Pagefiles--to wipe or not to wipe

by Mitch Tulloch [Published on 19 April 2006 / Last Updated on 19 April 2006]

Discusses whether setting Group Policy to wipe a pagefile at shutdown is a good or bad idea.

A popular recommendation by "security experts" is to configure Group Policy (or the Registry in a standalone environment) so that users' computers will erase (zero out) their pagefile when they shut down their machines. The particular policy setting is "Shutdown: clear virtual memory pagefile" and the suggestion is that on laptops that carry sensitive information this setting should always be enabled.

Rubbish. For one thing, if you enable this setting then the affected computers may take 15 minutes or more to shut down, and it's ridiculous to expect your users to live with this. Furthermore, do you know how hard it would be for someone who stole your laptop to actually extract useful information from the pagefile? They'd have to physically remove the drive and install it as a second drive in a different machine, then use a hex editor to scan a pagefile that is typically more than a gigabyte in size looking for any useful plaintext stored by some badly-written application. The thief is far more likely just to reformat the laptop's drive and sell the machine online instead!

Furthermore, if you enable this policy you also have to make sure that hibernation is disabled on the targeted computers, and hibernation is unfortunately a highly desirable feature on laptops! And if the targeted computers are older desktop computers and the user simply presses the power button (which on older machines will immediately kill Windows) then they bypass the protection your policy supposedly provides.

A more practical solution for laptops is to simply have no pagefile at all on them. If your laptops have at least a gigabyte or so of RAM, then in most cases Windows (and applications) will run just fine without a pagefile. Or you can wait for WIndows Vista to appear, which has a new feature called BitLocker that can encrypt everything on a hard drive, including the pagefile.

See Also

The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Featured Links