Virtualization Enable or Disable Virtual Memory Paging File Encryption in Windows 11


  • Staff
Virtual_Memory_banner.png

A paging file (aka: "page file" and "virtual memory") enables the system to remove infrequently accessed modified data from physical memory to let the system use physical memory more efficiently for more frequently accessed data. Windows also uses the page file to store data when physical memory (RAM) is full.

Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations.

See also:
docs.microsoft.com

ADMX_FileSys Policy CSP - Windows Client Management

Learn more about the ADMX_FileSys Area in Policy CSP.
docs.microsoft.com

This tutorial will show you how to enable or disable virtual memory paging file encryption in Windows 10 and Windows 11.


You must be signed in as an administrator to enable or disable NTFS pagefile encryption.



Contents

  • Option One: Enable or Disable Virtual Memory Paging File Encryption using Command
  • Option Two: Enable or Disable Virtual Memory Paging File Encryption in Local Group Policy Editor
  • Option Three: Enable or Disable Virtual Memory Paging File Encryption using REG file




Option One

Enable or Disable Virtual Memory Paging File Encryption using Command


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Do step 3 (status), step 4 (enable), step 5 (disable) below for what you want.

3 See if Paging File Encryption is Currently Disabled or Enabled

A) Copy and paste the command below into Windows Terminal (Admin), and press Enter. (see screenshots below)​

fsutil behavior query encryptpagingfile

B) See if paging file encryption is currently Disabled or Enabled.​

Encrypt_paging_file_command-1.png
Encrypt_paging_file_command-2.png

4 Enable Paging File Encryption

A) Copy and paste the command below into Windows Terminal (Admin), press Enter, and go to step 6. (see screenshots below)​

fsutil behavior set encryptpagingfile 1

Encrypt_paging_file_command-3.png

5 Disable Paging File Encryption

This is the default setting.


A) Copy and paste the command below into Windows Terminal (Admin), press Enter, and go to step 6. (see screenshots below)​

fsutil behavior set encryptpagingfile 0

Encrypt_paging_file_command-4.png

6 Close Windows Terminal (Admin).

7 Restart the computer to apply.




Option Two

Enable or Disable Virtual Memory Paging File Encryption in Local Group Policy Editor


The Local Group Policy Editor is only available in the Windows 10/11 Pro, Enterprise, and Education editions.

All editions can use Option Three to configure the same policy.


1 Open the all users, specific users or groups, or all users except administrators Local Group Policy Editor for how you want this policy applied.

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

User Configuration > Administrative Templates > System > Filesystem > NTFS

Encrypt_paging_file_gpedit-1.png

3 In the right pane of NTFS in the Local Group Policy Editor, double click/tap on the Enable NTFS pagefile encryption policy to edit it. (see screenshot above)

4 Do step 5 (enable) or step 6 (disable) below for what you want.


 5. Enable Paging File Encryption

This will override Option One.


A) Select (dot) Not Configured, click/tap on OK, and go to step 7. (see screenshot below)​

Encrypt_paging_file_gpedit-2.png


 6. Disable Paging File Encryption

This is the default setting.


A) Select (dot) Enabled, click/tap on OK, and go to step 7. (see screenshot below)​

Encrypt_paging_file_gpedit-3.png

7 Close the Local Group Policy Editor.

8 Restart the computer to apply.




Option Three

Enable or Disable Virtual Memory Paging File Encryption using REG file


1 Do step 2 (enable) or step 3 (disable) below for what you would like to do.


 2. Enable Paging File Encryption

This will override Option One.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Enable_virtual_memory_paging_file_encryption.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsEncryptPagingFile"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies]
"NtfsEncryptPagingFile"=dword:00000001


 3. Disable Paging File Encryption

This is the default setting.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Disable_virtual_memory_paging_file_encryption.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsEncryptPagingFile"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies]
"NtfsEncryptPagingFile"=-

4 Save the REG file to your desktop.

5 Double click/tap on the downloaded REG file to merge it.

6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7 Restart the computer to apply.

8 You can now delete the downloaded REG file if you like.


That's it,
Shawn Brink


Related Tutorials

 

Attachments

  • Virtual_Memory.png
    Virtual_Memory.png
    6.4 KB · Views: 34
  • Disable_virtual_memory_paging_file_encryption.reg
    822 bytes · Views: 109
  • Enable_virtual_memory_paging_file_encryption.reg
    848 bytes · Views: 87
Last edited:
Click to expand...
Hi, when Bitlocker encryption is already available for all of system drives, will turning this on provide any additional security benefits? if so, how? thanks
 

My Computer

System One

  • OS
    Windows 11
crypticlulu said:
Hi, when Bitlocker encryption is already available for all of system drives, will turning this on provide any additional security benefits? if so, how? thanks
Click to expand...

Hello, :-)

As long as the paging file is on the same encrypted drive, then there's really no need to enable encrypting the paging file since it will just add a bit more overhead.

You can enable encrypting the paging file if wanted to add an extra layer of encryption for it you are concerned about sensitive data that may be in it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    1TB Samsung 980 PRO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium
You must log in or register to reply here.

Similar Windows 11 Tutorials

  • Article
Accounts Enable or Disable Show Administrators in UAC prompt for Standard Users in Windows 11
Replies
0
Views
899
Brink
Brink
  • Article
General Enable or Disable AutoSuggest in File Explorer Address Bar in Windows 11
Replies
0
Views
905
Brink
Brink
  • Article
General Enable or Disable Inline AutoComplete in File Explorer Address Bar in Windows 11
Replies
0
Views
694
Brink
Brink
  • Article
Personalization Enable or Disable Lock Screen Slideshow in Windows 11
Replies
0
Views
2K
Brink
Brink
  • Article
Browsers and Mail Enable or Disable Restore Pages Dialog Prompt in Microsoft Edge
Replies
0
Views
1K
Brink
Brink
  • Article
Time and Language Enable or Disable Changing Country or Region GeoID in Windows 11
Replies
5
Views
1K
han jansen
H
  • Article
Privacy and Security Enable or Disable All Windows Security Notifications in Windows 11
Replies
10
Views
2K
Brink
Brink

Latest Tutorials

Latest Support Threads

Back
Top Bottom