iShield OpenSC Minidriver

Windows OS/Patch: Windows 11 23H2 & 24H2

LSA prevents the Swissbit OpenSC Minidriver from loading, and that minidriver is required for managing PIV smart card options on an iShield, adding/removing certificates & private keys, changing the smart card PIN.

Below error is shown:

The Microsoft Local Security Authority (LSA) was introduced as an optional protection mechanism in Windows 8.1 to defend against malware running on user’s computer. Starting with Windows 11 2023 H2 & 2024 H2 Microsoft turned LSA on by default.

Swissbit is currently working on obtaining official certification to operate on Windows when Local Security Authority (LSA) is enabled. If your Windows machine has already been updated to Windows 11 version 24H2 or 23H2, follow the steps below to disable LSA and restore the functionality of the OpenSC Minidriver

To disable LSA using Registry Editor

1. Press Win + R, type regedit, and press Enter. 
2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
   • Look for a key named RunAsPPL.
     • If it exists, double-click it and set Value data to 0.
     • If it does not exist, create a DWORD (32-bit) Value named RunAsPPL, then set it to 0 as follows: "RunAsPPL"=dword:00000000
3. Restart your computer.

To disable LSA using Group Policy

1. Open the Local Group Policy Editor by entering gpedit.msc.
2. Expand Computer Configuration > Administrative Templates > System > Local Security Authority.
3. Open the Configure LSASS to run as a protected process policy.
4. Set the policy to Disable.
5. Restart the machine