Please wait,
Processing your request...

    0%
  Business logo VanSoest.it mourning
  ... | Selecteer de Nederlandse taal | Print this page. | Linkedin page of Johan van Soest | User: Guest | Login

Postcard image. Click this to mail to Johan

WebHalla
 Content
  Management
   System


ICT-Hotlist Topic

Back to the ICT-Hotlist...
Don't miss latest updates Follow @WebHalla

Clear Pagefile.sys

Did you realize that your pagefile can contain sensitive information such as passwords and credit card numbers in plain text? It is easy to increase security to automatically clear this file whenever you shutdown your PC. I will provide two solutions, the first with group policies and the second one can directly use on your computer with the registry.

Group policy solution

This policy setting determines whether the virtual memory paging file is cleared when the device is shut down. Virtual memory support uses a system paging file to swap pages of memory to disk when they are not used. On a running device, this paging file is opened exclusively by the operating system, and it is well protected. However, devices that are configured to allow other operating systems to start should verify that the system paging file is cleared as the device shuts down. This confirmation ensures that sensitive information from process memory that might be placed in the paging file is not available to an unauthorized user who manages to directly access the paging file after shutdown.
Important information that is kept in real memory might be written periodically to the paging file. This helps devices handle multitasking functions. A malicious user who has physical access to a server that has been shut down can view the contents of the paging file. The attacker can move the system volume into a different computer and then analyze the contents of the paging file. This is a time-consuming process, but it can expose data that is cached from RAM to the paging file. A malicious user who has physical access to the server can bypass this countermeasure by simply unplugging the server from its power source.
Set this policy to Enabled. This causes Windows to clear the paging file when the system is shut down. Depending on the size of the paging file, this process might take several minutes before the system completely shuts down. This delay in shutting down the server is especially noticeable on servers with large paging files. For a server with 2 gigabytes (GB) of RAM and a 2-GB paging file, this setting can add more than 30 minutes to the shutdown process. For some organizations, this downtime violates their internal service level agreements. Use caution when implementing this countermeasure in your environment.
Policy location:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Possible values
  • Enabled
    The system paging file is cleared when the system shuts down normally. Also, this policy setting forces the computer to clear the hibernation file (hiberfil.sys) when hibernation is disabled on a portable device.
  • Disabled
  • Not defined

The registry solution

Warning:This solution modifies the Windows registry. Back up the registry before you modify it. Then, you can restore the registry if a problem occurs.
Start "Regedit" with administrative rights and navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
You should see a "ClearPageFileAtShutdown" setting in the right pane. If you don't, right-click the "Memory Management" key in the left pane, select New > DWORD (32-bit) Value, and enter "ClearPageFileAtShutdown" as the name.
Double-click the "ClearPageFileAtShutdown" value, set enter "1" in the value data box, and press Enter.
Close "Regedit"
You may vote your opinion about this article:


Scripts and programming examples disclaimer

Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware. You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation. However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.
Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data. Make sure you have verified full backups and the associated restore software available before running any script or programming example. Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
Generated by WebHalla™ Version 0.1.e.5 : Monday 20-9-2021 © Copyright 1995-2021 ing. Johan P.G. van Soest CIPM Certified Privacy Information Manager
Response Form    Cookie- and Privacy statement
Weather in Waalre by OpenWeatherMap logo broken clouds
Temperature 12.12 °C broken clouds
Wind chill 11.5 °C broken clouds
Humidity 81 % broken clouds
Air pressure 1017 hPa broken clouds
Wind speed 3.09 m/s broken clouds
Wind direction East East broken clouds
Sun Rise 7:21 Sun Rise
Sun Set 19:42 Sun Set
Updated:2021-09-20 02:14:47 broken clouds