c



 
c 

  
 

    

View products that this article applies to.

 
! This article applies to a different version of Windows than the one you are using. Content in this article
may not be relevant to you.Visit the Windows XP Solution Center

Expand all | Collapse all

INTRODUCTION

This article describes a new setting in Windows Vista Ultimate and in Windows Vista Enterprise. This setting

helps protect confidential data in a pagefile when BitLocker Drive Encryption (BDE) is enabled.

MORE INFORMATION

The Windows Vista memory-management system includes a feature that automatically manages the system

pagefile. The memory-management system typically puts the pagefile on the same volume as the operating

system (OS). However, if this volume does not have sufficient space, the pagefile may be relocated to

another local volume on which more disk space is available. This relocation may cause data-confidentiality

issues when BDE is used to protect the OS volume. Specifically, information may be disclosed if the

pagefile's new location is on a volume that is not encrypted by BDE.

To reduce this threat, BDE automatically creates the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory

Management\PagefileOnOsVolume

This subkey lets you direct the memory-management system to put the pagefile only on the BDE-protected

OS volume. Specifically, if you set this subkey to a value of ", the OS volume is the only volume that the

Session Management Sub System (SMSS) will consider as a location for the pagefile. If there is insufficient

space on the OS volume, SMSS will create a smaller pagefile on this volume.

When BDE is enabled, the   setting is automatically created, and it is set to a value

of ". However, BDE will not create the PagefileOnOsVolume registry entry if the following registry subkey is

not set to the default value of =V  # :

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management

This functionality gives administrators control over how BDE and the memory-management system manage

the pagefile. We recommend that you enable Encrypting File System (EFS) encryption of the pagefile if the

following conditions are true:

 ÷V The BDE default PagefileOnOSVolume registry setting is not used.

÷V The pagefile is not located on a BDE-protected volume.