Sign in with Microsoft
New to Microsoft? Create an account.


This article describes a new setting in the following versions of Windows:

  • Windows 8.1 Enterprise and Windows 8.1 Pro

  • Windows 8 Enterprise and Windows 8 Pro

  • Windows 7 Ultimate and Windows 7 Enterprise

  • Windows Vista Ultimate, Windows Vista Enterprise

This setting helps protect confidential data in a pagefile when BitLocker Drive Encryption (BDE) is enabled.

More Information

The Windows 8.1, Windows 8, Windows 7, and Windows Vista memory-management system includes a feature that automatically manages the system pagefile. The memory-management system typically puts the pagefile on the same volume as the operating system (OS). However, if this volume does not have sufficient space, the pagefile may be relocated to another local volume on which more disk space is available. This relocation may cause data-confidentiality issues when BDE is used to protect the OS volume. Specifically, information may be disclosed if the pagefile's new location is on a volume that is not encrypted by BDE.

To reduce this threat, BDE automatically creates the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\PagefileOnOsVolumeThis subkey lets you direct the memory-management system to put the pagefile only on the BDE-protected OS volume. Specifically, if you set this subkey to a value of 1, the OS volume is the only volume that the Session Management Sub System (SMSS) will consider as a location for the pagefile. If there is insufficient space on the OS volume, SMSS will create a smaller pagefile on this volume.

When BDE is enabled, the PagefileOnOSVolume setting is automatically created, and it is set to a value of 1. However, BDE will not create the PagefileOnOsVolume registry entry if the following registry subkey is not set to the default value of ?:\pagefile.sys:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\PagingFilesNote When BDE is disabled, the PagefileOnOSVolume setting remains. Disabling BDE does not delete or disable the PagefileOnOSVolume setting.

This functionality gives administrators control over how BDE and the memory-management system manage the pagefile. We recommend that you enable Encrypting File System (EFS) encryption of the pagefile if the following conditions are true:

  • The BDE default PagefileOnOSVolume registry setting is not used.

  • The pagefile is not located on a BDE-protected volume.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!