The Protected Storage service protects sensitive information that is stored, such as private keys, and prevents access by unauthorized services, processes, or users. The service provides a set of software libraries that allow applications to retrieve security and other information from personal storage locations, and it hides the implementation and details about the storage.

The storage location that is provided by this service is protected from modification. The Protected Storage service uses the Hash-Based Message Authentication Code (HMAC) and the Secure Hash Algorithm 1 (SHA1) cryptographic hash function to encrypt the user's master key. This component requires no configuration.

If the Protected Storage service stops, private keys are inaccessible, the Certificate Services service does not operate, Secure/Multipurpose Internet Mail Extensions (S/MIME) and SSL do not work, and smart card logon fails.

This service is installed by default and its startup type is Manual.

When the Protected Storage service is started in its default configuration, it logs on by using the Local System account.

The Protected Storage service is dependent upon the following system components:

• Remote Procedure Call (RPC)
• DCOM Server Process Launcher
• RPC Endpoint Mapper