There is nothing better than encrypting the system partition and all other partitions if you want to protect your files from unauthorized access. There are still ways around this but they require specialized equipment and access to the PC. Regular users on the other hand may be better off encrypting only their important documents and files, and other areas of the operating system that may reveal information about those files.
One of those is the Windows Pagefile, which is basically a hard drive cache for files. The file is used by Windows even if your computer has enough memory available. It is possible to delete the Pagefile on exit, but that does not guarantee that the information it contains cannot be recovered.
The only possible solution next to encrypting the system partition? Encrypting the page file. This thankfully can be done with the Windows program fsutil that is installed with the operating system.
Encrypt the Pagefile
Please note that the pagefile can only be encrypted if the containing hard drive uses the NTFS file system. The majority of Windows Vista and Windows 7 PCs should use NTFS file systems.
You need to open an elevated command prompt by clicking on the start orb, then All Programs > Accessories. Locate Command Prompt in the listing, right-click the program and select Run as administrator from the context menu. This is the way in Windows 7, it may be slightly different if you use a different version of Windows.
Issue the following command to encrypt the pagefile in Windows:
fsutil behavior set EncryptPagingFile 1
You need to restart the PC before the change takes effect.
Check the Pagefile for encryption
You can also check if the pagefile is encrypted. For that issue the following command.
fsutil behavior query EncryptPagingFile
A return value of 1 indicates that the pagefile is encrypted, 0 would indicate that it is not encrypted.
Remove Pagefile encryption
You can also remove the encryption of a pagefile again. This is done with the command
fsutil behavior set EncryptPagingFile 0
The pagefile is encrypted with the Encrypting File System (EFS) which provides the file encryption technology on NTFS volumes.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Recursively encrypt directories with gpgdirZip Encrypt Ftp Backups
How To Encrypt Files, Folders With EFS
Encrypt your Hard Drives
Encrypt USB Drives
A question Martin…
What is your experience with performance when the pagefile is encrypted?
Rick I’d say most users won’t notice a difference.
Thanks for the info.
Most of our users have got SSD drives now and we have the pagefile disabled so this won’t be applicable. I know I know – before anyone starts with the back and forth on this, I should also say that all systems have 16G of RAM and they rip just fine.
I have noticed the encryption option before and maybe it’s something to revisit.
Good tip but how can anyone see what is in the pagefile anyway ?
You need forensic tools for that, to analyze the contents.
Is there a noticeable performance hit by encrypting the pagefile?
No.
does it work for WinXP?
the response after the command is;
Usage : fsutil behavior set
disable8dot 3 1: 0
allowextchar 1: 0
disablelastaccess 1 : 0
quotanotify 1 through 4294967295 seconds
nftzone i through 4
Encryption does not seem to be available as a parameter under Windows XP.
so should we just right click the pagefile.sys on winxp and set to encrypt just like that (the hiberfil.sys as well BTW) or would that create some kind of unbelievable risk/problem for the system?
Martin,
many thanks, well explained – but after re-boot on Vista with NTFS fsutil behavior query EncryptPagingFile shows 0 again.
NtfsEncryptPagingFile in registry is also back to 0.
Any idea, who resets taht?
Thanks,
dietmar