Registry Keys Used to Tune EFS Caching

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
Summary
In Microsoft Windows 2000, there are no options to adjust the cache-validation time for either the user or for Kernel mode Encrypting File System (EFS) caches. However, for faster performance, Microsoft Windows XP provides the flexibility to adjust the cache-validation time for both the Kernel and User mode components of EFS. This article provides and describes registry keys that you can use to tune EFS caching.
More information
You can use the following registry values to tune EFS caching:
   Key: HKLM\System\CurrentControlSet\Services\NTFS\EFS\Parameters   Value name:    EFSKCACHEPERIOD   Value type:    REG_DWORD   Default value: 5   Minimum value: 2   Maximum value: 30   Description:   The number of seconds the kernel will cache the                  session key for a user for a given file. The Kernel                  will not validate the user credentials during this                  cache period. This has the net effect of faster                  access to encrypted files that may be opened several                  times during a given time period.                  Cached session keys are stored in nonpaged pool                  memory. Increasing the value of EFSKCACHEPERIOD will                  result in higher usage of nonpaged pool memory. This                  increased nonpaged pool usage might cause problems                  for some machines, especially machines that are                  trusted for delegation for remote encryption.   Key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\EFS   Value name:    KeyCacheValidationPeriod   Value type:    REG_DWORD   Default value: 3600 (1 hour)   Minimum value: 60   Maximum value: 86400 (1 day)   Description:   The number of seconds that the user-mode component of                  EFS will cache a user's certificate chain. Adjusting the                  user mode cache validation time upwards will improve the                  performance of systems that use EFS operations                  frequently.                  When EFS operations are in use, processing time is needed                  for the system to obtain and validate the certificates                  and keys. This will significantly slow system performance                  if the user mode cache validation time is set too low.                  The higher the user mode cache validation setting, the                  less often the system validates; the lower the                  setting, the more often the system validates. If EFS                  security is a priority in your system, then you will                  want appropriate EFS credentials to be validated more                  frequently. For maximum security, the lowest setting                  will provide the most frequent validation.				
encryption encrypting file system regedit non-paged
Properties

Article ID: 278256 - Last Review: 01/12/2015 17:04:23 - Revision: 2.0

  • Microsoft Windows XP Professional
  • kbnosurvey kbarchive kbcertservices kbefs kbenv kbinfo W2000CERTSRV w2000efs KB278256
Feedback