Friday, December 2, 2016

Clear Your Page File @ Shutdown

How to Make Windows Clear Your Page File at Shutdown (and When You Should)




Windows uses a paging file, also known as a page file, as additional virtual memory when your RAM fills up. Windows can clear your page file every time you shut down, ensuring no sensitive data is left in the page file on the drive.


How This Works


When you shut down your computer, the system’s RAM is always erased—it’s erased whenever it loses power. But the page file isn’t. If you’re worried about someone snooping for sensitive data that may be left in your page file, Windows can erase it each time you shut down. It does this by writing 0’s to every bit of the page file, overwriting any existing data. If someone pulls the hard drive from your computer, they can’t inspect the page file to find any potentially sensitive data that may have been stored in memory.

There’s a real downside to enabling this feature. It will make your computer take much longer to shut down. Your shutdown time may go from a few seconds to a few minutes, or even longer. It depends on how fast your computer’s hard drive is and how large your page file is. This is why Windows doesn’t automatically clear the page file at shutdown by default. It’s a trade-off, and one most people wouldn’t want.

We Recommend Encryption Instead


Rather than rely on clearing your page file, we recommend setting up full-disk encryption on your Windows PC, if possible. If your page file is stored on an encrypted drive, you don’t have to wipe it each time you shut down—the page file will be encrypted, too. That means no one can pull the drive and attempt to examine the page file without having your encryption key.

More importantly, encryption also prevents attackers from looking at all the other files on your hard drive. But, if you store your page file on an unencrypted drive, or if an organization uses thin-client systems, this option can be useful.

Home Users: Erase the Page File on Shutdown with the Registry Editor

If you have a Home edition of Windows, you will have to edit the Windows registry to make these changes. You can also do it this way if you have Windows Pro or Enterprise, but just feel more comfortable working in the Registry as opposed to Group Policy Editor. (If you have Pro or Enterprise, though, we recommend using the easier Group Policy Editor, as described in the next section.)

Standard warning: Registry Editor is a powerful tool and misusing it can render your system unstable or even inoperable. This is a pretty simple hack and as long as you stick to the instructions, you shouldn’t have any problems. That said, if you’ve never worked with it before, consider reading about how to use the Registry Editor before you get started. And definitely back up the Registry (and your computer!) before making changes.

First, open the Registry Editor by pressing Windows+R, typing “regedit” into the Run dialog that appears, and pressing Enter.



Use the left sidebar to navigate to the following key.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management



You should see a “ClearPageFileAtShutdown” setting in the right pane. If you don’t, right-click the “Memory Management” key in the left pane, select New > DWORD (32-bit) Value, and enter “ClearPageFileAtShutdown” as the name.

Double-click the ClearPageFileAtShutdown value, set enter “1” in the value data box, and press Enter.

You can now close the Registry Editor window.



If you want Windows to stop clearing the page file at shutdown, return here, double-click the ClearPageFileAtShutdown setting, and set it back to “0”.


Download Our One-Click Registry Hack




We’ve created two downloadable registry hacks that do the work for you. One disables the “ClearPageFileAtShutdown” setting, and one disables it. Download the archive below, double-click the registry hack you want to use, and add the information to your registry.

Download ClearPageFileAtShutdown Hacks

These are really just two small .REG files that change the registry value we showed you how to change above. If you ever want to see what a .REG file does, you can right-click it and select “Edit”. And, if you enjoy tweaking the registry, you can make your own registry hacks.

Pro and Enterprise User: Use the Group Policy Editor


If you’re using a Professional or Enterprise edition of Windows, the easiest way to have Windows clear your page file at shutdown is by using the Local Group Policy Editor. It’s a pretty powerful tool, so if you’ve never used it before, it’s worth taking some time to learn what it can do. Also, if you’re on a company network, do everyone a favor and check with your admin first. If your work computer is part of a domain, it’s also likely that it’s part of a domain group policy that will supersede the local group policy, anyway.

To open it, press Windows+R on your keyboard, type “gpedit.msc” into the Run dialog that appears, and press “Enter”.

If you see an error message saying gpedit.msc wasn’t found, you’re using a Home edition of Windows. You can’t use this tool.



In the left pane, navigate to the Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options folder.

Locate the “Shutdown: Clear virtual memory pagefile” option in the right pane and double-click it.



Click the “Enabled” option in the properties window that appears and click “OK”. Windows will now clear the page file each time you shut down.

You can now close the group policy editor window.



If you ever want to stop Windows from clearing your page file each time you shut down, return here, double-click the “Shutdown: Clear virtual memory pagefile” setting, and select the “Disabled” option.

No comments:

Post a Comment