Virtualization Enable or Disable Virtual Memory Paging File Encryption in Windows 11


  • Staff
Virtual_Memory_banner.png

A paging file (aka: "page file" and "virtual memory") enables the system to remove infrequently accessed modified data from physical memory to let the system use physical memory more efficiently for more frequently accessed data. Windows also uses the page file to store data when physical memory (RAM) is full.

Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations.

See also:

This tutorial will show you how to enable or disable virtual memory paging file encryption in Windows 10 and Windows 11.


You must be signed in as an administrator to enable or disable NTFS pagefile encryption.



Contents

  • Option One: Enable or Disable Virtual Memory Paging File Encryption using Command
  • Option Two: Enable or Disable Virtual Memory Paging File Encryption in Local Group Policy Editor
  • Option Three: Enable or Disable Virtual Memory Paging File Encryption using REG file




Option One

Enable or Disable Virtual Memory Paging File Encryption using Command


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Do step 3 (status), step 4 (enable), step 5 (disable) below for what you want.

3 See if Paging File Encryption is Currently Disabled or Enabled

A) Copy and paste the command below into Windows Terminal (Admin), and press Enter. (see screenshots below)​

fsutil behavior query encryptpagingfile

B) See if paging file encryption is currently Disabled or Enabled.​

Encrypt_paging_file_command-1.png
Encrypt_paging_file_command-2.png

4 Enable Paging File Encryption

A) Copy and paste the command below into Windows Terminal (Admin), press Enter, and go to step 6. (see screenshots below)​

fsutil behavior set encryptpagingfile 1

Encrypt_paging_file_command-3.png

5 Disable Paging File Encryption

This is the default setting.


A) Copy and paste the command below into Windows Terminal (Admin), press Enter, and go to step 6. (see screenshots below)​

fsutil behavior set encryptpagingfile 0

Encrypt_paging_file_command-4.png

6 Close Windows Terminal (Admin).

7 Restart the computer to apply.




Option Two

Enable or Disable Virtual Memory Paging File Encryption in Local Group Policy Editor


The Local Group Policy Editor is only available in the Windows 10/11 Pro, Enterprise, and Education editions.

All editions can use Option Three to configure the same policy.


1 Open the all users, specific users or groups, or all users except administrators Local Group Policy Editor for how you want this policy applied.

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

User Configuration > Administrative Templates > System > Filesystem > NTFS

Encrypt_paging_file_gpedit-1.png

3 In the right pane of NTFS in the Local Group Policy Editor, double click/tap on the Enable NTFS pagefile encryption policy to edit it. (see screenshot above)

4 Do step 5 (enable) or step 6 (disable) below for what you want.


 5. Enable Paging File Encryption

This will override Option One.


A) Select (dot) Not Configured, click/tap on OK, and go to step 7. (see screenshot below)​

Encrypt_paging_file_gpedit-2.png


 6. Disable Paging File Encryption

This is the default setting.


A) Select (dot) Enabled, click/tap on OK, and go to step 7. (see screenshot below)​

Encrypt_paging_file_gpedit-3.png

7 Close the Local Group Policy Editor.

8 Restart the computer to apply.




Option Three

Enable or Disable Virtual Memory Paging File Encryption using REG file


1 Do step 2 (enable) or step 3 (disable) below for what you would like to do.


 2. Enable Paging File Encryption

This will override Option One.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Enable_virtual_memory_paging_file_encryption.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsEncryptPagingFile"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies]
"NtfsEncryptPagingFile"=dword:00000001


 3. Disable Paging File Encryption

This is the default setting.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Disable_virtual_memory_paging_file_encryption.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsEncryptPagingFile"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies]
"NtfsEncryptPagingFile"=-

4 Save the REG file to your desktop.

5 Double click/tap on the downloaded REG file to merge it.

6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7 Restart the computer to apply.

8 You can now delete the downloaded REG file if you like.


That's it,
Shawn Brink


 

Attachments

  • Virtual_Memory.png
    Virtual_Memory.png
    6.4 KB · Views: 7
  • Disable_virtual_memory_paging_file_encryption.reg
    822 bytes · Views: 26
  • Enable_virtual_memory_paging_file_encryption.reg
    848 bytes · Views: 22
Last edited:

crypticlulu

Member
Local time
1:11 AM
Posts
26
OS
Windows 11
Hi, when Bitlocker encryption is already available for all of system drives, will turning this on provide any additional security benefits? if so, how? thanks
 

My Computer

System One

  • OS
    Windows 11

Brink

Administrator
Staff member
MVP
Thread Starter
Local time
8:11 PM
Posts
5,565
OS
Windows 11 Pro for Workstations
Hi, when Bitlocker encryption is already available for all of system drives, will turning this on provide any additional security benefits? if so, how? thanks

Hello, :-)

As long as the paging file is on the same encrypted drive, then there's really no need to enable encrypting the paging file since it will just add a bit more overhead.

You can enable encrypting the paging file if wanted to add an extra layer of encryption for it you are concerned about sensitive data that may be in it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 980 PRO M.2,
    1TB Samsung 970 EVO Plus M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Motorola MB8611 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S20 Ultra 5G phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium
Top Bottom