Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. BitLocker Drive Encryption (BDE) enables the PagefileOnOSVolume registry setting on Windows

BitLocker Drive Encryption (BDE) enables the PagefileOnOSVolume registry setting on Windows

View products that this article applies to.

INTRODUCTION

This article describes a new setting in the following versions of Windows:

  • Windows 8.1 Enterprise and Windows 8.1 Pro
  • Windows 8 Enterprise and Windows 8 Pro 
  • Windows 7 Ultimate and Windows 7 Enterprise 
  • Windows Vista Ultimate, Windows Vista Enterprise
This setting helps protect confidential data in a pagefile when BitLocker Drive Encryption (BDE) is enabled.

↑ Back to the top

More Information

The Windows 8.1, Windows 8, Windows 7, and Windows Vista memory-management system includes a feature that automatically manages the system pagefile. The memory-management system typically puts the pagefile on the same volume as the operating system (OS). However, if this volume does not have sufficient space, the pagefile may be relocated to another local volume on which more disk space is available. This relocation may cause data-confidentiality issues when BDE is used to protect the OS volume. Specifically, information may be disclosed if the pagefile's new location is on a volume that is not encrypted by BDE.

To reduce this threat, BDE automatically creates the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\PagefileOnOsVolume
This subkey lets you direct the memory-management system to put the pagefile only on the BDE-protected OS volume. Specifically, if you set this subkey to a value of 1, the OS volume is the only volume that the Session Management Sub System (SMSS) will consider as a location for the pagefile. If there is insufficient space on the OS volume, SMSS will create a smaller pagefile on this volume.

When BDE is enabled, the PagefileOnOSVolume setting is automatically created, and it is set to a value of 1. However, BDE will not create the PagefileOnOsVolume registry entry if the following registry subkey is not set to the default value of ?:\pagefile.sys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles
Note When BDE is disabled, the PagefileOnOSVolume setting remains. Disabling BDE does not delete or disable the PagefileOnOSVolume setting.

This functionality gives administrators control over how BDE and the memory-management system manage the pagefile. We recommend that you enable Encrypting File System (EFS) encryption of the pagefile if the following conditions are true:
  • The BDE default PagefileOnOSVolume registry setting is not used.
  • The pagefile is not located on a BDE-protected volume.

↑ Back to the top

Keywords: kb, kbtshoot, kbentirenet, kbinfo

↑ Back to the top

Article Info
Article ID : 929820
Revision : 1
Created on : 1/7/2017
Published on : 2/9/2015
Exists online : False
Views : 474