How can I encrypt the swap file under Windows 7?

Starting with Windows Vista and WIndows Server 2008 this feature is now available. In an administrator command prompt (Start > All Programs > Accessories > right click Command Prompt and Run As Administrator) the following command:

fsutil behavior set encryptpagingfile 1

Will enable windows pagefile encryption. A reboot is required for this to take effect. According to InfoWorld, this is very secure, using one-time keys just like Mac OS X "Secure Virtual Memory":

In Windows 7 (and Vista), you can enable pagefile encryption. But even better: There is no key management. Windows creates and deletes the encryption keys as needed and there isn't a chance the user can "lose" the key or require a recovery event. It's crypto security at its best.

To simply check if pagefile encryption is enabled, use the command:

fsutil behavior query encryptpagingfile

To disable it, the command is:

fsutil behavior set encryptpagingfile 0

followed by a reboot. Note that this method of pagefile encryption requires that the volume on which the windows page file resides be NTFS formated.

Josh

Posted 2013-06-21T13:29:13.113

Reputation: 7 540

2I had a non-standard pagefile configuration (having it on a partition not associated with a drive letter but mounted as a directory inside my other partition), that I made by directly editing the registry. That was working fine, but enabling encryption in this particular situation caused the system to restart at boot (actually because of a SYSTEM_SERVICE_EXCEPTION blue screen). I used the registry editor (regedit at command prompt in the windows recovery utility) to mount the SYSTEM hive and disable encryption (HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\EncryptPagingFile = 0). – Ale – 2015-01-11T15:29:05.067

How can I encrypt the swap file under Windows 7?

Answers