Clarifying how clearing pagefile on shutdown works

%3CLINGO-SUB%20id%3D%22lingo-sub-1722768%22%20slang%3D%22en-US%22%3EClarifying%20how%20clearing%20pagefile%20on%20shutdown%20works%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1722768%22%20slang%3D%22en-US%22%3E%3CP%3EVia%20group%20policy%20or%20via%20registry%2C%20the%20page%20file%20can%20be%20set%20to%20be%20cleared%20on%20shutdown.%3C%2FP%3E%3COL%3E%3CLI%3ENavigate%20to%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EHKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5CControl%5CSession%20Manager%5CMemory%20Management%3C%2FSTRONG%3E%3C%2FLI%3E%3CLI%3ESelect%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EClearPageFileAtShutdown%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Efrom%20the%20list%20on%20the%20right.%3C%2FLI%3E%3CLI%3ERight%20on%20it%20and%20select%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EModify%3C%2FSTRONG%3E.%3C%2FLI%3E%3CLI%3EChange%20the%20value%20to%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3E1%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSTRONG%3Eto%20enable.%3C%2FLI%3E%3C%2FOL%3E%3CP%3EHowever%20I%20have%20not%20yet%20been%20able%20to%20really%20figure%20out%20how%20this%20will%20work%20when%20pagefile%20resides%20on%20a%20SSD.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20normal%20HDD%20there%20is%20no%20lack%20of%20understanding%2C%20the%20pagefile%20gets%20overwritten%20during%20shutdown.%20However%20we%20know%20overwriting%20or%20wiping%20on%20a%20SSD%20does%20not%20really%20work%20as%20there%20is%20no%20control%20how%20data%20is%20distributed%20on%20storage%20cells.%20So%20I%20am%20wondering%20how%20this%20feature%20is%20implemented%20that%20the%20pagefile%20in%20fact%20gets%20overwritten%20%2F%20cleared.%20I%20have%20not%20found%20anything%20on%20the%20web%20that%20specifically%20addresses%20this%20feature%20in%20regards%20to%20a%20SSD%2C%20so%20if%20someone%20with%20more%20insight%20into%20this%20could%20please%20enlighten%20me.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20some%20Microsoft%20tech%20is%20going%20to%20answer%20this%2C%20I%20am%20having%20an%20additional%20question%20related%20to%20the%20previous%20one%3A%20Pagefile%20has%20the%20feature%20to%20be%20encrypted.%20Now%20when%20clearing%20pagefile%20on%20shutdown%2C%20why%20is%20it%20even%20necessary%20to%20overwrite%20the%20pagefile%3F%20Wouldn't%20it%20be%20way%20smarter%20and%20faster%2C%20if%20on%20shutdown%20the%20encryption%20key%20for%20the%20pagefile%20encryption%20gets%20destroyed%3F%3C%2FP%3E%3CP%3EThe%20only%20reason%20I%20can%20think%20if%20why%20it%20is%20not%20handled%20that%20way%20is%20that%20it%20is%20the%20same%20key%20that%20is%20used%20for%20EFS%20encryption%20on%20the%20system.%20So%20an%20implementation%20that%20created%20a%20onetime%20encryption%20key%20only%20for%20the%20page%20file%20that%20can%20be%20safely%20destroyed%20on%20shutdown%2C%20would%20bring%20an%20incredible%20performance%20boost%20for%20the%20shutdown%20process%20as%20overwriting%20would%20no%20longer%20be%20required%20to%20turn%20the%20pagefile%20into%20pure%20garbage.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Via group policy or via registry, the page file can be set to be cleared on shutdown.

  1. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  2. Select ClearPageFileAtShutdown from the list on the right.
  3. Right on it and select Modify.
  4. Change the value to 1 to enable.

However I have not yet been able to really figure out how this will work when pagefile resides on a SSD. 

 

On normal HDD there is no lack of understanding, the pagefile gets overwritten during shutdown. However we know overwriting or wiping on a SSD does not really work as there is no control how data is distributed on storage cells. So I am wondering how this feature is implemented that the pagefile in fact gets overwritten / cleared. I have not found anything on the web that specifically addresses this feature in regards to a SSD, so if someone with more insight into this could please enlighten me.

 

If some Microsoft tech is going to answer this, I am having an additional question related to the previous one: Pagefile has the feature to be encrypted. Now when clearing pagefile on shutdown, why is it even necessary to overwrite the pagefile? Wouldn't it be way smarter and faster, if on shutdown the encryption key for the pagefile encryption gets destroyed?

The only reason I can think if why it is not handled that way is that it is the same key that is used for EFS encryption on the system. So an implementation that created a onetime encryption key only for the page file that can be safely destroyed on shutdown, would bring an incredible performance boost for the shutdown process as overwriting would no longer be required to turn the pagefile into pure garbage.

0 Replies