through the valley of the shadow of death, I will fear no evil: for thou art with me; thy rod and thy staff they comfort me.